From bcdeb389e107c7cce9aace7001a7e9b418f9ee6f Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 10 Feb 2022 13:20:25 -0500 Subject: [PATCH 01/27] Add Abbott and Accellence Tech products --- data/cisagov_A.yml | 109 ++++++++++++++++++++++++++++++--------------- 1 file changed, 73 insertions(+), 36 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 17499a2..7ef12db 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: ABB - product: '' + product: AlarmInsight Cloud cves: cve-2021-4104: investigated: false @@ -13,10 +13,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28,13 +29,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ABB - product: ABB Remote Service + product: B&R Products cves: cve-2021-4104: investigated: false @@ -43,10 +44,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - ABB Remote Platform (RAP) + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -57,13 +58,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ABB - product: AlarmInsight Cloud + product: Remote Service cves: cve-2021-4104: investigated: false @@ -71,10 +73,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - AlarmInsight KPI Dashboards 1.0.0 - fixed_versions: [] + investigated: true + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -86,13 +88,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ABB - product: B&R Products + - vendor: Abbott + product: All cves: cve-2021-4104: investigated: false @@ -101,8 +104,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - See Vendor Advisory + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -116,13 +118,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf - notes: '' + - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html + notes: Details are shared with customers with an active RAP subscription. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: Abbott - product: '' + product: GLP Track System cves: cve-2021-4104: investigated: false @@ -130,8 +132,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'Track Sample Manager (TSM)' + - 'Track Workflow Manager (TWM)' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -146,12 +150,12 @@ software: unaffected_versions: [] vendor_links: - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html - notes: '' + notes: Abbott will provide a fix for this in a future update expected in January 2022. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Abnormal Security - product: Abnormal Security + product: All cves: cve-2021-4104: investigated: false @@ -159,10 +163,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -179,8 +184,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Accellence - product: '' + - vendor: Accellence Technologies + product: EBÜS cves: cve-2021-4104: investigated: false @@ -188,10 +193,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.accellence.de/en/articles/cve-2021-44228-62 + notes: EBÜS itself is not vulnerable to CVE-2021-44228. Although + it includes several 3rd-partie software setups, which may be affected. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accellence Technologies + product: Vimacc + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -203,7 +240,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.accellence.de/en/articles/national-vulnerability-database-62 + - https://www.accellence.de/en/articles/cve-2021-44228-62 notes: '' references: - '' @@ -220,7 +257,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - v7.6 release + - 'v7.6 release' unaffected_versions: [] cve-2021-45046: investigated: false @@ -234,12 +271,12 @@ software: unaffected_versions: [] vendor_links: - https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/ - notes: '"As a precaution, Kiteworks released a 7.6.1 Hotfix software update to + notes: As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems - as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true” - to disable the possible attack vector on both CentOS 6 and CentOS 7."' + as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true" + to disable the possible attack vector on both CentOS 6 and CentOS 7. references: - '' last_updated: '2021-12-16T00:00:00' From 36760a6624f035fb4360cfa1a17a8e04afc29843 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 10 Feb 2022 13:29:02 -0500 Subject: [PATCH 02/27] Fix whitespace --- data/cisagov_A.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 7ef12db..f3e88f4 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -211,7 +211,7 @@ software: vendor_links: - https://www.accellence.de/en/articles/cve-2021-44228-62 notes: EBÜS itself is not vulnerable to CVE-2021-44228. Although - it includes several 3rd-partie software setups, which may be affected. + it includes several 3rd-party software setups, which may be affected. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -281,7 +281,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Acquia - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -310,7 +310,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acronis - product: '' + product: All cves: cve-2021-4104: investigated: false From 30ae9d04d89b52a802e1ed13d6901cafda84dcc0 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 10 Feb 2022 13:44:58 -0500 Subject: [PATCH 03/27] Add Accruent products --- data/cisagov_A.yml | 570 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 570 insertions(+) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index f3e88f4..98572ef 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -280,6 +280,576 @@ software: references: - '' last_updated: '2021-12-16T00:00:00' + - vendor: Accruent + product: Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Asset Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: BigCenter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: EMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Evoco + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Expesite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Famis 360 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Lucernex + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Maintenance Connection + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Meridian + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Single Sign On (SSO, Central Auth) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: SiteFM3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: SiteFM4 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Siterra + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: TMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: VxField + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: VxMaintain + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: VxObserve + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: VxSustain + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acquia product: All cves: From 17c5b91dd0e914773d38639b3e161fa2cd9964a6 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 07:47:37 -0500 Subject: [PATCH 04/27] Add Acronis products --- data/cisagov_A.yml | 278 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 276 insertions(+), 2 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 98572ef..95841a1 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -880,7 +880,158 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acronis - product: All + product: Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '11.7' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Cyber Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '12.5' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Cyber Files + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '8.6.2 onwards' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Cyber Infrastructure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '3.5' + - '4.x' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Cyber Protect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '15' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Cyber Protection Home Office cves: cve-2021-4104: investigated: false @@ -888,10 +1039,133 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '2017 onwards' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: DeviceLock DLP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '9.0' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Files Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '10.7 onwards' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: MassTransit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '8.1' + - '8.2' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Snap Deploy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '5' + - '6' cve-2021-45046: investigated: false affected_versions: [] @@ -909,7 +1183,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ActiveState - product: '' + product: All cves: cve-2021-4104: investigated: false From 7ec3d0870c12892a5f24a554e5329f495417c314 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 07:53:48 -0500 Subject: [PATCH 05/27] Add Acunetix products --- data/cisagov_A.yml | 218 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 214 insertions(+), 4 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 95841a1..ec95b3e 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -1211,8 +1211,218 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: '360' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: Agents + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: Application + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - ASP.NET + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST-Java + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: AcuSensor IAST module needs attention. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - NodeJS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - PHP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adaptec - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1241,7 +1451,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Addigy - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1270,7 +1480,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adeptia - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1293,7 +1503,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- + - A notes: '' references: - '' From 814805d972088ad8ee55d52d78a73cc12940435d Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 07:57:17 -0500 Subject: [PATCH 06/27] Add Adeptia products --- data/cisagov_A.yml | 39 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index ec95b3e..2f3cb23 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -1480,7 +1480,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adeptia - product: All + product: Connect cves: cve-2021-4104: investigated: false @@ -1488,10 +1488,45 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '3.3' + - '3.4' + - '3.5' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adeptia + product: Suite + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.9.9' + - '6.9.10' + - '6.9.11' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1503,7 +1538,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - A + - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- notes: '' references: - '' From f7b7f2242a507f21bc483d7ab8dd0cc8fdad5edd Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 08:04:56 -0500 Subject: [PATCH 07/27] Add Adobe products --- data/cisagov_A.yml | 249 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 245 insertions(+), 4 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 2f3cb23..96cbdb8 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -1543,8 +1543,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Adobe ColdFusion - product: '' + - vendor: Adobe + product: Automated Forms Conversion Service cves: cve-2021-4104: investigated: false @@ -1552,10 +1552,71 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: ColdFusion + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.3 Forms on JEE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All versions from 6.3 GA to 6.3.3' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1567,13 +1628,193 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.4 Forms Designer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.4 Forms on JEE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All versions from 6.4 GA to 6.4.8' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.5 Forms Designer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.5 Forms on JEE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All versions from 6.5 GA to 6.5.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager Forms on OSGi + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager Forms Workbench + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ADP - product: '' + product: All cves: cve-2021-4104: investigated: false From 45522dc99de11d2ab5808525c40a252d1c7e8c3a Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 08:12:33 -0500 Subject: [PATCH 08/27] Add Ahsay & AIL, var. updates --- data/cisagov_A.yml | 155 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 125 insertions(+), 30 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 96cbdb8..b40044e 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -1881,10 +1881,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1911,10 +1912,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1941,10 +1943,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1971,10 +1974,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1992,8 +1996,8 @@ software: references: - '' last_updated: '2021-12-14T00:00:00' - - vendor: AFAS Software - product: '' + - vendor: AFHCAN Global LLC + product: AFHCANcart cves: cve-2021-4104: investigated: false @@ -2001,10 +2005,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '8.0.7 - 8.4.3' cve-2021-45046: investigated: false affected_versions: [] @@ -2016,13 +2021,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.afas.nl/vraagantwoord/NL/SE/120439.htm + - https://afhcan.org/support.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC - product: AFHCANcart + product: AFHCANmobile cves: cve-2021-4104: investigated: false @@ -2034,7 +2039,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '8.0.7 - 8.4.3' cve-2021-45046: investigated: false affected_versions: [] @@ -2052,7 +2057,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC - product: AFHCANmobile + product: AFHCANServer cves: cve-2021-4104: investigated: false @@ -2064,7 +2069,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '8.0.7 - 8.4.3' cve-2021-45046: investigated: false affected_versions: [] @@ -2082,7 +2087,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC - product: AFHCANServer + product: AFHCANsuite cves: cve-2021-4104: investigated: false @@ -2094,7 +2099,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '8.0.7 - 8.4.3' cve-2021-45046: investigated: false affected_versions: [] @@ -2112,7 +2117,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC - product: AFHCANsuite + product: AFHCANupdate cves: cve-2021-4104: investigated: false @@ -2124,7 +2129,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '8.0.7 - 8.4.3' cve-2021-45046: investigated: false affected_versions: [] @@ -2142,7 +2147,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC - product: AFHCANupdate + product: AFHCANweb cves: cve-2021-4104: investigated: false @@ -2154,7 +2159,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '8.0.7 - 8.4.3' cve-2021-45046: investigated: false affected_versions: [] @@ -2171,8 +2176,37 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANweb + - vendor: Agilysys + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: Mobile cves: cve-2021-4104: investigated: false @@ -2184,7 +2218,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '1.6+' cve-2021-45046: investigated: false affected_versions: [] @@ -2196,13 +2230,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Agilysys - product: '' + - vendor: Ahsay + product: Other products cves: cve-2021-4104: investigated: false @@ -2210,10 +2244,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'version 8.5.4.86 (and above)' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: PRD + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '2.0' cve-2021-45046: investigated: false affected_versions: [] @@ -2225,7 +2290,37 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AIL + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/ail_project/status/1470373644279119875 notes: '' references: - '' From c3b65ac84e911607bfba3f97a6ae7717d76403c7 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 08:34:52 -0500 Subject: [PATCH 09/27] Add Akamai products --- data/cisagov_A.yml | 99 ++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 82 insertions(+), 17 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index b40044e..44d521a 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -2326,7 +2326,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Akamai - product: SIEM Splunk Connector + product: Enterprise Application Access (EAA) Connector cves: cve-2021-4104: investigated: false @@ -2335,10 +2335,71 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Akamai + product: SIEM Integration Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '<1.7.4' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, + CVE-2021-45046 and CVE-2021-45105. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Akamai + product: SIEM Splunk Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '< 1.4.10' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2350,13 +2411,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://splunkbase.splunk.com/app/4310/ - notes: v1.4.11 is the new recommendation for mitigation of log4j vulnerabilities + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: Akamai SIEM Integration Connector for Splunk is not vulnerable to CVE-2021-44228. + Although it includes the vulnerable Log4J component, it is not used by the connector. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Alcatel - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -2385,7 +2447,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alertus - product: '' + product: Console cves: cve-2021-4104: investigated: false @@ -2393,9 +2455,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '5.15.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2414,7 +2477,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alexion - product: '' + product: Alexion CRM cves: cve-2021-4104: investigated: false @@ -2422,10 +2485,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -2443,7 +2507,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alfresco - product: '' + product: Alfresco cves: cve-2021-4104: investigated: false @@ -2451,10 +2515,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -2472,7 +2537,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AlienVault - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -2524,7 +2589,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.alphatronmedical.com/home.html + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html notes: '' references: - '' From 187211e4fe1703fa6924b2ac27fee580e49bf4b6 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 08:38:44 -0500 Subject: [PATCH 10/27] Add Alphatron Medical products --- data/cisagov_A.yml | 94 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 93 insertions(+), 1 deletion(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 44d521a..debfcef 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -2566,7 +2566,68 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alphatron Medical - product: '' + product: AmiSconnect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: Custo Diagnostics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '5.4' + - '5.6' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: JiveX cves: cve-2021-4104: investigated: false @@ -2574,10 +2635,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: Zorgbericht + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 3c44eb98cf3dd0bbaa272c0f6566185d2519e901 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 10:22:54 -0500 Subject: [PATCH 11/27] Add/update Amazon products --- data/cisagov_A.yml | 2149 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 2023 insertions(+), 126 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index debfcef..01fd074 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -2686,6 +2686,68 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Work in progress, portion of customers may still be vulnerable. + Actively monitoring this issue, and are working on addressing it for + any AMS services which use Log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: API Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' - vendor: Amazon product: Athena cves: @@ -2695,10 +2757,1816 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: Athena JDBC Driver + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: All versions vended to customers were not affected. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Linux 1 + - '2' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: Amazon Linux 1 had aws apitools which were Java based but these + were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). + AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 + and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS AppFlow + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS AppSync + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS Certificate Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS Certificate Manager Private CA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS CloudHSM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '< 3.4.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: CloudHSM JCE SDK 3.4.1 or higher is not vulnerable. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS CodeBuild + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS CodePipeline + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Vendors recommend evaluating components of the environment outside of the + Amazon Connect service boundary, which may require separate/additional customer + mitigation. + references: + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: Amazon + product: AWS Directory Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: Amazon + product: AWS DynamoDB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ECS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: To help mitigate the impact of the open-source Apache Log4j2 utility + (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, + Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). + This hot-patch will require customer opt-in to use, and disables JNDI lookups + from the Log4J2 library in customers’ containers. These updates are available + as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes + users on AWS, and will be in supported AWS Fargate platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS EKS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: To help mitigate the impact of the open-source Apache Log4j2 utility + (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, + Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). + This hot-patch will require customer opt-in to use, and disables JNDI lookups + from the Log4J2 library in customers’ containers. These updates are available + as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes + users on AWS, and will be in supported AWS Fargate platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Elastic Beanstalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Default configuration of applications usage of Log4j versions is not vulnerable. + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ElastiCache + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ELB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Fargate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available as platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Has been updated. Vulnerable only if ETL jobs load affected versions of Apache Log4j. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Greengrass + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updates for all Greengrass V2 components Stream Manager (2.0.14) + and Secure Tunneling (1.0.6) are available. For Greengrass versions 1.10.x + and 1.11.x, an update for the Stream Manager feature is included in Greengrass + patch versions 1.10.5 and 1.11.5. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Inspector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS IoT SiteWise Edge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updates for all AWS IoT SiteWise Edge components that use Log4j were made available; + OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher (v2.0.2). + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS Kinesis Data Streams + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: We are actively patching all sub-systems that use Log4j2 by applying updates. + The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library + (KPL) are not impacted. For customers using KCL 1.x, we have released an updated + version and we strongly recommend that all KCL version 1.x customers upgrade + to KCL version 1.14.5 (or higher). KCL 2.x, KCL 1.14.5 or higher, and KPL are not vulnerable. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS KMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Lambda + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Vulnerable when using aws-lambda-java-log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Polly + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS QuickSight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS RDS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified + in CVE-2021-44228. + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS S3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS SDK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS Secrets Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS Service Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS SNS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon SNS systems that serve customer traffic are patched against the + Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate + separately from SNS’s systems that serve customer traffic. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS SQS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Systems Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Systems Manager Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Textract + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: Chime + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon Chime and Chime SDK services have been updated to mitigate + the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Cloud Directory + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: CloudFront + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: CloudWatch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Cognito + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Corretto + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: 10/19 release distribution does not include Log4j. Vulnerable only + if customers applications use affected versions of Apache Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: DocumentDB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: EC2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux 2022 is affected. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: ECR Public + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon-owned images published under a Verified Account on Amazon + ECR Public are not affected by the Log4j issue. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: Elastic Load Balancing + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Services have been updated. All Elastic Load Balancers, as well as Classic, + Application, Network and Gateway, are not affected by this Log4j issue. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: EMR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Many customers are estimated to be vulnerable. Vulnerable only + if affected EMR releases are used and untrusted sources are configured to be processed. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: EventBridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Fraud Detector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Inspector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Inspector Classic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kafka (MSK) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Applying updates as required, portion of customers may still be vulnerable. + Some MSK-specific service components use Log4j > 2.0.0 library and are being patched where needed. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kendra + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Keyspaces (for Apache Cassandra) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kinesis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kinesis Data Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lake Formation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Update in progress, portion of customers may still be vulnerable. + AWS Lake Formation service hosts are being updated to the latest version of Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lex + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2716,7 +4584,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS + product: Linux (AL1) cves: cve-2021-4104: investigated: false @@ -2728,8 +4596,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Linux 1 - - '2' + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2740,16 +4607,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: 'Notes: Amazon Linux 1 had aws apitools which were Java based but these - were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). - AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 - and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2' + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM layer issue is available. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS API Gateway + product: Linux (AL2) cves: cve-2021-4104: investigated: false @@ -2760,7 +4625,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - All + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2774,12 +4639,14 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + notes: By default not vulnerable, and a new version of Amazon Kinesis Agent + which is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate + the Log4j issue in JVM layer is available. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS CloudHSM + product: Lookout for Equipment cves: cve-2021-4104: investigated: false @@ -2788,9 +4655,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 3.4.1. - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2803,13 +4670,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS Connect + product: Macie cves: cve-2021-4104: investigated: false @@ -2820,7 +4687,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - All + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2834,14 +4701,12 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Vendors recommend evaluating components of the environment outside of the - Amazon Connect service boundary, which may require separate/additional customer - mitigation + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS DynamoDB + product: Macie Classic cves: cve-2021-4104: investigated: false @@ -2852,7 +4717,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2869,9 +4734,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS EKS, ECS, Fargate + product: Managed Workflows for Apache Airflow (MWAA) cves: cve-2021-4104: investigated: false @@ -2880,9 +4745,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2896,18 +4761,12 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: To help mitigate the impact of the open-source Apache “Log4j2" utility - (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, - Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). - This hot-patch will require customer opt-in to use, and disables JNDI lookups - from the Log4J2 library in customers’ containers. These updates are available - as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes - users on AWS, and will be in supported AWS Fargate platform versions + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS ElastiCache + product: MemoryDB for Redis cves: cve-2021-4104: investigated: false @@ -2918,7 +4777,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2935,9 +4794,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS ELB + product: Monitron cves: cve-2021-4104: investigated: false @@ -2948,7 +4807,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2965,9 +4824,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS Inspector + product: MQ cves: cve-2021-4104: investigated: false @@ -2978,7 +4837,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2995,9 +4854,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS Kinesis Data Stream + product: Neptune cves: cve-2021-4104: investigated: false @@ -3006,9 +4865,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3022,16 +4881,12 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: We are actively patching all sub-systems that use Log4j2 by applying updates. - The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library - (KPL) are not impacted. For customers using KCL 1.x, we have released an updated - version and we strongly recommend that all KCL version 1.x customers upgrade - to KCL version 1.14.5 (or higher) + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS Lambda + product: NICE cves: cve-2021-4104: investigated: false @@ -3040,9 +4895,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3055,13 +4910,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Recommended to update EnginFrame or Log4j library. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS Lambda + product: OpenSearch cves: cve-2021-4104: investigated: false @@ -3070,9 +4925,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'R20211203-P2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3086,12 +4941,12 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ - notes: '' + notes: Update released, customers need to update their clusters to the fixed release. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS RDS + product: Pinpoint cves: cve-2021-4104: investigated: false @@ -3102,7 +4957,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3116,13 +4971,12 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified - in CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS S3 + product: RDS Aurora cves: cve-2021-4104: investigated: false @@ -3133,7 +4987,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3150,9 +5004,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS SNS + product: RDS for Oracle cves: cve-2021-4104: investigated: false @@ -3163,7 +5017,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3177,14 +5031,12 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon SNS systems that serve customer traffic are patched against the - Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate - separately from SNS’s systems that serve customer traffic + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS SQS + product: Redshift cves: cve-2021-4104: investigated: false @@ -3195,7 +5047,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3212,9 +5064,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: CloudFront + product: Rekognition cves: cve-2021-4104: investigated: false @@ -3222,9 +5074,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3243,7 +5096,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: CloudWatch + product: Route 53 cves: cve-2021-4104: investigated: false @@ -3251,9 +5104,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3272,7 +5126,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: EC2 + product: SageMaker cves: cve-2021-4104: investigated: false @@ -3282,9 +5136,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Amazon Linux 1 & 2 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3297,12 +5151,13 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + notes: Completed patching for the Apache Log4j2 issue (CVE-2021-44228). + Vulnerable only if customers applications use affected versions of Apache Log4j. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: ELB + product: Simple Notification Service (SNS) cves: cve-2021-4104: investigated: false @@ -3310,9 +5165,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3326,12 +5182,14 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + notes: Systems that serve customer traffic are patched against the Log4j2 issue. + Working to apply the patch to sub-systems that operate separately from SNSs + systems that serve customer traffic. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: KMS + product: Simple Queue Service (SQS) cves: cve-2021-4104: investigated: false @@ -3339,9 +5197,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3360,7 +5219,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: OpenSearch + product: Simple Workflow Service (SWF) cves: cve-2021-4104: investigated: false @@ -3369,9 +5228,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3384,13 +5243,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: RDS + product: Single Sign-On cves: cve-2021-4104: investigated: false @@ -3398,9 +5257,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3419,7 +5279,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: Route 53 + product: Step Functions cves: cve-2021-4104: investigated: false @@ -3427,9 +5287,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3448,7 +5309,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: S3 + product: Timestream cves: cve-2021-4104: investigated: false @@ -3456,9 +5317,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3485,10 +5347,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3514,10 +5377,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: WorkSpaces/AppStream 2.0 + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3530,7 +5424,9 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + notes: Not affected with default configurations. WorkDocs Sync client + versions 1.2.895.1 and older within Windows WorkSpaces, which contain + the Log4j component, are vulnerable; For update instruction, see source for more info. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -3543,10 +5439,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3565,7 +5462,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Anaconda - product: Anaconda + product: All cves: cve-2021-4104: investigated: false @@ -3577,7 +5474,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 4.10.3 + - '4.10.3' cve-2021-45046: investigated: false affected_versions: [] From cdfc36a230abf150888f6f37ef7b727b32c52103 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 10:37:10 -0500 Subject: [PATCH 12/27] Fix whitespace issue --- data/cisagov_A.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 01fd074..e8c15ba 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -4398,7 +4398,7 @@ software: vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Applying updates as required, portion of customers may still be vulnerable. - Some MSK-specific service components use Log4j > 2.0.0 library and are being patched where needed. + Some MSK-specific service components use Log4j > 2.0.0 library and are being patched where needed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -5456,7 +5456,7 @@ software: unaffected_versions: [] vendor_links: - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 - notes: Currently, no AMD products have been identified as affected. AMD is continuing + notes: Currently, no AMD products have been identified as affected. AMD is continuing its analysis. references: - '' From b75b3e94b347005421c17c208689eee295a5e6d0 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 11:27:10 -0500 Subject: [PATCH 13/27] Add/update Apache products --- data/cisagov_A.yml | 897 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 826 insertions(+), 71 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index e8c15ba..45bfed1 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -5491,6 +5491,36 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: AOMEI + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.aomeitech.com/forum/index.php?p=/discussion/7651/aomei-and-log4j + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' - vendor: Apache product: ActiveMQ Artemis cves: @@ -5535,10 +5565,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Airflow is written in Python + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Archiva + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2.2.6' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5550,8 +5611,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/apache/airflow/tree/main/airflow - notes: Airflow is written in Python + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 2.2.6. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -5565,11 +5626,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.14.1.3.11.5 - - 3.7.7 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5599,10 +5659,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5658,10 +5719,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5687,8 +5749,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -5717,10 +5780,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5738,7 +5802,7 @@ software: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: CamelKafka Connector + product: Camel Kafka Connector cves: cve-2021-4104: investigated: false @@ -5746,10 +5810,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Cassandra + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -5761,7 +5856,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://lists.apache.org/thread/2rngylxw8bjos6xbo1krp29m9wn2hhdr notes: '' references: - '' @@ -5776,9 +5871,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < druid 0.22.0 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '0.22.1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5796,6 +5891,36 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Dubbo + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/apache/dubbo/issues/9380 + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' - vendor: Apache product: Flink cves: @@ -5808,7 +5933,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 1.14.2 + - 1.15.0 + - 1.14.2 - 1.13.5 - 1.12.7 - 1.11.6 @@ -5825,16 +5951,16 @@ software: unaffected_versions: [] vendor_links: - https://flink.apache.org/2021/12/10/log4j-cve.html - notes: 'To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 + notes: To clarify and avoid confusion, the 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade - for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046.' + for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. references: - '[https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html)' last_updated: '2021-12-12T00:00:00' - vendor: Apache - product: Kafka + product: Fortress cves: cve-2021-4104: investigated: false @@ -5844,9 +5970,39 @@ software: cve-2021-44228: investigated: true affected_versions: [] + fixed_versions: + - '< 2.0.7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 2.0.7. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Geode + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.14.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5858,14 +6014,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kafka.apache.org/cve-list - notes: The current DB lists Apache Kafka as impacted. Apache Kafka uses Log4jv1, - not v2. + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.12.6, 1.13.5, 1.14.1. references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Apache - product: Kafka + product: Guacamole cves: cve-2021-4104: investigated: false @@ -5874,10 +6029,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Hadoop + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5889,13 +6074,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://logging.apache.org/log4j/2.x/security.html - notes: Only vulnerable in certain configuration(s) + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-14T00:00:00' - vendor: Apache - product: Log4j + product: HBase cves: cve-2021-4104: investigated: false @@ -5905,7 +6090,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.15.0 + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -5919,13 +6104,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://logging.apache.org/log4j/2.x/security.html + - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-14T00:00:00' - vendor: Apache - product: Solr + product: Hive cves: cve-2021-4104: investigated: false @@ -5936,8 +6121,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 7.4.0 to 7.7.3 - - 8.0.0 to 8.11.0 + - '4.x' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5950,13 +6134,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 - notes: Update to 8.11.1 or apply fixes as described in Solr security advisory + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' references: - - '[Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html)' - last_updated: '2021-12-16T00:00:00' + - '' + last_updated: '2021-12-14T00:00:00' - vendor: Apache - product: Struts 2 + product: James cves: cve-2021-4104: investigated: false @@ -5964,9 +6148,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - Versions before 2.5.28.1 + - '3.6.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -5980,16 +6164,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://struts.apache.org/announce-2021 - notes: The Apache Struts group is pleased to announce that Struts 2.5.28.1 is - available as a “General Availability” release. The GA designation is our highest - quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by - using the latest Log4j 2.12.2 version (Java 1.7 compatible). + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' references: - - '[Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga)' - last_updated: '2021-12-21T00:00:00' + - '' + last_updated: '2021-12-14T00:00:00' - vendor: Apache - product: Tomcat + product: Jena cves: cve-2021-4104: investigated: false @@ -5997,10 +6178,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - 9.0.x - fixed_versions: [] + investigated: true + affected_versions: [] + fixed_versions: + - '< 4.3.1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6013,19 +6194,593 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tomcat.apache.org/security-9.html - notes: Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications - deployed on Apache Tomcat may have a dependency on log4j. You should seek support - from the application vendor in this instance. It is possible to configure Apache - Tomcat 9.0.x to use log4j 2.x for Tomcat's internal logging. This requires explicit - configuration and the addition of the log4j 2.x library. Anyone who has switched - Tomcat's internal logging to log4j 2.x is likely to need to address this vulnerability. - In most cases, disabling the problematic feature will be the simplest solution. - Exactly how to do that depends on the exact version of log4j 2.x being used. - Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: JMeter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'All' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: JSPWiki + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2.11.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Kafka + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kafka.apache.org/cve-list + notes: Uses Log4j 1.2.17. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Log4j 1.x + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://logging.apache.org/log4j/2.x/security.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Log4j 2.x + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '2.17.1' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://logging.apache.org/log4j/2.x/security.html + notes: Fixed in Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6). + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Maven + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: NiFi + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.15.1, 1.16.0. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: OFBiz + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '< 18.12.03' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Ozone + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '< 1.2.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.15.1, 1.16.0. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: SkyWalking + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '< 8.9.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: SOLR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7.4.0 to 7.7.3' + - '8.0.0 to 8.11.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 + notes: Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several configurations. + references: + - '[Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html)' + last_updated: '2021-12-16T00:00:00' + - vendor: Apache + product: Spark + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Uses log4j 1.x + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Struts + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '2.5.28' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Struts 2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Versions before 2.5.28.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://struts.apache.org/announce-2021 + notes: The Apache Struts group is pleased to announce that Struts 2.5.28.1 is + available as a General Availability release. The GA designation is our highest + quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by + using the latest Log4j 2.12.2 version (Java 1.7 compatible). + references: + - '[Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga)' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: Tapestry + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '5.7.3' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Tika + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '2.0.0 and up' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Tomcat + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://tomcat.apache.org/security-9.html + notes: Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications + deployed on Apache Tomcat may have a dependency on log4j. You should seek support + from the application vendor in this instance. It is possible to configure Apache + Tomcat 9.0.x to use log4j 2.x for Tomcats internal logging. This requires explicit + configuration and the addition of the log4j 2.x library. Anyone who has switched + Tomcats internal logging to log4j 2.x is likely to need to address this vulnerability. + In most cases, disabling the problematic feature will be the simplest solution. + Exactly how to do that depends on the exact version of log4j 2.x being used. + Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: TrafficControl + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: ZooKeeper + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: APC by Schneider Electric product: Powerchute Business Edition cves: From e4f9401d3cbb2cb2d82b362e7173a32db1ff598b Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 11:46:40 -0500 Subject: [PATCH 14/27] Update various A products --- data/cisagov_A.yml | 45 ++++++++++++++++++++++++--------------------- 1 file changed, 24 insertions(+), 21 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 45bfed1..dfba695 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -6793,11 +6793,11 @@ software: investigated: true affected_versions: [] fixed_versions: - - v9.5 - - v10.0.1 - - v10.0.2 - - v10.0.3 - - v10.0.4 + - 'v9.5' + - 'v10.0.1' + - 'v10.0.2' + - 'v10.0.3' + - 'v10.0.4' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6830,7 +6830,7 @@ software: - '4.2' - '4.3' - '4.4' - - 4.4.1 + - '4.4.1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6858,9 +6858,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.3.x & 6.4.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '6.3.x' + - '6.4.x' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6874,7 +6875,7 @@ software: unaffected_versions: [] vendor_links: - https://apereo.github.io/2021/12/11/log4j-vuln/ - notes: '' + notes: Other versions still in active maintainance might need manual inspection. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -6888,10 +6889,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 9.10 - - < 10.6 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 9.10' + - '< 10.6' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6910,7 +6911,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apigee - product: '' + product: Edge and OPDK products cves: cve-2021-4104: investigated: false @@ -6918,10 +6919,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -6939,7 +6941,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apollo - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -6968,7 +6970,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Appdynamics - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7020,13 +7022,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://community.appeon.com/index.php/qna/q-a/apache-log4j-security-vulnerabilities notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: AppGate - product: '' + product: All cves: cve-2021-4104: investigated: false From 1ea05f0f150f7019c6945bc1619a96ce1d1d5566 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 11:49:49 -0500 Subject: [PATCH 15/27] Fix indentation errors --- data/cisagov_A.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index dfba695..06e0e28 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -6891,8 +6891,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 9.10' - - '< 10.6' + - '< 9.10' + - '< 10.6' unaffected_versions: [] cve-2021-45046: investigated: false From c8fdefcab20994bf58a552eaee845558798dfd60 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 12:44:09 -0500 Subject: [PATCH 16/27] Add Arista products --- data/cisagov_A.yml | 185 ++++++++++++++++++++++++++++++++++----------- 1 file changed, 140 insertions(+), 45 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 06e0e28..e348ea5 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -7096,39 +7096,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - Not Affected - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: [] - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Application Performance Ltd - product: DBMarlin - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7146,7 +7118,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: APPSHEET - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7175,7 +7147,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aptible - product: Aptible + product: All cves: cve-2021-4104: investigated: false @@ -7184,9 +7156,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - ElasticSearch 5.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Search 5.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -7205,7 +7177,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aqua Security - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7242,10 +7214,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7292,7 +7265,7 @@ software: - '' last_updated: '2022-01-13T00:00:00' - vendor: Arca Noae - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7561,7 +7534,7 @@ software: - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' last_updated: '2021-12-14T00:00:00' - vendor: ArcticWolf - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7590,7 +7563,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Arduino - product: '' + product: IDE cves: cve-2021-4104: investigated: false @@ -7598,9 +7571,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '1.8.17' unaffected_versions: [] cve-2021-45046: investigated: false @@ -7619,7 +7593,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ariba - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7648,7 +7622,37 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Arista - product: '' + product: Analytics Node for Converged Cloud Fabric + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>7.0.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Cloud Fabric + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: Analytics Node for DANZ Monitoring Fabric cves: cve-2021-4104: investigated: false @@ -7656,10 +7660,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - '>7.0.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Monitoring Fabric + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: CloudVision Portal + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>2019.1.0' + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -7676,6 +7711,66 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: CloudVision Wi-Fi, virtual or physical appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>8.8' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: Embedded Analytics for Converged Cloud Fabric + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>5.3.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Cloud Fabric + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: '' cves: From 0e96602b61062cecbb16b43fce7419b5e80e8a15 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 12:58:04 -0500 Subject: [PATCH 17/27] Add Aruba Networks products --- data/cisagov_A.yml | 729 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 725 insertions(+), 4 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index e348ea5..2a38f3e 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -7772,7 +7772,457 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks - product: '' + product: AirWave Management Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Analytics and Location Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS Wi-Fi Controllers and Gateways + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS SD-WAN Gateways + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS-CX Switches + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS-S Switches + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Central + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Central On-Prem + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ClearPass Policy Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: EdgeConnect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Fabric Composer (AFC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: HP ProCurve Switches + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant Access Points + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant On + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: IntroSpect cves: cve-2021-4104: investigated: false @@ -7780,10 +8230,281 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'Versions 2.5.0.0 to 2.5.0.6' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy GMS Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy NX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy VX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy VRX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: NetEdit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Plexxi Composable Fabric Manager (CFM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Silver Peak Orchestrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: User Experience Insight (UXI) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: VIA Clients + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7795,13 +8516,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjEwMTQ0;notificationCategory=Security + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ataccama - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7830,7 +8551,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atera - product: '' + product: All cves: cve-2021-4104: investigated: false From 77774d0c8d23382a5165f559e35167eeb2530237 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 13:27:35 -0500 Subject: [PATCH 18/27] Add Atlassian products --- data/cisagov_A.yml | 292 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 265 insertions(+), 27 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 2a38f3e..aa87a2e 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -8589,10 +8589,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 'On Prem' fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -8605,8 +8605,7 @@ software: unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + notes: Only vulnerable when using non-default config, cloud version fixed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -8620,9 +8619,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'On prem' unaffected_versions: [] cve-2021-45046: investigated: false @@ -8643,6 +8642,66 @@ software: last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Confluence Server & Data Center + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'On prem' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: Only vulnerable when using non-default config, cloud version fixed. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS CSAT Pro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'v1.7.1' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS WorkBench cves: cve-2021-4104: investigated: false @@ -8654,7 +8713,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8667,13 +8726,132 @@ software: unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian - product: Crowd Server & Data Center + product: Confluence-CIS-CAT Lite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'v4.13.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v3 Full and Dissolvable + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'v3.0.77' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v4 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'v4.13.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v4 Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'v1.13.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Dashboard cves: cve-2021-4104: investigated: false @@ -8685,7 +8863,67 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS-Hosted CSAT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Crowd Server & Data Center + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - On prem + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -8713,10 +8951,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 'On prem' fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -8744,10 +8982,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 'On prem' fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -8775,10 +9013,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -8796,8 +9034,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Attivo networks - product: '' + - vendor: Attivo Networks + product: All cves: cve-2021-4104: investigated: false @@ -8858,7 +9096,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: AudioCodes - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -8887,7 +9125,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Autodesk - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -8923,7 +9161,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Automox - product: '' + product: All cves: cve-2021-4104: investigated: false From 78bcca16e5d53ccb2336efb429ae7d4671644750 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 13:40:35 -0500 Subject: [PATCH 19/27] Update various A products --- data/cisagov_A.yml | 131 ++++++++++++++++++++++++++++++++++++++------- 1 file changed, 112 insertions(+), 19 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index aa87a2e..567c860 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -9160,6 +9160,97 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: Automation Anywhere + product: Automation 360 Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Automation Anywhere + product: Automation 360 On Premise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Automation Anywhere + product: Automation Anywhere + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '11.x' + - '<11.3x' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Automox product: All cves: @@ -9190,7 +9281,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Autopsy - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -9219,7 +9310,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Auvik - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -9248,7 +9339,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Avantra SYSLINK - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -9421,8 +9512,8 @@ software: affected_versions: - '8' - '8.1' - - 8.1.4 - - 8.1.5 + - '8.1.4' + - '8.1.5' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10209,7 +10300,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: AVEPOINT - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10238,7 +10329,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AVM - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10246,10 +10337,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10262,12 +10354,12 @@ software: unaffected_versions: [] vendor_links: - https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C - notes: '' + notes: devices, firmware, software incl. MyFritz Service. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AvTech RoomAlert - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10295,8 +10387,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AWS New - product: '' + - vendor: AXIS + product: OS cves: cve-2021-4104: investigated: false @@ -10304,10 +10396,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -10319,13 +10412,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://help.axis.com/axis-os notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AXON - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10354,7 +10447,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AXS Guard - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10383,7 +10476,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Axways Applications - product: '' + product: All cves: cve-2021-4104: investigated: false From f4856ebddc5522e2b07664f13fc5347a65a8e5d9 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 14:03:21 -0500 Subject: [PATCH 20/27] Update Avaya products --- data/cisagov_A.yml | 171 +++++++++++++++++++-------------------------- 1 file changed, 72 insertions(+), 99 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 567c860..22dcda9 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -9410,8 +9410,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9434,7 +9435,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Application Enablement Services + product: Avaya Aura Application Enablement Services cves: cve-2021-4104: investigated: false @@ -9444,8 +9445,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 8.1.3.2 - - 8.1.3.3 + - '8.1.3.2' + - '8.1.3.3' - '10.1' fixed_versions: [] unaffected_versions: [] @@ -9466,7 +9467,7 @@ software: - '[PSN020551u](https://download.avaya.com/css/public/documents/101079386)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Contact Center + product: Avaya Aura Contact Center cves: cve-2021-4104: investigated: false @@ -9476,11 +9477,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - 7.0.2 - - 7.0.3 + - '7.0.2' + - '7.0.3' - '7.1' - - 7.1.1 - - 7.1.2 + - '7.1.1' + - '7.1.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9500,7 +9501,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Device Services + product: Avaya Aura Device Services cves: cve-2021-4104: investigated: false @@ -9511,7 +9512,10 @@ software: investigated: true affected_versions: - '8' + - '8.0.1' + - '8.0.2' - '8.1' + - '8.1.3' - '8.1.4' - '8.1.5' fixed_versions: [] @@ -9533,7 +9537,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Device Services + product: Avaya Aura Media Server cves: cve-2021-4104: investigated: false @@ -9543,41 +9547,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 8.0.1 - - 8.0.2 - - 8.1.3 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' - references: - - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Aura® Media Server - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 8.0.0 - - 8.0.1 - - 8.0.2 + - '8.0.0' + - '8.0.1' + - '8.0.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9597,7 +9569,7 @@ software: - '[PSN020549u](https://download.avaya.com/css/secure/documents/101079316)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Presence Services + product: Avaya Aura Presence Services cves: cve-2021-4104: investigated: false @@ -9608,15 +9580,15 @@ software: investigated: true affected_versions: - '10.1' - - 7.1.2 + - '7.1.2' - '8' - - 8.0.1 - - 8.0.2 + - '8.0.1' + - '8.0.2' - '8.1' - - 8.1.1 - - 8.1.2 - - 8.1.3 - - 8.1.4 + - '8.1.1' + - '8.1.2' + - '8.1.3' + - '8.1.4' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9636,7 +9608,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Session Manager + product: Avaya Aura Session Manager cves: cve-2021-4104: investigated: false @@ -9647,13 +9619,13 @@ software: investigated: true affected_versions: - '10.1' - - 7.1.3 + - '7.1.3' - '8' - - 8.0.1 + - '8.0.1' - '8.1' - - 8.1.1 - - 8.1.2 - - 8.1.3 + - '8.1.1' + - '8.1.2' + - '8.1.3' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9673,7 +9645,7 @@ software: - '[PSN020550u](https://download.avaya.com/css/public/documents/101079384)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® System Manager + product: Avaya Aura System Manager cves: cve-2021-4104: investigated: false @@ -9684,7 +9656,7 @@ software: investigated: true affected_versions: - '10.1' - - 8.1.3 + - '8.1.3' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9704,7 +9676,7 @@ software: - '[PSN005565u](https://download.avaya.com/css/secure/documents/101079390)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Web Gateway + product: Avaya Aura Web Gateway cves: cve-2021-4104: investigated: false @@ -9714,11 +9686,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.11[P] - - 3.8.1[P] - - 3.8[P] - - 3.9.1 [P] - - 3.9[P] + - '3.11[P]' + - '3.8.1[P]' + - '3.8[P]' + - '3.9.1[P]' + - '3.9[P]' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9738,7 +9710,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Breeze™ + product: Avaya Breeze cves: cve-2021-4104: investigated: false @@ -9750,7 +9722,7 @@ software: affected_versions: - '3.7' - '3.8' - - 3.8.1 + - '3.8.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9780,11 +9752,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - 7.0.2 - - 7.0.3 + - '7.0.2' + - '7.0.3' - '7.1' - - 7.1.1 - - 7.1.2 + - '7.1.1' + - '7.1.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9844,7 +9816,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.1.22 + - '3.1.22' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9874,9 +9846,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 9.1.10 - - 9.1.11 - - 9.1.12 + - '9.1.10' + - '9.1.11' + - '9.1.12' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9896,7 +9868,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya one cloud private -UCaaS - Mid Market Aura + product: Avaya OneCloud-Private-UCaaS - Mid Market Aura cves: cve-2021-4104: investigated: false @@ -9966,11 +9938,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - 8.0.1 + - '8.0.1' - '8.1' - - 8.1.1 - - 8.1.2 - - 8.1.3 + - '8.1.1' + - '8.1.2' + - '8.1.3' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9998,8 +9970,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10093,7 +10066,7 @@ software: investigated: true affected_versions: - '5' - - 5.0.1 + - '5.0.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10123,8 +10096,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 9.0.2 - - 9.0.2.1 + - '9.0.2' + - '9.0.2.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10174,7 +10147,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Equinox™ Conferencing + product: Equinox Conferencing cves: cve-2021-4104: investigated: false @@ -10184,7 +10157,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 9.1.2 + - '9.1.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10214,7 +10187,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 7.3.9 + - '7.3.9' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10234,7 +10207,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: IP Office™ Platform + product: IP Office Platform cves: cve-2021-4104: investigated: false @@ -10244,10 +10217,10 @@ software: cve-2021-44228: investigated: true affected_versions: - - 11.0.4 + - '11.0.4' - '11.1' - - 11.1.1 - - 11.1.2 + - '11.1.1' + - '11.1.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10277,10 +10250,10 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.1.2 - - 3.1.3 + - '3.1.2' + - '3.1.3' - '4' - - 4.0.1 + - '4.0.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: From 461750059b73356e1f7a14b6b570c0ad3193464e Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Fri, 11 Feb 2022 19:11:34 +0000 Subject: [PATCH 21/27] Update the software list --- SOFTWARE-LIST.md | 437 ++- data/cisagov.yml | 7110 ++++++++++++++++++++++++++++++++++++++------ data/cisagov_A.yml | 524 ++-- 3 files changed, 6833 insertions(+), 1238 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 5514bf7..61321b9 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -29,107 +29,246 @@ NOTE: This file is automatically generated. To submit updates, please refer to | 3M Health Information Systems | CGS | | | Unknown | [link](https://support.3mhis.com/app/account/updates/ri/5210) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | 7-Zip | | | | Unknown | [link](https://sourceforge.net/p/sevenzip/discussion/45797/thread/b977bbd4d1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | 7Signal | Sapphire | | | Fixed | [link](https://www.7signal.com/info/se-release-notes) | Fix released 2021-12-14 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| ABB | | | | Unknown | [link](https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ABB | ABB Remote Service | ABB Remote Platform (RAP) | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ABB | AlarmInsight Cloud | AlarmInsight KPI Dashboards 1.0.0 | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ABB | B&R Products | See Vendor Advisory | | Affected | [link](https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Abbott | | | | Unknown | [link](https://www.abbott.com/policies/cybersecurity/apache-Log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Abnormal Security | Abnormal Security | | | Unknown | [link](https://abnormalsecurity.com/blog/attackers-use-email-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Accellence | | | | Unknown | [link](https://www.accellence.de/en/articles/national-vulnerability-database-62) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Accellion | Kiteworks | | v7.6 release | Fixed | [link](https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/) | "As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true” to disable the possible attack vector on both CentOS 6 and CentOS 7." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Acquia | | | | Unknown | [link](https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Acronis | | | | Unknown | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ActiveState | | | | Unknown | [link](https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Adaptec | | | | Unknown | [link](https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Addigy | | | | Unknown | [link](https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Adeptia | | | | Unknown | [link](https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Adobe ColdFusion | | | | Unknown | [link](https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ADP | | | | Unknown | [link](https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ABB | AlarmInsight Cloud | | | Not Affected | [link](https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ABB | B&R Products | | | Not Affected | [link](https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ABB | Remote Service | | | Fixed | [link](https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Abbott | All | | | Unknown | [link](https://www.abbott.com/policies/cybersecurity/apache-Log4j.html) | Details are shared with customers with an active RAP subscription. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Abbott | GLP Track System | Track Sample Manager (TSM), Track Workflow Manager (TWM) | | Affected | [link](https://www.abbott.com/policies/cybersecurity/apache-Log4j.html) | Abbott will provide a fix for this in a future update expected in January 2022. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Abnormal Security | All | | | Not Affected | [link](https://abnormalsecurity.com/blog/attackers-use-email-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accellence Technologies | EBÜS | | All | Fixed | [link](https://www.accellence.de/en/articles/cve-2021-44228-62) | EBÜS itself is not vulnerable to CVE-2021-44228. Although it includes several 3rd-party software setups, which may be affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accellence Technologies | Vimacc | | | Not Affected | [link](https://www.accellence.de/en/articles/cve-2021-44228-62) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accellion | Kiteworks | | v7.6 release | Fixed | [link](https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/) | As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true" to disable the possible attack vector on both CentOS 6 and CentOS 7. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Accruent | Analytics | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Asset Enterprise | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | BigCenter | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | EMS | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Evoco | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Expesite | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Famis 360 | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Lucernex | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Maintenance Connection | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Meridian | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Single Sign On (SSO, Central Auth) | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | SiteFM3 | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | SiteFM4 | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Siterra | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | TMS | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | VxField | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | VxMaintain | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | VxObserve | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | VxSustain | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acquia | All | | | Unknown | [link](https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Backup | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Cyber Backup | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Cyber Files | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Cyber Infrastructure | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Cyber Protect | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Cyber Protection Home Office | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | DeviceLock DLP | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Files Connect | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | MassTransit | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Snap Deploy | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ActiveState | All | | | Unknown | [link](https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | 360 | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | Agents | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | Application | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | IAST - ASP.NET | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | IAST - NodeJS | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | IAST - PHP | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | IAST-Java | | All | Fixed | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | AcuSensor IAST module needs attention. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adaptec | All | | | Unknown | [link](https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Addigy | All | | | Unknown | [link](https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adeptia | Connect | | 3.3, 3.4, 3.5 | Fixed | [link](https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adeptia | Suite | | 6.9.9, 6.9.10, 6.9.11 | Fixed | [link](https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Automated Forms Conversion Service | | | Affected | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | ColdFusion | | | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager 6.3 Forms on JEE | | All versions from 6.3 GA to 6.3.3 | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager 6.4 Forms Designer | | | Affected | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager 6.4 Forms on JEE | | All versions from 6.4 GA to 6.4.8 | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager 6.5 Forms Designer | | | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager 6.5 Forms on JEE | | All versions from 6.5 GA to 6.5.11 | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager Forms on OSGi | | | Not Affected | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager Forms Workbench | | | Not Affected | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ADP | All | | | Unknown | [link](https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Advanced Micro Devices (AMD) | All | | | Not Affected | [link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | -| Advanced Systems Concepts (formally Jscape) | Active MFT | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Advanced Systems Concepts (formally Jscape) | MFT | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Advanced Systems Concepts (formally Jscape) | MFT Gateway | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Advanced Systems Concepts (formally Jscape) | MFT Server | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| AFAS Software | | | | Unknown | [link](https://help.afas.nl/vraagantwoord/NL/SE/120439.htm) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Advanced Systems Concepts (formally Jscape) | Active MFT | | | Not Affected | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Advanced Systems Concepts (formally Jscape) | MFT | | | Not Affected | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Advanced Systems Concepts (formally Jscape) | MFT Gateway | | | Not Affected | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Advanced Systems Concepts (formally Jscape) | MFT Server | | | Not Affected | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | AFHCAN Global LLC | AFHCANcart | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANmobile | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANServer | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANsuite | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANupdate | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANweb | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Agilysys | | | | Unknown | [link](https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Akamai | SIEM Splunk Connector | All | | Affected | [link](https://splunkbase.splunk.com/app/4310/) | v1.4.11 is the new recommendation for mitigation of log4j vulnerabilities | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Alcatel | | | | Unknown | [link](https://dokuwiki.alu4u.com/doku.php?id=log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Alertus | | | | Unknown | [link](https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Alexion | | | | Unknown | [link](https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Alfresco | | | | Unknown | [link](https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AlienVault | | | | Unknown | [link](https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Alphatron Medical | | | | Unknown | [link](https://www.alphatronmedical.com/home.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | Athena | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | AWS | | | Not Affected | | Notes: Amazon Linux 1 had aws apitools which were Java based but these were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Amazon | AWS API Gateway | | All | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Amazon | AWS CloudHSM | < 3.4.1. | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | AWS Connect | | All | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Vendors recommend evaluating components of the environment outside of the Amazon Connect service boundary, which may require separate/additional customer mitigation | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | -| Amazon | AWS DynamoDB | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Amazon | AWS EKS, ECS, Fargate | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | To help mitigate the impact of the open-source Apache “Log4j2" utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers’ containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Amazon | AWS ElastiCache | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Amazon | AWS ELB | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Amazon | AWS Inspector | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Amazon | AWS Kinesis Data Stream | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | We are actively patching all sub-systems that use Log4j2 by applying updates. The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade to KCL version 1.14.5 (or higher) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Amazon | AWS Lambda | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | AWS Lambda | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | AWS RDS | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified in CVE-2021-44228 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Amazon | AWS S3 | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Amazon | AWS SNS | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon SNS systems that serve customer traffic are patched against the Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate separately from SNS’s systems that serve customer traffic | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Amazon | AWS SQS | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Amazon | CloudFront | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | CloudWatch | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | EC2 | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Amazon | ELB | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | KMS | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | OpenSearch | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | RDS | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | Route 53 | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | S3 | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | Translate | | | Unknown | [link](https://aws.amazon.com/translate/) | Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | VPC | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AMD | All | | | Unknown | [link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | Currently, no AMD products have been identified as affected. AMD is continuing its analysis. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Anaconda | Anaconda | | | Not Affected | [link](https://docs.conda.io/projects/conda/en/latest/index.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Agilysys | All | | | Unknown | [link](https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ahsay | Mobile | | | Not Affected | [link](https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ahsay | Other products | | | Not Affected | [link](https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ahsay | PRD | | | Not Affected | [link](https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AIL | All | | | Not Affected | [link](https://twitter.com/ail_project/status/1470373644279119875) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Akamai | Enterprise Application Access (EAA) Connector | | | Not Affected | [link](https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Akamai | SIEM Integration Connector | | <1.7.4 | Fixed | [link](https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes) | Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Akamai | SIEM Splunk Connector | | < 1.4.10 | Fixed | [link](https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes) | Akamai SIEM Integration Connector for Splunk is not vulnerable to CVE-2021-44228. Although it includes the vulnerable Log4J component, it is not used by the connector. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Alcatel | All | | | Unknown | [link](https://dokuwiki.alu4u.com/doku.php?id=log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alertus | Console | | 5.15.0 | Fixed | [link](https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alexion | Alexion CRM | | | Not Affected | [link](https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alfresco | Alfresco | | | Not Affected | [link](https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AlienVault | All | | | Unknown | [link](https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alphatron Medical | AmiSconnect | | | Not Affected | [link](https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alphatron Medical | Custo Diagnostics | 5.4, 5.6 | | Affected | [link](https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alphatron Medical | JiveX | | | Not Affected | [link](https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alphatron Medical | Zorgbericht | | | Not Affected | [link](https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AMS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Work in progress, portion of customers may still be vulnerable. Actively monitoring this issue, and are working on addressing it for any AMS services which use Log4j2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | API Gateway | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | Athena | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | Athena JDBC Driver | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | All versions vended to customers were not affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS | | | Not Affected | | Amazon Linux 1 had aws apitools which were Java based but these were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | AWS AppFlow | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS AppSync | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS Certificate Manager | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS Certificate Manager Private CA | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS CloudHSM | | < 3.4.1 | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | CloudHSM JCE SDK 3.4.1 or higher is not vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS CodeBuild | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS CodePipeline | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS Connect | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Vendors recommend evaluating components of the environment outside of the Amazon Connect service boundary, which may require separate/additional customer mitigation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Amazon | AWS Directory Service | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Amazon | AWS DynamoDB | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS ECS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers’ containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS EKS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers’ containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS Elastic Beanstalk | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Default configuration of applications usage of Log4j versions is not vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS ElastiCache | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS ELB | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS Fargate | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available as platform versions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS Glue | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Has been updated. Vulnerable only if ETL jobs load affected versions of Apache Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS Greengrass | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Updates for all Greengrass V2 components Stream Manager (2.0.14) and Secure Tunneling (1.0.6) are available. For Greengrass versions 1.10.x and 1.11.x, an update for the Stream Manager feature is included in Greengrass patch versions 1.10.5 and 1.11.5. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS Inspector | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS IoT SiteWise Edge | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Updates for all AWS IoT SiteWise Edge components that use Log4j were made available; OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher (v2.0.2). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS Kinesis Data Streams | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | We are actively patching all sub-systems that use Log4j2 by applying updates. The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade to KCL version 1.14.5 (or higher). KCL 2.x, KCL 1.14.5 or higher, and KPL are not vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Amazon | AWS KMS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS Lambda | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Vulnerable when using aws-lambda-java-log4j2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS Polly | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS QuickSight | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS RDS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified in CVE-2021-44228. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS S3 | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Amazon | AWS SDK | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Amazon | AWS Secrets Manager | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Amazon | AWS Service Catalog | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS SNS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon SNS systems that serve customer traffic are patched against the Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate separately from SNS’s systems that serve customer traffic. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Amazon | AWS SQS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | AWS Systems Manager | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | AWS Systems Manager Agent | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | AWS Textract | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | Chime | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon Chime and Chime SDK services have been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Cloud Directory | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | CloudFront | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | CloudWatch | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Cognito | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Corretto | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | 10/19 release distribution does not include Log4j. Vulnerable only if customers applications use affected versions of Apache Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | DocumentDB | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | EC2 | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux 2022 is affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | ECR Public | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon-owned images published under a Verified Account on Amazon ECR Public are not affected by the Log4j issue. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | Elastic Load Balancing | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Services have been updated. All Elastic Load Balancers, as well as Classic, Application, Network and Gateway, are not affected by this Log4j issue. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | EMR | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Many customers are estimated to be vulnerable. Vulnerable only if affected EMR releases are used and untrusted sources are configured to be processed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | EventBridge | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Fraud Detector | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Inspector | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Inspector Classic | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Kafka (MSK) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Applying updates as required, portion of customers may still be vulnerable. Some MSK-specific service components use Log4j > 2.0.0 library and are being patched where needed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Kendra | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Keyspaces (for Apache Cassandra) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Kinesis | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Kinesis Data Analytics | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Lake Formation | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Update in progress, portion of customers may still be vulnerable. AWS Lake Formation service hosts are being updated to the latest version of Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Lex | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Linux (AL1) | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM layer issue is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Linux (AL2) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | By default not vulnerable, and a new version of Amazon Kinesis Agent which is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate the Log4j issue in JVM layer is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Lookout for Equipment | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Macie | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Macie Classic | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Managed Workflows for Apache Airflow (MWAA) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | MemoryDB for Redis | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Monitron | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | MQ | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Neptune | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | NICE | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Recommended to update EnginFrame or Log4j library. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | OpenSearch | | R20211203-P2 | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Update released, customers need to update their clusters to the fixed release. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Pinpoint | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | RDS Aurora | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | RDS for Oracle | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Redshift | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Rekognition | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Route 53 | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | SageMaker | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Completed patching for the Apache Log4j2 issue (CVE-2021-44228). Vulnerable only if customers applications use affected versions of Apache Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Simple Notification Service (SNS) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Systems that serve customer traffic are patched against the Log4j2 issue. Working to apply the patch to sub-systems that operate separately from SNSs systems that serve customer traffic. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Simple Queue Service (SQS) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Simple Workflow Service (SWF) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Single Sign-On | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Step Functions | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Timestream | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Translate | | | Not Affected | [link](https://aws.amazon.com/translate/) | Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | VPC | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | WorkSpaces/AppStream 2.0 | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Not affected with default configurations. WorkDocs Sync client versions 1.2.895.1 and older within Windows WorkSpaces, which contain the Log4j component, are vulnerable; For update instruction, see source for more info. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AMD | All | | | Not Affected | [link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | Currently, no AMD products have been identified as affected. AMD is continuing its analysis. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Anaconda | All | | | Not Affected | [link](https://docs.conda.io/projects/conda/en/latest/index.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| AOMEI | All | | | Not Affected | [link](https://www.aomeitech.com/forum/index.php?p=/discussion/7651/aomei-and-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Apache | ActiveMQ Artemis | | | Not Affected | [link](https://activemq.apache.org/news/cve-2021-44228) | ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). Although this version of Log4j is not impacted by CVE-2021-44228 future versions of Artemis will be updated so that the Log4j jar is no longer included in the web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) for more information on that task. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Apache | Airflow | | | Unknown | [link](https://github.com/apache/airflow/tree/main/airflow) | Airflow is written in Python | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apache | Camel | 3.14.1.3.11.5, 3.7.7 | | Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | Camel 2 | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Airflow | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Airflow is written in Python | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Archiva | | 2.2.6 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 2.2.6. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Camel | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Camel 2 | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | | Apache | Camel JBang | <=3.1.4 | | Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | Camel K | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | Camel Karaf | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | The Karaf team is aware of this and are working on a new Karaf 4.3.4 release with updated log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | Camel Quarkus | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | CamelKafka Connector | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | Druid | < druid 0.22.0 | | Affected | [link](https://github.com/apache/druid/releases/tag/druid-0.22.1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | -| Apache | Flink | | < 1.14.2, 1.13.5, 1.12.7, 1.11.6 | Fixed | [link](https://flink.apache.org/2021/12/10/log4j-cve.html) | To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. | [https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | -| Apache | Kafka | | | Not Affected | [link](https://kafka.apache.org/cve-list) | The current DB lists Apache Kafka as impacted. Apache Kafka uses Log4jv1, not v2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Apache | Kafka | Unknown | | Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | Only vulnerable in certain configuration(s) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apache | Log4j | < 2.15.0 | | Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apache | Solr | | 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 | Fixed | [link](https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228) | Update to 8.11.1 or apply fixes as described in Solr security advisory | [Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Apache | Struts 2 | Versions before 2.5.28.1 | | Affected | [link](https://struts.apache.org/announce-2021) | The Apache Struts group is pleased to announce that Struts 2.5.28.1 is available as a “General Availability” release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by using the latest Log4j 2.12.2 version (Java 1.7 compatible). | [Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Apache | Tomcat | 9.0.x | | Affected | [link](https://tomcat.apache.org/security-9.html) | Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications deployed on Apache Tomcat may have a dependency on log4j. You should seek support from the application vendor in this instance. It is possible to configure Apache Tomcat 9.0.x to use log4j 2.x for Tomcat's internal logging. This requires explicit configuration and the addition of the log4j 2.x library. Anyone who has switched Tomcat's internal logging to log4j 2.x is likely to need to address this vulnerability. In most cases, disabling the problematic feature will be the simplest solution. Exactly how to do that depends on the exact version of log4j 2.x being used. Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Apache | Camel K | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Camel Kafka Connector | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Camel Karaf | | | Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | The Karaf team is aware of this and are working on a new Karaf 4.3.4 release with updated log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Camel Quarkus | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Cassandra | | | Not Affected | [link](https://lists.apache.org/thread/2rngylxw8bjos6xbo1krp29m9wn2hhdr) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Druid | | 0.22.1 | Fixed | [link](https://github.com/apache/druid/releases/tag/druid-0.22.1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | +| Apache | Dubbo | | All | Fixed | [link](https://github.com/apache/dubbo/issues/9380) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | +| Apache | Flink | | 1.15.0, 1.14.2, 1.13.5, 1.12.7, 1.11.6 | Fixed | [link](https://flink.apache.org/2021/12/10/log4j-cve.html) | To clarify and avoid confusion, the 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. | [https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | +| Apache | Fortress | | < 2.0.7 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 2.0.7. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Geode | | 1.14.0 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 1.12.6, 1.13.5, 1.14.1. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Guacamole | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Hadoop | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | HBase | | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Hive | | 4.x | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | James | 3.6.0 | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Jena | | < 4.3.1 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | JMeter | All | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | JSPWiki | | 2.11.1 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Kafka | | | Not Affected | [link](https://kafka.apache.org/cve-list) | Uses Log4j 1.2.17. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Log4j 1.x | | | Not Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Log4j 2.x | 2.17.1 | | Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | Fixed in Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Maven | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | NiFi | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 1.15.1, 1.16.0. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | OFBiz | | < 18.12.03 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Ozone | | < 1.2.1 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 1.15.1, 1.16.0. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | SkyWalking | | < 8.9.1 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | SOLR | | 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 | Fixed | [link](https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228) | Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several configurations. | [Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Apache | Spark | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Uses log4j 1.x | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Struts | 2.5.28 | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Struts 2 | | Versions before 2.5.28.1 | Fixed | [link](https://struts.apache.org/announce-2021) | The Apache Struts group is pleased to announce that Struts 2.5.28.1 is available as a General Availability release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by using the latest Log4j 2.12.2 version (Java 1.7 compatible). | [Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Apache | Tapestry | 5.7.3 | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Tika | 2.0.0 and up | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Tomcat | | | Unknown | [link](https://tomcat.apache.org/security-9.html) | Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications deployed on Apache Tomcat may have a dependency on log4j. You should seek support from the application vendor in this instance. It is possible to configure Apache Tomcat 9.0.x to use log4j 2.x for Tomcats internal logging. This requires explicit configuration and the addition of the log4j 2.x library. Anyone who has switched Tomcats internal logging to log4j 2.x is likely to need to address this vulnerability. In most cases, disabling the problematic feature will be the simplest solution. Exactly how to do that depends on the exact version of log4j 2.x being used. Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Apache | TrafficControl | | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | ZooKeeper | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | APC by Schneider Electric | Powerchute Business Edition | | v9.5, v10.0.1, v10.0.2, v10.0.3, v10.0.4 | Fixed | [link](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | APC by Schneider Electric | Powerchute Network Shutdown | | 4.2, 4.3, 4.4, 4.4.1 | Fixed | [link](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Apereo | CAS | 6.3.x & 6.4.x | | Affected | [link](https://apereo.github.io/2021/12/11/log4j-vuln/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apereo | Opencast | < 9.10, < 10.6 | | Affected | [link](https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apigee | | | | Unknown | [link](https://status.apigee.com/incidents/3cgzb0q2r10p) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apollo | | | | Unknown | [link](https://community.apollographql.com/t/log4j-vulnerability/2214) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Appdynamics | | | | Unknown | [link](https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Appeon | PowerBuilder | Appeon PowerBuilder 2017-2021 regardless of product edition | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| AppGate | | | | Unknown | [link](https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apereo | CAS | | 6.3.x, 6.4.x | Fixed | [link](https://apereo.github.io/2021/12/11/log4j-vuln/) | Other versions still in active maintainance might need manual inspection. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apereo | Opencast | | < 9.10, < 10.6 | Fixed | [link](https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apigee | Edge and OPDK products | | | Not Affected | [link](https://status.apigee.com/incidents/3cgzb0q2r10p) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apollo | All | | | Unknown | [link](https://community.apollographql.com/t/log4j-vulnerability/2214) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Appdynamics | All | | | Unknown | [link](https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Appeon | PowerBuilder | Appeon PowerBuilder 2017-2021 regardless of product edition | | Affected | [link](https://community.appeon.com/index.php/qna/q-a/apache-log4j-security-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| AppGate | All | | | Unknown | [link](https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Appian | Appian Platform | | All | Fixed | [link](https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Application Performance Ltd | DBMarlin | Not Affected | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Application Performance Ltd | DBMarlin | | | Unknown | [link](https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| APPSHEET | | | | Unknown | [link](https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Aptible | Aptible | ElasticSearch 5.x | | Affected | [link](https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Aqua Security | | | | Unknown | [link](https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Arbiter Systems | All | | | Unknown | [link](https://www.arbiter.com/news/index.php?id=4403) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| APPSHEET | All | | | Unknown | [link](https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aptible | All | | Search 5.x | Fixed | [link](https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aqua Security | All | | | Unknown | [link](https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arbiter Systems | All | | | Not Affected | [link](https://www.arbiter.com/news/index.php?id=4403) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | ARC Informatique | All | | | Not Affected | [link](https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | -| Arca Noae | | | | Unknown | [link](https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arca Noae | All | | | Unknown | [link](https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Arcserve | Arcserve Backup | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | Arcserve Continuous Availability | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | Arcserve Email Archiving | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | @@ -138,64 +277,102 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Arcserve | ShadowXafe | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | Solo | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | StorageCraft OneXafe | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| ArcticWolf | | | | Unknown | [link](https://arcticwolf.com/resources/blog/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Arduino | | | | Unknown | [link](https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Ariba | | | | Unknown | [link](https://connectsupport.ariba.com/sites#announcements-display&/Event/908469) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Arista | | | | Unknown | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Aruba Networks | | | | Unknown | [link](https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjEwMTQ0;notificationCategory=Security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Ataccama | | | | Unknown | [link](https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atera | | | | Unknown | [link](https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Bamboo Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Bitbucket Server & Data Center | All | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product is not vulnerable to remote code execution but may leak information due to the bundled Elasticsearch component being vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Confluence Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Crowd Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Crucible | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Fisheye | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Jira Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Attivo networks | | | | Unknown | [link](https://www.attivonetworks.com/wp-content/uploads/2021/12/Log4j_Vulnerability-Advisory-211213-4.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ArcticWolf | All | | | Unknown | [link](https://arcticwolf.com/resources/blog/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arduino | IDE | | 1.8.17 | Fixed | [link](https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ariba | All | | | Unknown | [link](https://connectsupport.ariba.com/sites#announcements-display&/Event/908469) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arista | Analytics Node for Converged Cloud Fabric | >7.0.0 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | Formerly Big Cloud Fabric | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arista | Analytics Node for DANZ Monitoring Fabric | >7.0.0 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | Formerly Big Monitoring Fabric | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arista | CloudVision Portal | >2019.1.0 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arista | CloudVision Wi-Fi, virtual or physical appliance | >8.8 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arista | Embedded Analytics for Converged Cloud Fabric | >5.3.0 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | Formerly Big Cloud Fabric | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | AirWave Management Platform | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Analytics and Location Engine | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | ArubaOS SD-WAN Gateways | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | ArubaOS Wi-Fi Controllers and Gateways | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | ArubaOS-CX Switches | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | ArubaOS-S Switches | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Central | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Central On-Prem | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | ClearPass Policy Manager | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | EdgeConnect | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Fabric Composer (AFC) | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | HP ProCurve Switches | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Instant | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Instant Access Points | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Instant On | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | IntroSpect | | Versions 2.5.0.0 to 2.5.0.6 | Fixed | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Legacy GMS Products | | | Fixed | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Legacy NX | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Legacy VRX | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Legacy VX | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | NetEdit | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Plexxi Composable Fabric Manager (CFM) | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Silver Peak Orchestrator | | | Fixed | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | User Experience Insight (UXI) | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | VIA Clients | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ataccama | All | | | Unknown | [link](https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atera | All | | | Unknown | [link](https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Bamboo Server & Data Center | On Prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | Only vulnerable when using non-default config, cloud version fixed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Bitbucket Server & Data Center | | On prem | Fixed | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product is not vulnerable to remote code execution but may leak information due to the bundled Elasticsearch component being vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence Server & Data Center | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | Only vulnerable when using non-default config, cloud version fixed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS CSAT Pro | v1.7.1 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS WorkBench | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-CAT Lite | v4.13.0 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-CAT Pro Assessor v3 Full and Dissolvable | v3.0.77 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-CAT Pro Assessor v4 | v4.13.0 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-CAT Pro Assessor v4 Service | v1.13.0 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-CAT Pro Dashboard | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-Hosted CSAT | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Crowd Server & Data Center | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Crucible | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Fisheye | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Jira Server & Data Center | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Attivo Networks | All | | | Unknown | [link](https://www.attivonetworks.com/wp-content/uploads/2021/12/Log4j_Vulnerability-Advisory-211213-4.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Atvise | All | | | Not Affected | [link](https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen) | The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise solutions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | -| AudioCodes | | | | Unknown | [link](https://services.audiocodes.com/app/answers/kbdetail/a_id/2225) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Autodesk | | | | Unknown | [link](https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html) | Autodesk is continuing to perform a thorough investigation in relation to the recently discovered Apache Log4j security vulnerabilities. We continue to implement several mitigating factors for our products including patching, network firewall blocks, and updated detection signatures to reduce the threat of this vulnerability and enhance our ability to quickly respond to potential malicious activity. We have not identified any compromised systems in the Autodesk environment due to this vulnerability, at this time. This is an ongoing investigation and we will provide updates on the [Autodesk Trust Center as we learn more](https://www.autodesk.com/trust/overview). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Automox | | | | Unknown | [link](https://blog.automox.com/log4j-critical-vulnerability-scores-a-10) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Autopsy | | | | Unknown | [link](https://www.autopsy.com/autopsy-and-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Auvik | | | | Unknown | [link](https://status.auvik.com/incidents/58bfngkz69mj) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Avantra SYSLINK | | | | Unknown | [link](https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AudioCodes | All | | | Unknown | [link](https://services.audiocodes.com/app/answers/kbdetail/a_id/2225) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Autodesk | All | | | Unknown | [link](https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html) | Autodesk is continuing to perform a thorough investigation in relation to the recently discovered Apache Log4j security vulnerabilities. We continue to implement several mitigating factors for our products including patching, network firewall blocks, and updated detection signatures to reduce the threat of this vulnerability and enhance our ability to quickly respond to potential malicious activity. We have not identified any compromised systems in the Autodesk environment due to this vulnerability, at this time. This is an ongoing investigation and we will provide updates on the [Autodesk Trust Center as we learn more](https://www.autodesk.com/trust/overview). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Automation Anywhere | Automation 360 Cloud | | | Fixed | [link](https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Automation Anywhere | Automation 360 On Premise | | | Fixed | [link](https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Automation Anywhere | Automation Anywhere | | 11.x, <11.3x | Fixed | [link](https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Automox | All | | | Unknown | [link](https://blog.automox.com/log4j-critical-vulnerability-scores-a-10) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Autopsy | All | | | Unknown | [link](https://www.autopsy.com/autopsy-and-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Auvik | All | | | Unknown | [link](https://status.auvik.com/incidents/58bfngkz69mj) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Avantra SYSLINK | All | | | Unknown | [link](https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Avaya | Avaya Analytics | 3.5, 3.6, 3.6.1, 3.7, 4 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura for OneCloud Private | | | Unknown | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | Avaya is scanning and monitoring its OneCloud Private environments as part of its management activities. Avaya will continue to monitor this fluid situation and remediations will be made as patches become available, in accordance with appropriate change processes. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Application Enablement Services | 8.1.3.2, 8.1.3.3, 10.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020551u](https://download.avaya.com/css/public/documents/101079386) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Contact Center | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Device Services | 8, 8.1, 8.1.4, 8.1.5 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Device Services | 8.0.1, 8.0.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Media Server | 8.0.0, 8.0.1, 8.0.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020549u](https://download.avaya.com/css/secure/documents/101079316) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Presence Services | 10.1, 7.1.2, 8, 8.0.1, 8.0.2, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Session Manager | 10.1, 7.1.3, 8, 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020550u](https://download.avaya.com/css/public/documents/101079384) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® System Manager | 10.1, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN005565u](https://download.avaya.com/css/secure/documents/101079390) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Web Gateway | 3.11[P], 3.8.1[P], 3.8[P], 3.9.1 [P], 3.9[P] | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Breeze™ | 3.7, 3.8, 3.8.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Application Enablement Services | 8.1.3.2, 8.1.3.3, 10.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020551u](https://download.avaya.com/css/public/documents/101079386) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Contact Center | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Device Services | 8, 8.0.1, 8.0.2, 8.1, 8.1.3, 8.1.4, 8.1.5 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura for OneCloud Private | | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | Avaya is scanning and monitoring its OneCloud Private environments as part of its management activities. Avaya will continue to monitor this fluid situation and remediations will be made as patches become available, in accordance with appropriate change processes. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Media Server | 8.0.0, 8.0.1, 8.0.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020549u](https://download.avaya.com/css/secure/documents/101079316) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Presence Services | 10.1, 7.1.2, 8, 8.0.1, 8.0.2, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Session Manager | 10.1, 7.1.3, 8, 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020550u](https://download.avaya.com/css/public/documents/101079384) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura System Manager | 10.1, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN005565u](https://download.avaya.com/css/secure/documents/101079390) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Web Gateway | 3.11[P], 3.8.1[P], 3.8[P], 3.9.1[P], 3.9[P] | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Breeze | 3.7, 3.8, 3.8.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Contact Center Select | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya CRM Connector - Connected Desktop | 2.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Device Enablement Service | 3.1.22 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Meetings | 9.1.10, 9.1.11, 9.1.12 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya one cloud private -UCaaS - Mid Market Aura | 1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya OneCloud-Private | 2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya OneCloud-Private-UCaaS - Mid Market Aura | 1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Session Border Controller for Enterprise | 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020554u](https://download.avaya.com/css/public/documents/101079394) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Social Media Hub | | | Unknown | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Social Media Hub | | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Workforce Engagement | 5.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Business Rules Engine | 3.4, 3.5, 3.6, 3.7 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Callback Assist | 5, 5.0.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Control Manager | 9.0.2, 9.0.2.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Device Enrollment Service | 3.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Equinox™ Conferencing | 9.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Equinox Conferencing | 9.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Interaction Center | 7.3.9 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | IP Office™ Platform | 11.0.4, 11.1, 11.1.1, 11.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | IP Office Platform | 11.0.4, 11.1, 11.1.1, 11.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Proactive Outreach Manager | 3.1.2, 3.1.3, 4, 4.0.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| AVEPOINT | | | | Unknown | [link](https://www.avepoint.com/company/java-zero-day-vulnerability-notification) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AVM | | | | Unknown | [link](https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AvTech RoomAlert | | | | Unknown | [link](https://avtech.com/articles/23124/java-exploit-room-alert-link/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AWS New | | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AXON | | | | Unknown | [link](https://my.axon.com/s/trust/response-to-log4j2-vuln?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AXS Guard | | | | Unknown | [link](https://www.axsguard.com/en_US/blog/security-news-4/log4j-vulnerability-77) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Axways Applications | | | | Unknown | [link](https://support.axway.com/news/1331/lang/en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AVEPOINT | All | | | Unknown | [link](https://www.avepoint.com/company/java-zero-day-vulnerability-notification) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AVM | All | | | Not Affected | [link](https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C) | devices, firmware, software incl. MyFritz Service. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AvTech RoomAlert | All | | | Unknown | [link](https://avtech.com/articles/23124/java-exploit-room-alert-link/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AXIS | OS | | | Not Affected | [link](https://help.axis.com/axis-os) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AXON | All | | | Unknown | [link](https://my.axon.com/s/trust/response-to-log4j2-vuln?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AXS Guard | All | | | Unknown | [link](https://www.axsguard.com/en_US/blog/security-news-4/log4j-vulnerability-77) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Axways Applications | All | | | Unknown | [link](https://support.axway.com/news/1331/lang/en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | B&R Industrial Automation | APROL | | | Unknown | [link](https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | BackBox | | | | Unknown | [link](https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Balbix | | | | Unknown | [link](https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 54e5782..7f791b8 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -186,7 +186,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: ABB - product: '' + product: AlarmInsight Cloud cves: cve-2021-4104: investigated: false @@ -194,10 +194,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -209,13 +210,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ABB - product: ABB Remote Service + product: B&R Products cves: cve-2021-4104: investigated: false @@ -224,10 +225,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - ABB Remote Platform (RAP) + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -238,13 +239,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ABB - product: AlarmInsight Cloud + product: Remote Service cves: cve-2021-4104: investigated: false @@ -252,10 +254,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - AlarmInsight KPI Dashboards 1.0.0 - fixed_versions: [] + investigated: true + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -267,13 +269,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ABB - product: B&R Products + - vendor: Abbott + product: All cves: cve-2021-4104: investigated: false @@ -282,8 +285,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - See Vendor Advisory + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -297,13 +299,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf - notes: '' + - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html + notes: Details are shared with customers with an active RAP subscription. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: Abbott - product: '' + product: GLP Track System cves: cve-2021-4104: investigated: false @@ -311,8 +313,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Track Sample Manager (TSM) + - Track Workflow Manager (TWM) fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -327,12 +331,13 @@ software: unaffected_versions: [] vendor_links: - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html - notes: '' + notes: Abbott will provide a fix for this in a future update expected in January + 2022. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Abnormal Security - product: Abnormal Security + product: All cves: cve-2021-4104: investigated: false @@ -340,10 +345,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -360,8 +366,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Accellence - product: '' + - vendor: Accellence Technologies + product: EBÜS cves: cve-2021-4104: investigated: false @@ -369,10 +375,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accellence.de/en/articles/cve-2021-44228-62 + notes: EBÜS itself is not vulnerable to CVE-2021-44228. Although it includes several + 3rd-party software setups, which may be affected. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accellence Technologies + product: Vimacc + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -384,7 +422,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.accellence.de/en/articles/national-vulnerability-database-62 + - https://www.accellence.de/en/articles/cve-2021-44228-62 notes: '' references: - '' @@ -415,17 +453,17 @@ software: unaffected_versions: [] vendor_links: - https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/ - notes: '"As a precaution, Kiteworks released a 7.6.1 Hotfix software update to - address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 + notes: As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address + the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems - as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true” - to disable the possible attack vector on both CentOS 6 and CentOS 7."' + as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true" + to disable the possible attack vector on both CentOS 6 and CentOS 7. references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: Acquia - product: '' + - vendor: Accruent + product: Analytics cves: cve-2021-4104: investigated: false @@ -433,9 +471,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -448,13 +487,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228 + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Acronis - product: '' + - vendor: Accruent + product: Asset Enterprise cves: cve-2021-4104: investigated: false @@ -462,10 +501,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -477,13 +517,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security-advisory.acronis.com/advisories/SEC-3859 + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ActiveState - product: '' + - vendor: Accruent + product: BigCenter cves: cve-2021-4104: investigated: false @@ -491,9 +531,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -506,13 +547,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/ + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Adaptec - product: '' + - vendor: Accruent + product: EMS cves: cve-2021-4104: investigated: false @@ -520,10 +561,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -535,13 +577,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Addigy - product: '' + - vendor: Accruent + product: Evoco cves: cve-2021-4104: investigated: false @@ -549,9 +591,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -564,13 +607,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/ + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Adeptia - product: '' + - vendor: Accruent + product: Expesite cves: cve-2021-4104: investigated: false @@ -578,9 +621,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -593,13 +637,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Adobe ColdFusion - product: '' + - vendor: Accruent + product: Famis 360 cves: cve-2021-4104: investigated: false @@ -607,9 +651,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -622,13 +667,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ADP - product: '' + - vendor: Accruent + product: Lucernex cves: cve-2021-4104: investigated: false @@ -636,9 +681,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -651,16 +697,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Advanced Micro Devices (AMD) - product: All + - vendor: Accruent + product: Maintenance Connection cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -669,25 +715,25 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 + - https://www.accruent.com/apache_log4j notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: Active MFT + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Meridian cves: cve-2021-4104: investigated: false @@ -695,9 +741,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -710,14 +757,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Single Sign On (SSO, Central Auth) cves: cve-2021-4104: investigated: false @@ -725,10 +771,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -740,14 +787,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: SiteFM3 cves: cve-2021-4104: investigated: false @@ -755,9 +801,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -770,14 +817,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: SiteFM4 cves: cve-2021-4104: investigated: false @@ -785,9 +831,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -800,14 +847,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: AFAS Software - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Siterra cves: cve-2021-4104: investigated: false @@ -815,9 +861,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -830,13 +877,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.afas.nl/vraagantwoord/NL/SE/120439.htm + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANcart + - vendor: Accruent + product: TMS cves: cve-2021-4104: investigated: false @@ -848,7 +895,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -860,13 +907,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANmobile + - vendor: Accruent + product: VxField cves: cve-2021-4104: investigated: false @@ -878,7 +925,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -890,13 +937,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANServer + - vendor: Accruent + product: VxMaintain cves: cve-2021-4104: investigated: false @@ -906,9 +953,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -920,13 +967,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANsuite + - vendor: Accruent + product: VxObserve cves: cve-2021-4104: investigated: false @@ -936,9 +983,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -950,13 +997,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANupdate + - vendor: Accruent + product: VxSustain cves: cve-2021-4104: investigated: false @@ -966,9 +1013,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -980,13 +1027,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANweb + - vendor: Acquia + product: All cves: cve-2021-4104: investigated: false @@ -994,11 +1041,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1010,13 +1056,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Agilysys - product: '' + - vendor: Acronis + product: Backup cves: cve-2021-4104: investigated: false @@ -1024,10 +1070,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '11.7' cve-2021-45046: investigated: false affected_versions: [] @@ -1039,13 +1086,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Akamai - product: SIEM Splunk Connector + - vendor: Acronis + product: Cyber Backup cves: cve-2021-4104: investigated: false @@ -1054,10 +1101,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '12.5' cve-2021-45046: investigated: false affected_versions: [] @@ -1069,13 +1116,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://splunkbase.splunk.com/app/4310/ - notes: v1.4.11 is the new recommendation for mitigation of log4j vulnerabilities + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Alcatel - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Cyber Files cves: cve-2021-4104: investigated: false @@ -1083,10 +1130,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.6.2 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -1098,13 +1146,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dokuwiki.alu4u.com/doku.php?id=log4j + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alertus - product: '' + - vendor: Acronis + product: Cyber Infrastructure cves: cve-2021-4104: investigated: false @@ -1112,10 +1160,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '3.5' + - 4.x cve-2021-45046: investigated: false affected_versions: [] @@ -1127,13 +1177,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alexion - product: '' + - vendor: Acronis + product: Cyber Protect cves: cve-2021-4104: investigated: false @@ -1141,10 +1191,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '15' cve-2021-45046: investigated: false affected_versions: [] @@ -1156,13 +1207,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alfresco - product: '' + - vendor: Acronis + product: Cyber Protection Home Office cves: cve-2021-4104: investigated: false @@ -1170,10 +1221,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2017 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -1185,13 +1237,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717 + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AlienVault - product: '' + - vendor: Acronis + product: DeviceLock DLP cves: cve-2021-4104: investigated: false @@ -1199,10 +1251,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '9.0' cve-2021-45046: investigated: false affected_versions: [] @@ -1214,13 +1267,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228 + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alphatron Medical - product: '' + - vendor: Acronis + product: Files Connect cves: cve-2021-4104: investigated: false @@ -1228,10 +1281,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 10.7 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -1243,13 +1297,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.alphatronmedical.com/home.html + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: Athena + - vendor: Acronis + product: MassTransit cves: cve-2021-4104: investigated: false @@ -1257,10 +1311,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '8.1' + - '8.2' cve-2021-45046: investigated: false affected_versions: [] @@ -1272,13 +1328,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS + - vendor: Acronis + product: Snap Deploy cves: cve-2021-4104: investigated: false @@ -1290,8 +1346,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Linux 1 - - '2' + - '5' + - '6' cve-2021-45046: investigated: false affected_versions: [] @@ -1302,16 +1358,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: 'Notes: Amazon Linux 1 had aws apitools which were Java based but these - were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). - AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 - and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2' + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Amazon - product: AWS API Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ActiveState + product: All cves: cve-2021-4104: investigated: false @@ -1319,10 +1373,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1335,13 +1388,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Amazon - product: AWS CloudHSM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: '360' cves: cve-2021-4104: investigated: false @@ -1350,10 +1403,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 3.4.1. + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1365,13 +1418,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS Connect + - vendor: Acunetix + product: Agents cves: cve-2021-4104: investigated: false @@ -1381,9 +1434,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - All - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1395,15 +1448,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Vendors recommend evaluating components of the environment outside of the - Amazon Connect service boundary, which may require separate/additional customer - mitigation + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Amazon - product: AWS DynamoDB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: Application cves: cve-2021-4104: investigated: false @@ -1413,9 +1464,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1427,13 +1478,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS EKS, ECS, Fargate + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - ASP.NET cves: cve-2021-4104: investigated: false @@ -1442,10 +1493,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1457,19 +1508,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: To help mitigate the impact of the open-source Apache “Log4j2" utility - (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, - Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). - This hot-patch will require customer opt-in to use, and disables JNDI lookups - from the Log4J2 library in customers’ containers. These updates are available - as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes - users on AWS, and will be in supported AWS Fargate platform versions + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Amazon - product: AWS ElastiCache + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - NodeJS cves: cve-2021-4104: investigated: false @@ -1479,9 +1524,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1493,13 +1538,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS ELB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - PHP cves: cve-2021-4104: investigated: false @@ -1509,9 +1554,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1523,13 +1568,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Amazon - product: AWS Inspector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST-Java cves: cve-2021-4104: investigated: false @@ -1540,7 +1585,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -1553,13 +1598,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: AcuSensor IAST module needs attention. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS Kinesis Data Stream + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adaptec + product: All cves: cve-2021-4104: investigated: false @@ -1567,9 +1612,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Unknown + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1583,17 +1627,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: We are actively patching all sub-systems that use Log4j2 by applying updates. - The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library - (KPL) are not impacted. For customers using KCL 1.x, we have released an updated - version and we strongly recommend that all KCL version 1.x customers upgrade - to KCL version 1.14.5 (or higher) + - https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Amazon - product: AWS Lambda + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Addigy + product: All cves: cve-2021-4104: investigated: false @@ -1601,9 +1641,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Unknown + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1617,13 +1656,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS Lambda + - vendor: Adeptia + product: Connect cves: cve-2021-4104: investigated: false @@ -1632,9 +1671,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '3.3' + - '3.4' + - '3.5' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1647,13 +1688,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS RDS + - vendor: Adeptia + product: Suite cves: cve-2021-4104: investigated: false @@ -1664,7 +1705,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - 6.9.9 + - 6.9.10 + - 6.9.11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1677,14 +1720,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified - in CVE-2021-44228 + - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS S3 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Automated Forms Conversion Service cves: cve-2021-4104: investigated: false @@ -1693,9 +1735,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - Unknown + affected_versions: + - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1708,13 +1750,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Amazon - product: AWS SNS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: ColdFusion cves: cve-2021-4104: investigated: false @@ -1725,7 +1767,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1738,15 +1780,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon SNS systems that serve customer traffic are patched against the - Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate - separately from SNS’s systems that serve customer traffic + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Amazon - product: AWS SQS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.3 Forms on JEE cves: cve-2021-4104: investigated: false @@ -1757,7 +1797,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - All versions from 6.3 GA to 6.3.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1770,13 +1810,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Amazon - product: CloudFront + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.4 Forms Designer cves: cve-2021-4104: investigated: false @@ -1784,8 +1824,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1799,13 +1840,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: CloudWatch + - vendor: Adobe + product: Experience Manager 6.4 Forms on JEE cves: cve-2021-4104: investigated: false @@ -1813,9 +1854,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All versions from 6.4 GA to 6.4.8 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1828,13 +1870,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: EC2 + - vendor: Adobe + product: Experience Manager 6.5 Forms Designer cves: cve-2021-4104: investigated: false @@ -1844,9 +1886,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Amazon Linux 1 & 2 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1858,13 +1900,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Amazon - product: ELB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.5 Forms on JEE cves: cve-2021-4104: investigated: false @@ -1872,9 +1914,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All versions from 6.5 GA to 6.5.11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1887,13 +1930,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: KMS + - vendor: Adobe + product: Experience Manager Forms on OSGi cves: cve-2021-4104: investigated: false @@ -1901,10 +1944,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1916,13 +1960,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: OpenSearch + - vendor: Adobe + product: Experience Manager Forms Workbench cves: cve-2021-4104: investigated: false @@ -1931,10 +1975,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1946,13 +1990,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: RDS + - vendor: ADP + product: All cves: cve-2021-4104: investigated: false @@ -1975,42 +2019,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: Route 53 + - vendor: Advanced Micro Devices (AMD) + product: All cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: S3 + last_updated: '2022-02-02T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: Active MFT cves: cve-2021-4104: investigated: false @@ -2018,10 +2063,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2033,13 +2079,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: Translate + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT cves: cve-2021-4104: investigated: false @@ -2047,10 +2094,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2062,13 +2110,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/translate/ - notes: Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: VPC + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT Gateway cves: cve-2021-4104: investigated: false @@ -2076,10 +2125,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2091,13 +2141,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AMD - product: All + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT Server cves: cve-2021-4104: investigated: false @@ -2105,10 +2156,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2120,14 +2172,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 - notes: Currently, no AMD products have been identified as affected. AMD is continuing - its analysis. + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Anaconda - product: Anaconda + last_updated: '2021-12-14T00:00:00' + - vendor: AFHCAN Global LLC + product: AFHCANcart cves: cve-2021-4104: investigated: false @@ -2139,7 +2191,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 4.10.3 + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2151,13 +2203,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.conda.io/projects/conda/en/latest/index.html + - https://afhcan.org/support.aspx notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Apache - product: ActiveMQ Artemis + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANmobile cves: cve-2021-4104: investigated: false @@ -2169,7 +2221,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2181,18 +2233,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://activemq.apache.org/news/cve-2021-44228 - notes: ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 - is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). - Although this version of Log4j is not impacted by CVE-2021-44228 future versions - of Artemis will be updated so that the Log4j jar is no longer included in the - web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) - for more information on that task. + - https://afhcan.org/support.aspx + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Apache - product: Airflow + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANServer cves: cve-2021-4104: investigated: false @@ -2200,10 +2247,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2215,13 +2263,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/apache/airflow/tree/main/airflow - notes: Airflow is written in Python + - https://afhcan.org/support.aspx + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apache - product: Camel + - vendor: AFHCAN Global LLC + product: AFHCANsuite cves: cve-2021-4104: investigated: false @@ -2230,11 +2278,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.14.1.3.11.5 - - 3.7.7 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2246,17 +2293,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ - notes: Apache Camel does not directly depend on Log4j 2, so we are not affected - by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own - applications, make sure to upgrade.Apache Camel does use log4j during testing - itself, and therefore you can find that we have been using log4j v2.13.3 release - in our latest LTS releases Camel 3.7.6, 3.11.4. + - https://afhcan.org/support.aspx + notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel 2 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANupdate cves: cve-2021-4104: investigated: false @@ -2264,10 +2307,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2279,13 +2323,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://afhcan.org/support.aspx notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel JBang + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANweb cves: cve-2021-4104: investigated: false @@ -2294,10 +2338,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <=3.1.4 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2309,13 +2353,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://afhcan.org/support.aspx notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel K + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Agilysys + product: All cves: cve-2021-4104: investigated: false @@ -2338,13 +2382,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel Karaf + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: Mobile cves: cve-2021-4104: investigated: false @@ -2352,10 +2396,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.6+ cve-2021-45046: investigated: false affected_versions: [] @@ -2367,14 +2412,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ - notes: The Karaf team is aware of this and are working on a new Karaf 4.3.4 release - with updated log4j. + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j + notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel Quarkus + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: Other products cves: cve-2021-4104: investigated: false @@ -2382,10 +2426,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - version 8.5.4.86 (and above) cve-2021-45046: investigated: false affected_versions: [] @@ -2397,13 +2442,5229 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: PRD + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '2.0' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AIL + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/ail_project/status/1470373644279119875 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Akamai + product: Enterprise Application Access (EAA) Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Akamai + product: SIEM Integration Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - <1.7.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, CVE-2021-45046 + and CVE-2021-45105. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Akamai + product: SIEM Splunk Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 1.4.10 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: Akamai SIEM Integration Connector for Splunk is not vulnerable to CVE-2021-44228. + Although it includes the vulnerable Log4J component, it is not used by the connector. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Alcatel + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://dokuwiki.alu4u.com/doku.php?id=log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alertus + product: Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.15.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alexion + product: Alexion CRM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alfresco + product: Alfresco + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AlienVault + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: AmiSconnect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: Custo Diagnostics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '5.4' + - '5.6' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: JiveX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: Zorgbericht + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Work in progress, portion of customers may still be vulnerable. Actively + monitoring this issue, and are working on addressing it for any AMS services + which use Log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: API Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: Athena + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: Athena JDBC Driver + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: All versions vended to customers were not affected. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Linux 1 + - '2' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: Amazon Linux 1 had aws apitools which were Java based but these were deprecated + in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). + AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 + and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS AppFlow + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS AppSync + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS Certificate Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS Certificate Manager Private CA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS CloudHSM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 3.4.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: CloudHSM JCE SDK 3.4.1 or higher is not vulnerable. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS CodeBuild + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS CodePipeline + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Vendors recommend evaluating components of the environment outside of the + Amazon Connect service boundary, which may require separate/additional customer + mitigation. + references: + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: Amazon + product: AWS Directory Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: Amazon + product: AWS DynamoDB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ECS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 + and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon + ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch + will require customer opt-in to use, and disables JNDI lookups from the Log4J2 + library in customers’ containers. These updates are available as an Amazon Linux + package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, + and will be in supported AWS Fargate platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS EKS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 + and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon + ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch + will require customer opt-in to use, and disables JNDI lookups from the Log4J2 + library in customers’ containers. These updates are available as an Amazon Linux + package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, + and will be in supported AWS Fargate platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Elastic Beanstalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Default configuration of applications usage of Log4j versions is not vulnerable. + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ElastiCache + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ELB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Fargate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available + as platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Has been updated. Vulnerable only if ETL jobs load affected versions of + Apache Log4j. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Greengrass + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updates for all Greengrass V2 components Stream Manager (2.0.14) and Secure + Tunneling (1.0.6) are available. For Greengrass versions 1.10.x and 1.11.x, + an update for the Stream Manager feature is included in Greengrass patch versions + 1.10.5 and 1.11.5. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Inspector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS IoT SiteWise Edge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updates for all AWS IoT SiteWise Edge components that use Log4j were made + available; OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher + (v2.0.2). + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS Kinesis Data Streams + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: We are actively patching all sub-systems that use Log4j2 by applying updates. + The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library + (KPL) are not impacted. For customers using KCL 1.x, we have released an updated + version and we strongly recommend that all KCL version 1.x customers upgrade + to KCL version 1.14.5 (or higher). KCL 2.x, KCL 1.14.5 or higher, and KPL are + not vulnerable. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS KMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Lambda + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Vulnerable when using aws-lambda-java-log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Polly + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS QuickSight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS RDS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified + in CVE-2021-44228. + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS S3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS SDK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS Secrets Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS Service Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS SNS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon SNS systems that serve customer traffic are patched against the + Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate + separately from SNS’s systems that serve customer traffic. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS SQS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Systems Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Systems Manager Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Textract + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: Chime + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon Chime and Chime SDK services have been updated to mitigate the issues + identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Cloud Directory + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: CloudFront + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: CloudWatch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Cognito + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Corretto + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: 10/19 release distribution does not include Log4j. Vulnerable only if customers + applications use affected versions of Apache Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: DocumentDB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: EC2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux + 2022 is affected. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: ECR Public + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon-owned images published under a Verified Account on Amazon ECR Public + are not affected by the Log4j issue. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: Elastic Load Balancing + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Services have been updated. All Elastic Load Balancers, as well as Classic, + Application, Network and Gateway, are not affected by this Log4j issue. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: EMR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Many customers are estimated to be vulnerable. Vulnerable only if affected + EMR releases are used and untrusted sources are configured to be processed. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: EventBridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Fraud Detector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Inspector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Inspector Classic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kafka (MSK) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Applying updates as required, portion of customers may still be vulnerable. + Some MSK-specific service components use Log4j > 2.0.0 library and are being + patched where needed. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kendra + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Keyspaces (for Apache Cassandra) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kinesis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kinesis Data Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lake Formation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Update in progress, portion of customers may still be vulnerable. AWS Lake + Formation service hosts are being updated to the latest version of Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lex + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Linux (AL1) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM + layer issue is available. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Linux (AL2) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: By default not vulnerable, and a new version of Amazon Kinesis Agent which + is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate the Log4j + issue in JVM layer is available. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lookout for Equipment + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Macie + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Macie Classic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Managed Workflows for Apache Airflow (MWAA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: MemoryDB for Redis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Monitron + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: MQ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Neptune + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: NICE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Recommended to update EnginFrame or Log4j library. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: OpenSearch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - R20211203-P2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Update released, customers need to update their clusters to the fixed release. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Pinpoint + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: RDS Aurora + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: RDS for Oracle + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Redshift + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Rekognition + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Route 53 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: SageMaker + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Completed patching for the Apache Log4j2 issue (CVE-2021-44228). Vulnerable + only if customers applications use affected versions of Apache Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Simple Notification Service (SNS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Systems that serve customer traffic are patched against the Log4j2 issue. + Working to apply the patch to sub-systems that operate separately from SNSs + systems that serve customer traffic. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Simple Queue Service (SQS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Simple Workflow Service (SWF) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Single Sign-On + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Step Functions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Timestream + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Translate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/translate/ + notes: Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: VPC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: WorkSpaces/AppStream 2.0 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Not affected with default configurations. WorkDocs Sync client versions + 1.2.895.1 and older within Windows WorkSpaces, which contain the Log4j component, + are vulnerable; For update instruction, see source for more info. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AMD + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 + notes: Currently, no AMD products have been identified as affected. AMD is continuing + its analysis. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Anaconda + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 4.10.3 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.conda.io/projects/conda/en/latest/index.html + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: AOMEI + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.aomeitech.com/forum/index.php?p=/discussion/7651/aomei-and-log4j + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: ActiveMQ Artemis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://activemq.apache.org/news/cve-2021-44228 + notes: ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 + is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). + Although this version of Log4j is not impacted by CVE-2021-44228 future versions + of Artemis will be updated so that the Log4j jar is no longer included in the + web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) + for more information on that task. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: Airflow + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Airflow is written in Python + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Archiva + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.2.6 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 2.2.6. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Camel + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: Apache Camel does not directly depend on Log4j 2, so we are not affected + by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own + applications, make sure to upgrade.Apache Camel does use log4j during testing + itself, and therefore you can find that we have been using log4j v2.13.3 release + in our latest LTS releases Camel 3.7.6, 3.11.4. + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel 2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel JBang + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <=3.1.4 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel K + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel Kafka Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel Karaf + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: The Karaf team is aware of this and are working on a new Karaf 4.3.4 release + with updated log4j. + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel Quarkus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Cassandra + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://lists.apache.org/thread/2rngylxw8bjos6xbo1krp29m9wn2hhdr + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Druid + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 0.22.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/apache/druid/releases/tag/druid-0.22.1 + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Dubbo + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/apache/dubbo/issues/9380 + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Flink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.15.0 + - 1.14.2 + - 1.13.5 + - 1.12.7 + - 1.11.6 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://flink.apache.org/2021/12/10/log4j-cve.html + notes: To clarify and avoid confusion, the 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, + which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped + because CVE-2021-45046 was discovered during the release publication. The new + 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j + to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. + references: + - '[https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html)' + last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Fortress + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 2.0.7 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 2.0.7. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Geode + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.14.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.12.6, 1.13.5, 1.14.1. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Guacamole + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Hadoop + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: HBase + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Hive + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: James + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 3.6.0 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Jena + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 4.3.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: JMeter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: JSPWiki + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.11.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Kafka + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kafka.apache.org/cve-list + notes: Uses Log4j 1.2.17. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Log4j 1.x + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://logging.apache.org/log4j/2.x/security.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Log4j 2.x + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.17.1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://logging.apache.org/log4j/2.x/security.html + notes: Fixed in Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6). + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Maven + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: NiFi + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.15.1, 1.16.0. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: OFBiz + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 18.12.03 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Ozone + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 1.2.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.15.1, 1.16.0. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: SkyWalking + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 8.9.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: SOLR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 7.4.0 to 7.7.3 + - 8.0.0 to 8.11.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 + notes: Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several + configurations. + references: + - '[Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html)' + last_updated: '2021-12-16T00:00:00' + - vendor: Apache + product: Spark + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Uses log4j 1.x + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Struts + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.5.28 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Struts 2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Versions before 2.5.28.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://struts.apache.org/announce-2021 + notes: The Apache Struts group is pleased to announce that Struts 2.5.28.1 is + available as a General Availability release. The GA designation is our highest + quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by + using the latest Log4j 2.12.2 version (Java 1.7 compatible). + references: + - '[Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga)' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: Tapestry + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 5.7.3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Tika + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.0.0 and up + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Tomcat + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://tomcat.apache.org/security-9.html + notes: Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications + deployed on Apache Tomcat may have a dependency on log4j. You should seek support + from the application vendor in this instance. It is possible to configure Apache + Tomcat 9.0.x to use log4j 2.x for Tomcats internal logging. This requires explicit + configuration and the addition of the log4j 2.x library. Anyone who has switched + Tomcats internal logging to log4j 2.x is likely to need to address this vulnerability. + In most cases, disabling the problematic feature will be the simplest solution. + Exactly how to do that depends on the exact version of log4j 2.x being used. + Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: TrafficControl + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache - product: CamelKafka Connector + product: ZooKeeper + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: APC by Schneider Electric + product: Powerchute Business Edition + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v9.5 + - v10.0.1 + - v10.0.2 + - v10.0.3 + - v10.0.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 + notes: Mitigation instructions to remove the affected class. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: APC by Schneider Electric + product: Powerchute Network Shutdown + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4.2' + - '4.3' + - '4.4' + - 4.4.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 + notes: Mitigation instructions to remove the affected class. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Apereo + product: CAS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 6.3.x + - 6.4.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apereo.github.io/2021/12/11/log4j-vuln/ + notes: Other versions still in active maintainance might need manual inspection. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apereo + product: Opencast + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 9.10 + - < 10.6 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apigee + product: Edge and OPDK products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://status.apigee.com/incidents/3cgzb0q2r10p + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apollo + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.apollographql.com/t/log4j-vulnerability/2214 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Appdynamics + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Appeon + product: PowerBuilder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Appeon PowerBuilder 2017-2021 regardless of product edition + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.appeon.com/index.php/qna/q-a/apache-log4j-security-vulnerabilities + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: AppGate + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Appian + product: Appian Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046 + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Application Performance Ltd + product: DBMarlin + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: APPSHEET + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aptible + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Search 5.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aqua Security + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arbiter Systems + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arbiter.com/news/index.php?id=4403 + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: ARC Informatique + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1 + notes: '' + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Arca Noae + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arcserve + product: Arcserve Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Arcserve Continuous Availability + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Arcserve Email Archiving + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Arcserve UDP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 6.5-8.3 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: ShadowProtect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: ShadowXafe + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Solo cves: cve-2021-4104: investigated: false @@ -2411,10 +7672,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: StorageCraft OneXafe + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2426,13 +7718,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Druid + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: ArcticWolf + product: All cves: cve-2021-4104: investigated: false @@ -2440,9 +7732,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < druid 0.22.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2456,13 +7747,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/apache/druid/releases/tag/druid-0.22.1 + - https://arcticwolf.com/resources/blog/log4j notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Apache - product: Flink + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arduino + product: IDE cves: cve-2021-4104: investigated: false @@ -2473,10 +7764,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 1.14.2 - - 1.13.5 - - 1.12.7 - - 1.11.6 + - 1.8.17 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2489,17 +7777,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://flink.apache.org/2021/12/10/log4j-cve.html - notes: 'To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 - releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were - skipped because CVE-2021-45046 was discovered during the release publication. - The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade - for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046.' + - https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228 + notes: '' references: - - '[https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html)' - last_updated: '2021-12-12T00:00:00' - - vendor: Apache - product: Kafka + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ariba + product: All cves: cve-2021-4104: investigated: false @@ -2507,11 +7791,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2523,14 +7806,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kafka.apache.org/cve-list - notes: The current DB lists Apache Kafka as impacted. Apache Kafka uses Log4jv1, - not v2. + - https://connectsupport.ariba.com/sites#announcements-display&/Event/908469 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Apache - product: Kafka + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: Analytics Node for Converged Cloud Fabric cves: cve-2021-4104: investigated: false @@ -2540,7 +7822,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Unknown + - '>7.0.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2554,13 +7836,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://logging.apache.org/log4j/2.x/security.html - notes: Only vulnerable in certain configuration(s) + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Cloud Fabric references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apache - product: Log4j + - vendor: Arista + product: Analytics Node for DANZ Monitoring Fabric cves: cve-2021-4104: investigated: false @@ -2570,7 +7852,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.15.0 + - '>7.0.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2584,13 +7866,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://logging.apache.org/log4j/2.x/security.html - notes: '' + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Monitoring Fabric references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apache - product: Solr + - vendor: Arista + product: CloudVision Portal cves: cve-2021-4104: investigated: false @@ -2599,10 +7881,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - 7.4.0 to 7.7.3 - - 8.0.0 to 8.11.0 + affected_versions: + - '>2019.1.0' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -2615,13 +7896,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 - notes: Update to 8.11.1 or apply fixes as described in Solr security advisory + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: '' references: - - '[Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html)' - last_updated: '2021-12-16T00:00:00' - - vendor: Apache - product: Struts 2 + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: CloudVision Wi-Fi, virtual or physical appliance cves: cve-2021-4104: investigated: false @@ -2629,9 +7910,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - Versions before 2.5.28.1 + - '>8.8' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2645,16 +7926,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://struts.apache.org/announce-2021 - notes: The Apache Struts group is pleased to announce that Struts 2.5.28.1 is - available as a “General Availability” release. The GA designation is our highest - quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by - using the latest Log4j 2.12.2 version (Java 1.7 compatible). + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: '' references: - - '[Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga)' - last_updated: '2021-12-21T00:00:00' - - vendor: Apache - product: Tomcat + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: Embedded Analytics for Converged Cloud Fabric cves: cve-2021-4104: investigated: false @@ -2662,9 +7940,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - 9.0.x + - '>5.3.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2678,21 +7956,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tomcat.apache.org/security-9.html - notes: Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications - deployed on Apache Tomcat may have a dependency on log4j. You should seek support - from the application vendor in this instance. It is possible to configure Apache - Tomcat 9.0.x to use log4j 2.x for Tomcat's internal logging. This requires explicit - configuration and the addition of the log4j 2.x library. Anyone who has switched - Tomcat's internal logging to log4j 2.x is likely to need to address this vulnerability. - In most cases, disabling the problematic feature will be the simplest solution. - Exactly how to do that depends on the exact version of log4j 2.x being used. - Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Cloud Fabric references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: APC by Schneider Electric - product: Powerchute Business Edition + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: AirWave Management Platform cves: cve-2021-4104: investigated: false @@ -2702,13 +7972,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - v9.5 - - v10.0.1 - - v10.0.2 - - v10.0.3 - - v10.0.4 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2720,13 +7986,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 - notes: Mitigation instructions to remove the affected class. + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: APC by Schneider Electric - product: Powerchute Network Shutdown + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Analytics and Location Engine cves: cve-2021-4104: investigated: false @@ -2736,12 +8002,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '4.2' - - '4.3' - - '4.4' - - 4.4.1 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2753,13 +8016,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 - notes: Mitigation instructions to remove the affected class. + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Apereo - product: CAS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS SD-WAN Gateways cves: cve-2021-4104: investigated: false @@ -2768,10 +8031,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.3.x & 6.4.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2783,13 +8046,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://apereo.github.io/2021/12/11/log4j-vuln/ + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apereo - product: Opencast + - vendor: Aruba Networks + product: ArubaOS Wi-Fi Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -2798,11 +8061,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 9.10 - - < 10.6 + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS-CX Switches + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2814,13 +8106,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apigee - product: '' + - vendor: Aruba Networks + product: ArubaOS-S Switches cves: cve-2021-4104: investigated: false @@ -2828,10 +8120,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Central + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2843,13 +8166,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.apigee.com/incidents/3cgzb0q2r10p + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apollo - product: '' + - vendor: Aruba Networks + product: Central On-Prem cves: cve-2021-4104: investigated: false @@ -2857,10 +8180,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2872,13 +8196,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.apollographql.com/t/log4j-vulnerability/2214 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Appdynamics - product: '' + - vendor: Aruba Networks + product: ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -2886,10 +8210,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2901,13 +8226,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Appeon - product: PowerBuilder + - vendor: Aruba Networks + product: EdgeConnect cves: cve-2021-4104: investigated: false @@ -2916,10 +8241,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Appeon PowerBuilder 2017-2021 regardless of product edition + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2930,13 +8255,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: AppGate - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Fabric Composer (AFC) cves: cve-2021-4104: investigated: false @@ -2944,10 +8270,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2959,13 +8286,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Appian - product: Appian Platform + - vendor: Aruba Networks + product: HP ProCurve Switches cves: cve-2021-4104: investigated: false @@ -2975,9 +8302,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2989,13 +8316,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Application Performance Ltd - product: DBMarlin + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant cves: cve-2021-4104: investigated: false @@ -3003,11 +8330,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - Not Affected + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3018,13 +8345,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Application Performance Ltd - product: DBMarlin + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant Access Points cves: cve-2021-4104: investigated: false @@ -3032,10 +8360,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3047,13 +8376,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: APPSHEET - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant On cves: cve-2021-4104: investigated: false @@ -3061,10 +8390,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3076,13 +8406,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Aptible - product: Aptible + - vendor: Aruba Networks + product: IntroSpect cves: cve-2021-4104: investigated: false @@ -3091,9 +8421,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - ElasticSearch 5.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Versions 2.5.0.0 to 2.5.0.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -3106,13 +8436,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Aqua Security - product: '' + - vendor: Aruba Networks + product: Legacy GMS Products cves: cve-2021-4104: investigated: false @@ -3120,9 +8450,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3135,13 +8466,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arbiter Systems - product: All + - vendor: Aruba Networks + product: Legacy NX cves: cve-2021-4104: investigated: false @@ -3149,10 +8480,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3164,13 +8496,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arbiter.com/news/index.php?id=4403 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: ARC Informatique - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy VRX cves: cve-2021-4104: investigated: false @@ -3181,7 +8513,8 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3193,13 +8526,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Arca Noae - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy VX cves: cve-2021-4104: investigated: false @@ -3207,10 +8540,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3222,13 +8556,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/ + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arcserve - product: Arcserve Backup + - vendor: Aruba Networks + product: NetEdit cves: cve-2021-4104: investigated: false @@ -3240,7 +8574,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3252,13 +8586,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Arcserve Continuous Availability + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Plexxi Composable Fabric Manager (CFM) cves: cve-2021-4104: investigated: false @@ -3270,7 +8604,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3282,13 +8616,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Arcserve Email Archiving + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Silver Peak Orchestrator cves: cve-2021-4104: investigated: false @@ -3298,9 +8632,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3312,13 +8646,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Arcserve UDP + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: User Experience Insight (UXI) cves: cve-2021-4104: investigated: false @@ -3330,7 +8664,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 6.5-8.3 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3342,13 +8676,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: ShadowProtect + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: VIA Clients cves: cve-2021-4104: investigated: false @@ -3360,7 +8694,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3372,13 +8706,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: ShadowXafe + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ataccama + product: All cves: cve-2021-4104: investigated: false @@ -3386,11 +8720,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3402,13 +8735,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Solo + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atera + product: All cves: cve-2021-4104: investigated: false @@ -3416,11 +8749,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3432,13 +8764,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/ notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: StorageCraft OneXafe + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Bamboo Server & Data Center cves: cve-2021-4104: investigated: false @@ -3447,10 +8779,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On Prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3462,13 +8794,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: Only vulnerable when using non-default config, cloud version fixed. references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: ArcticWolf - product: '' + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Bitbucket Server & Data Center cves: cve-2021-4104: investigated: false @@ -3476,9 +8808,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - On prem unaffected_versions: [] cve-2021-45046: investigated: false @@ -3491,13 +8824,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://arcticwolf.com/resources/blog/log4j - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: This product is not vulnerable to remote code execution but may leak information + due to the bundled Elasticsearch component being vulnerable. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arduino - product: '' + - vendor: Atlassian + product: Confluence Server & Data Center cves: cve-2021-4104: investigated: false @@ -3505,8 +8839,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - On prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3520,13 +8855,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228 - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: Only vulnerable when using non-default config, cloud version fixed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ariba - product: '' + - vendor: Atlassian + product: Confluence-CIS CSAT Pro cves: cve-2021-4104: investigated: false @@ -3534,8 +8869,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v1.7.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3549,13 +8885,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://connectsupport.ariba.com/sites#announcements-display&/Event/908469 + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arista - product: '' + - vendor: Atlassian + product: Confluence-CIS WorkBench cves: cve-2021-4104: investigated: false @@ -3563,10 +8899,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3578,13 +8915,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Aruba Networks - product: '' + - vendor: Atlassian + product: Confluence-CIS-CAT Lite cves: cve-2021-4104: investigated: false @@ -3592,8 +8929,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v4.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3607,13 +8945,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjEwMTQ0;notificationCategory=Security + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ataccama - product: '' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v3 Full and Dissolvable cves: cve-2021-4104: investigated: false @@ -3621,8 +8959,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v3.0.77 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3636,13 +8975,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Atera - product: '' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v4 cves: cve-2021-4104: investigated: false @@ -3650,8 +8989,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v4.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3665,13 +9005,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/ + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian - product: Bamboo Server & Data Center + product: Confluence-CIS-CAT Pro Assessor v4 Service cves: cve-2021-4104: investigated: false @@ -3680,10 +9020,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - v1.13.0 fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3696,13 +9036,12 @@ software: unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian - product: Bitbucket Server & Data Center + product: Confluence-CIS-CAT Pro Dashboard cves: cve-2021-4104: investigated: false @@ -3711,10 +9050,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3727,13 +9066,12 @@ software: unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product is not vulnerable to remote code execution but may leak information - due to the bundled Elasticsearch component being vulnerable. + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian - product: Confluence Server & Data Center + product: Confluence-CIS-Hosted CSAT cves: cve-2021-4104: investigated: false @@ -3745,7 +9083,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3758,8 +9096,7 @@ software: unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -3773,10 +9110,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3804,10 +9141,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3835,10 +9172,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3866,10 +9203,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3887,8 +9224,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Attivo networks - product: '' + - vendor: Attivo Networks + product: All cves: cve-2021-4104: investigated: false @@ -3949,7 +9286,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: AudioCodes - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3978,7 +9315,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Autodesk - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4013,8 +9350,8 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Automox - product: '' + - vendor: Automation Anywhere + product: Automation 360 Cloud cves: cve-2021-4104: investigated: false @@ -4022,10 +9359,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Automation Anywhere + product: Automation 360 On Premise + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4037,13 +9406,46 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.automox.com/log4j-critical-vulnerability-scores-a-10 - notes: '' + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Autopsy - product: '' + - vendor: Automation Anywhere + product: Automation Anywhere + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 11.x + - <11.3x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Automox + product: All cves: cve-2021-4104: investigated: false @@ -4066,13 +9468,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.autopsy.com/autopsy-and-log4j-vulnerability/ + - https://blog.automox.com/log4j-critical-vulnerability-scores-a-10 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Auvik - product: '' + - vendor: Autopsy + product: All cves: cve-2021-4104: investigated: false @@ -4095,13 +9497,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.auvik.com/incidents/58bfngkz69mj + - https://www.autopsy.com/autopsy-and-log4j-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Avantra SYSLINK - product: '' + - vendor: Auvik + product: All cves: cve-2021-4104: investigated: false @@ -4124,13 +9526,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability + - https://status.auvik.com/incidents/58bfngkz69mj notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Avaya - product: Avaya Analytics + - vendor: Avantra SYSLINK + product: All cves: cve-2021-4104: investigated: false @@ -4138,13 +9540,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '3.5' - - '3.6' - - 3.6.1 - - '3.7' - - '4' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4158,13 +9555,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + - https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Avaya - product: Avaya Aura for OneCloud Private + product: Avaya Analytics cves: cve-2021-4104: investigated: false @@ -4172,8 +9569,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '3.5' + - '3.6' + - 3.6.1 + - '3.7' + - '4' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4188,15 +9590,12 @@ software: unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: Avaya is scanning and monitoring its OneCloud Private environments as part - of its management activities. Avaya will continue to monitor this fluid situation - and remediations will be made as patches become available, in accordance with - appropriate change processes. + notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Application Enablement Services + product: Avaya Aura Application Enablement Services cves: cve-2021-4104: investigated: false @@ -4228,7 +9627,7 @@ software: - '[PSN020551u](https://download.avaya.com/css/public/documents/101079386)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Contact Center + product: Avaya Aura Contact Center cves: cve-2021-4104: investigated: false @@ -4262,7 +9661,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Device Services + product: Avaya Aura Device Services cves: cve-2021-4104: investigated: false @@ -4273,7 +9672,10 @@ software: investigated: true affected_versions: - '8' + - 8.0.1 + - 8.0.2 - '8.1' + - 8.1.3 - 8.1.4 - 8.1.5 fixed_versions: [] @@ -4295,7 +9697,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Device Services + product: Avaya Aura for OneCloud Private cves: cve-2021-4104: investigated: false @@ -4305,9 +9707,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 8.0.1 - - 8.0.2 - - 8.1.3 + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4322,12 +9722,15 @@ software: unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' + notes: Avaya is scanning and monitoring its OneCloud Private environments as part + of its management activities. Avaya will continue to monitor this fluid situation + and remediations will be made as patches become available, in accordance with + appropriate change processes. references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Media Server + product: Avaya Aura Media Server cves: cve-2021-4104: investigated: false @@ -4359,7 +9762,7 @@ software: - '[PSN020549u](https://download.avaya.com/css/secure/documents/101079316)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Presence Services + product: Avaya Aura Presence Services cves: cve-2021-4104: investigated: false @@ -4398,7 +9801,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Session Manager + product: Avaya Aura Session Manager cves: cve-2021-4104: investigated: false @@ -4435,7 +9838,7 @@ software: - '[PSN020550u](https://download.avaya.com/css/public/documents/101079384)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® System Manager + product: Avaya Aura System Manager cves: cve-2021-4104: investigated: false @@ -4466,7 +9869,7 @@ software: - '[PSN005565u](https://download.avaya.com/css/secure/documents/101079390)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Web Gateway + product: Avaya Aura Web Gateway cves: cve-2021-4104: investigated: false @@ -4479,7 +9882,7 @@ software: - 3.11[P] - 3.8.1[P] - 3.8[P] - - 3.9.1 [P] + - 3.9.1[P] - 3.9[P] fixed_versions: [] unaffected_versions: [] @@ -4500,7 +9903,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Breeze™ + product: Avaya Breeze cves: cve-2021-4104: investigated: false @@ -4658,7 +10061,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya one cloud private -UCaaS - Mid Market Aura + product: Avaya OneCloud-Private cves: cve-2021-4104: investigated: false @@ -4668,7 +10071,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '1' + - '2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4688,7 +10091,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya OneCloud-Private + product: Avaya OneCloud-Private-UCaaS - Mid Market Aura cves: cve-2021-4104: investigated: false @@ -4698,7 +10101,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2' + - '1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4760,8 +10163,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4936,7 +10340,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Equinox™ Conferencing + product: Equinox Conferencing cves: cve-2021-4104: investigated: false @@ -4996,7 +10400,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: IP Office™ Platform + product: IP Office Platform cves: cve-2021-4104: investigated: false @@ -5062,7 +10466,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: AVEPOINT - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5091,7 +10495,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AVM - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5099,10 +10503,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5115,12 +10520,12 @@ software: unaffected_versions: [] vendor_links: - https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C - notes: '' + notes: devices, firmware, software incl. MyFritz Service. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AvTech RoomAlert - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5148,8 +10553,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AWS New - product: '' + - vendor: AXIS + product: OS cves: cve-2021-4104: investigated: false @@ -5157,10 +10562,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5172,13 +10578,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://help.axis.com/axis-os notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AXON - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5207,7 +10613,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AXS Guard - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5236,7 +10642,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Axways Applications - product: '' + product: All cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 22dcda9..f15fbf7 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -134,8 +134,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'Track Sample Manager (TSM)' - - 'Track Workflow Manager (TWM)' + - Track Sample Manager (TSM) + - Track Workflow Manager (TWM) fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -150,7 +150,8 @@ software: unaffected_versions: [] vendor_links: - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html - notes: Abbott will provide a fix for this in a future update expected in January 2022. + notes: Abbott will provide a fix for this in a future update expected in January + 2022. references: - '' last_updated: '2021-12-15T00:00:00' @@ -196,7 +197,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -210,8 +211,8 @@ software: unaffected_versions: [] vendor_links: - https://www.accellence.de/en/articles/cve-2021-44228-62 - notes: EBÜS itself is not vulnerable to CVE-2021-44228. Although - it includes several 3rd-party software setups, which may be affected. + notes: EBÜS itself is not vulnerable to CVE-2021-44228. Although it includes several + 3rd-party software setups, which may be affected. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -257,7 +258,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v7.6 release' + - v7.6 release unaffected_versions: [] cve-2021-45046: investigated: false @@ -271,8 +272,8 @@ software: unaffected_versions: [] vendor_links: - https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/ - notes: As a precaution, Kiteworks released a 7.6.1 Hotfix software update to - address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 + notes: As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address + the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true" @@ -952,7 +953,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '8.6.2 onwards' + - 8.6.2 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -983,7 +984,7 @@ software: fixed_versions: [] unaffected_versions: - '3.5' - - '4.x' + - 4.x cve-2021-45046: investigated: false affected_versions: [] @@ -1043,7 +1044,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '2017 onwards' + - 2017 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -1103,7 +1104,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '10.7 onwards' + - 10.7 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -1224,7 +1225,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1254,7 +1255,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1284,7 +1285,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1314,7 +1315,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1332,7 +1333,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acunetix - product: IAST-Java + product: IAST - NodeJS cves: cve-2021-4104: investigated: false @@ -1342,9 +1343,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 'All' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1357,12 +1358,12 @@ software: unaffected_versions: [] vendor_links: - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ - notes: AcuSensor IAST module needs attention. + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acunetix - product: IAST - NodeJS + product: IAST - PHP cves: cve-2021-4104: investigated: false @@ -1374,7 +1375,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1392,7 +1393,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acunetix - product: IAST - PHP + product: IAST-Java cves: cve-2021-4104: investigated: false @@ -1402,9 +1403,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1417,7 +1418,7 @@ software: unaffected_versions: [] vendor_links: - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ - notes: '' + notes: AcuSensor IAST module needs attention. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1523,9 +1524,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - '6.9.9' - - '6.9.10' - - '6.9.11' + - 6.9.9 + - 6.9.10 + - 6.9.11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1615,7 +1616,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All versions from 6.3 GA to 6.3.3' + - All versions from 6.3 GA to 6.3.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1675,7 +1676,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All versions from 6.4 GA to 6.4.8' + - All versions from 6.4 GA to 6.4.8 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1735,7 +1736,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All versions from 6.5 GA to 6.5.11' + - All versions from 6.5 GA to 6.5.11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1766,7 +1767,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1796,7 +1797,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2009,7 +2010,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '8.0.7 - 8.4.3' + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2039,7 +2040,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '8.0.7 - 8.4.3' + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2069,7 +2070,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '8.0.7 - 8.4.3' + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2099,7 +2100,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '8.0.7 - 8.4.3' + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2129,7 +2130,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '8.0.7 - 8.4.3' + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2159,7 +2160,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '8.0.7 - 8.4.3' + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2218,7 +2219,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.6+' + - 1.6+ cve-2021-45046: investigated: false affected_versions: [] @@ -2248,7 +2249,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'version 8.5.4.86 (and above)' + - version 8.5.4.86 (and above) cve-2021-45046: investigated: false affected_versions: [] @@ -2308,7 +2309,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2367,7 +2368,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '<1.7.4' + - <1.7.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2381,8 +2382,8 @@ software: unaffected_versions: [] vendor_links: - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes - notes: Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, - CVE-2021-45046 and CVE-2021-45105. + notes: Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, CVE-2021-45046 + and CVE-2021-45105. references: - '' last_updated: '2021-12-15T00:00:00' @@ -2398,7 +2399,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 1.4.10' + - < 1.4.10 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2458,7 +2459,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '5.15.0' + - 5.15.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2489,7 +2490,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2519,7 +2520,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2712,9 +2713,9 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Work in progress, portion of customers may still be vulnerable. - Actively monitoring this issue, and are working on addressing it for - any AMS services which use Log4j2. + notes: Work in progress, portion of customers may still be vulnerable. Actively + monitoring this issue, and are working on addressing it for any AMS services + which use Log4j2. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -2834,8 +2835,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: [] - notes: Amazon Linux 1 had aws apitools which were Java based but these - were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). + notes: Amazon Linux 1 had aws apitools which were Java based but these were deprecated + in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2. references: @@ -2973,7 +2974,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 3.4.1' + - < 3.4.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -3169,13 +3170,13 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: To help mitigate the impact of the open-source Apache Log4j2 utility - (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, - Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). - This hot-patch will require customer opt-in to use, and disables JNDI lookups - from the Log4J2 library in customers’ containers. These updates are available - as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes - users on AWS, and will be in supported AWS Fargate platform versions. + notes: To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 + and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon + ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch + will require customer opt-in to use, and disables JNDI lookups from the Log4J2 + library in customers’ containers. These updates are available as an Amazon Linux + package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, + and will be in supported AWS Fargate platform versions. references: - '' last_updated: '2021-12-16T00:00:00' @@ -3205,13 +3206,13 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: To help mitigate the impact of the open-source Apache Log4j2 utility - (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, - Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). - This hot-patch will require customer opt-in to use, and disables JNDI lookups - from the Log4J2 library in customers’ containers. These updates are available - as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes - users on AWS, and will be in supported AWS Fargate platform versions. + notes: To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 + and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon + ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch + will require customer opt-in to use, and disables JNDI lookups from the Log4J2 + library in customers’ containers. These updates are available as an Amazon Linux + package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, + and will be in supported AWS Fargate platform versions. references: - '' last_updated: '2021-12-16T00:00:00' @@ -3331,7 +3332,8 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available as platform versions. + notes: Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available + as platform versions. references: - '' last_updated: '2021-12-16T00:00:00' @@ -3361,7 +3363,8 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Has been updated. Vulnerable only if ETL jobs load affected versions of Apache Log4j. + notes: Has been updated. Vulnerable only if ETL jobs load affected versions of + Apache Log4j. references: - '' last_updated: '2021-12-16T00:00:00' @@ -3391,10 +3394,10 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Updates for all Greengrass V2 components Stream Manager (2.0.14) - and Secure Tunneling (1.0.6) are available. For Greengrass versions 1.10.x - and 1.11.x, an update for the Stream Manager feature is included in Greengrass - patch versions 1.10.5 and 1.11.5. + notes: Updates for all Greengrass V2 components Stream Manager (2.0.14) and Secure + Tunneling (1.0.6) are available. For Greengrass versions 1.10.x and 1.11.x, + an update for the Stream Manager feature is included in Greengrass patch versions + 1.10.5 and 1.11.5. references: - '' last_updated: '2021-12-16T00:00:00' @@ -3454,8 +3457,9 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Updates for all AWS IoT SiteWise Edge components that use Log4j were made available; - OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher (v2.0.2). + notes: Updates for all AWS IoT SiteWise Edge components that use Log4j were made + available; OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher + (v2.0.2). references: - '' last_updated: '2021-12-17T00:00:00' @@ -3489,7 +3493,8 @@ software: The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade - to KCL version 1.14.5 (or higher). KCL 2.x, KCL 1.14.5 or higher, and KPL are not vulnerable. + to KCL version 1.14.5 (or higher). KCL 2.x, KCL 1.14.5 or higher, and KPL are + not vulnerable. references: - '' last_updated: '2021-12-14T00:00:00' @@ -3942,8 +3947,8 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon Chime and Chime SDK services have been updated to mitigate - the issues identified in CVE-2021-44228 and CVE-2021-45046. + notes: Amazon Chime and Chime SDK services have been updated to mitigate the issues + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -4093,8 +4098,8 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: 10/19 release distribution does not include Log4j. Vulnerable only - if customers applications use affected versions of Apache Log4j. + notes: 10/19 release distribution does not include Log4j. Vulnerable only if customers + applications use affected versions of Apache Log4j. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -4154,7 +4159,8 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux 2022 is affected. + notes: Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux + 2022 is affected. references: - '' last_updated: '2021-12-15T00:00:00' @@ -4184,8 +4190,8 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon-owned images published under a Verified Account on Amazon - ECR Public are not affected by the Log4j issue. + notes: Amazon-owned images published under a Verified Account on Amazon ECR Public + are not affected by the Log4j issue. references: - '' last_updated: '2021-12-15T00:00:00' @@ -4246,8 +4252,8 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Many customers are estimated to be vulnerable. Vulnerable only - if affected EMR releases are used and untrusted sources are configured to be processed. + notes: Many customers are estimated to be vulnerable. Vulnerable only if affected + EMR releases are used and untrusted sources are configured to be processed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -4398,7 +4404,8 @@ software: vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Applying updates as required, portion of customers may still be vulnerable. - Some MSK-specific service components use Log4j > 2.0.0 library and are being patched where needed. + Some MSK-specific service components use Log4j > 2.0.0 library and are being + patched where needed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -4548,8 +4555,8 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Update in progress, portion of customers may still be vulnerable. - AWS Lake Formation service hosts are being updated to the latest version of Log4j. + notes: Update in progress, portion of customers may still be vulnerable. AWS Lake + Formation service hosts are being updated to the latest version of Log4j. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -4609,7 +4616,8 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM layer issue is available. + notes: By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM + layer issue is available. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -4639,9 +4647,9 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: By default not vulnerable, and a new version of Amazon Kinesis Agent - which is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate - the Log4j issue in JVM layer is available. + notes: By default not vulnerable, and a new version of Amazon Kinesis Agent which + is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate the Log4j + issue in JVM layer is available. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -4927,7 +4935,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'R20211203-P2' + - R20211203-P2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5151,8 +5159,8 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Completed patching for the Apache Log4j2 issue (CVE-2021-44228). - Vulnerable only if customers applications use affected versions of Apache Log4j. + notes: Completed patching for the Apache Log4j2 issue (CVE-2021-44228). Vulnerable + only if customers applications use affected versions of Apache Log4j. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -5424,9 +5432,9 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Not affected with default configurations. WorkDocs Sync client - versions 1.2.895.1 and older within Windows WorkSpaces, which contain - the Log4j component, are vulnerable; For update instruction, see source for more info. + notes: Not affected with default configurations. WorkDocs Sync client versions + 1.2.895.1 and older within Windows WorkSpaces, which contain the Log4j component, + are vulnerable; For update instruction, see source for more info. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -5474,7 +5482,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '4.10.3' + - 4.10.3 cve-2021-45046: investigated: false affected_versions: [] @@ -5598,7 +5606,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2.2.6' + - 2.2.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5741,7 +5749,7 @@ software: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: Camel Karaf + product: Camel Kafka Connector cves: cve-2021-4104: investigated: false @@ -5750,10 +5758,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5766,13 +5774,12 @@ software: unaffected_versions: [] vendor_links: - https://camel.apache.org/blog/2021/12/log4j2/ - notes: The Karaf team is aware of this and are working on a new Karaf 4.3.4 release - with updated log4j. + notes: '' references: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: Camel Quarkus + product: Camel Karaf cves: cve-2021-4104: investigated: false @@ -5781,10 +5788,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - '' + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5797,12 +5804,13 @@ software: unaffected_versions: [] vendor_links: - https://camel.apache.org/blog/2021/12/log4j2/ - notes: '' + notes: The Karaf team is aware of this and are working on a new Karaf 4.3.4 release + with updated log4j. references: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: Camel Kafka Connector + product: Camel Quarkus cves: cve-2021-4104: investigated: false @@ -5844,7 +5852,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5873,7 +5881,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '0.22.1' + - 0.22.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5903,7 +5911,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -5951,11 +5959,11 @@ software: unaffected_versions: [] vendor_links: - https://flink.apache.org/2021/12/10/log4j-cve.html - notes: To clarify and avoid confusion, the 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 - releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were - skipped because CVE-2021-45046 was discovered during the release publication. - The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade - for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. + notes: To clarify and avoid confusion, the 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, + which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped + because CVE-2021-45046 was discovered during the release publication. The new + 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j + to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. references: - '[https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html)' last_updated: '2021-12-12T00:00:00' @@ -5971,7 +5979,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 2.0.7' + - < 2.0.7 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6001,7 +6009,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.14.0' + - 1.14.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6032,7 +6040,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6121,7 +6129,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '4.x' + - 4.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -6150,7 +6158,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '3.6.0' + - 3.6.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6181,7 +6189,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 4.3.1' + - < 4.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6210,7 +6218,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'All' + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6241,7 +6249,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2.11.1' + - 2.11.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6302,7 +6310,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6330,7 +6338,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2.17.1' + - 2.17.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6362,7 +6370,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6392,7 +6400,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6421,7 +6429,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 18.12.03' + - < 18.12.03 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6451,7 +6459,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 1.2.1' + - < 1.2.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6481,7 +6489,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 8.9.1' + - < 8.9.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6511,8 +6519,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '7.4.0 to 7.7.3' - - '8.0.0 to 8.11.0' + - 7.4.0 to 7.7.3 + - 8.0.0 to 8.11.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6526,7 +6534,8 @@ software: unaffected_versions: [] vendor_links: - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 - notes: Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several configurations. + notes: Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several + configurations. references: - '[Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html)' last_updated: '2021-12-16T00:00:00' @@ -6543,7 +6552,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6571,7 +6580,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2.5.28' + - 2.5.28 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6634,7 +6643,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '5.7.3' + - 5.7.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6664,7 +6673,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2.0.0 and up' + - 2.0.0 and up fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6793,11 +6802,11 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v9.5' - - 'v10.0.1' - - 'v10.0.2' - - 'v10.0.3' - - 'v10.0.4' + - v9.5 + - v10.0.1 + - v10.0.2 + - v10.0.3 + - v10.0.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6830,7 +6839,7 @@ software: - '4.2' - '4.3' - '4.4' - - '4.4.1' + - 4.4.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6860,8 +6869,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '6.3.x' - - '6.4.x' + - 6.3.x + - 6.4.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -6891,8 +6900,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 9.10' - - '< 10.6' + - < 9.10 + - < 10.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6923,7 +6932,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7574,7 +7583,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.8.17' + - 1.8.17 unaffected_versions: [] cve-2021-45046: investigated: false @@ -7832,7 +7841,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks - product: ArubaOS Wi-Fi Controllers and Gateways + product: ArubaOS SD-WAN Gateways cves: cve-2021-4104: investigated: false @@ -7862,7 +7871,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks - product: ArubaOS SD-WAN Gateways + product: ArubaOS Wi-Fi Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -8233,7 +8242,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'Versions 2.5.0.0 to 2.5.0.6' + - Versions 2.5.0.0 to 2.5.0.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -8312,7 +8321,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks - product: Legacy VX + product: Legacy VRX cves: cve-2021-4104: investigated: false @@ -8342,7 +8351,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks - product: Legacy VRX + product: Legacy VX cves: cve-2021-4104: investigated: false @@ -8590,7 +8599,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'On Prem' + - On Prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8621,7 +8630,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'On prem' + - On prem unaffected_versions: [] cve-2021-45046: investigated: false @@ -8651,7 +8660,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'On prem' + - On prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8681,7 +8690,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'v1.7.1' + - v1.7.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8741,7 +8750,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'v4.13.0' + - v4.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8771,7 +8780,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'v3.0.77' + - v3.0.77 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8801,7 +8810,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'v4.13.0' + - v4.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8831,7 +8840,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'v1.13.0' + - v1.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8952,7 +8961,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'On prem' + - On prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8983,7 +8992,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'On prem' + - On prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9186,7 +9195,8 @@ software: unaffected_versions: [] vendor_links: - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -9216,7 +9226,8 @@ software: unaffected_versions: [] vendor_links: - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -9232,8 +9243,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '11.x' - - '<11.3x' + - 11.x + - <11.3x unaffected_versions: [] cve-2021-45046: investigated: false @@ -9247,7 +9258,8 @@ software: unaffected_versions: [] vendor_links: - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -9402,7 +9414,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura for OneCloud Private + product: Avaya Aura Application Enablement Services cves: cve-2021-4104: investigated: false @@ -9412,7 +9424,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - '' + - 8.1.3.2 + - 8.1.3.3 + - '10.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9427,15 +9441,12 @@ software: unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: Avaya is scanning and monitoring its OneCloud Private environments as part - of its management activities. Avaya will continue to monitor this fluid situation - and remediations will be made as patches become available, in accordance with - appropriate change processes. + notes: '' references: - - '' + - '[PSN020551u](https://download.avaya.com/css/public/documents/101079386)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura Application Enablement Services + product: Avaya Aura Contact Center cves: cve-2021-4104: investigated: false @@ -9445,9 +9456,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - '8.1.3.2' - - '8.1.3.3' - - '10.1' + - 7.0.2 + - 7.0.3 + - '7.1' + - 7.1.1 + - 7.1.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9464,10 +9477,10 @@ software: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - - '[PSN020551u](https://download.avaya.com/css/public/documents/101079386)' + - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura Contact Center + product: Avaya Aura Device Services cves: cve-2021-4104: investigated: false @@ -9477,11 +9490,13 @@ software: cve-2021-44228: investigated: true affected_versions: - - '7.0.2' - - '7.0.3' - - '7.1' - - '7.1.1' - - '7.1.2' + - '8' + - 8.0.1 + - 8.0.2 + - '8.1' + - 8.1.3 + - 8.1.4 + - 8.1.5 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9501,7 +9516,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura Device Services + product: Avaya Aura for OneCloud Private cves: cve-2021-4104: investigated: false @@ -9511,13 +9526,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '8' - - '8.0.1' - - '8.0.2' - - '8.1' - - '8.1.3' - - '8.1.4' - - '8.1.5' + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9532,7 +9541,10 @@ software: unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' + notes: Avaya is scanning and monitoring its OneCloud Private environments as part + of its management activities. Avaya will continue to monitor this fluid situation + and remediations will be made as patches become available, in accordance with + appropriate change processes. references: - '' last_updated: '2021-12-14T00:00:00' @@ -9547,9 +9559,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - '8.0.0' - - '8.0.1' - - '8.0.2' + - 8.0.0 + - 8.0.1 + - 8.0.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9580,15 +9592,15 @@ software: investigated: true affected_versions: - '10.1' - - '7.1.2' + - 7.1.2 - '8' - - '8.0.1' - - '8.0.2' + - 8.0.1 + - 8.0.2 - '8.1' - - '8.1.1' - - '8.1.2' - - '8.1.3' - - '8.1.4' + - 8.1.1 + - 8.1.2 + - 8.1.3 + - 8.1.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9619,13 +9631,13 @@ software: investigated: true affected_versions: - '10.1' - - '7.1.3' + - 7.1.3 - '8' - - '8.0.1' + - 8.0.1 - '8.1' - - '8.1.1' - - '8.1.2' - - '8.1.3' + - 8.1.1 + - 8.1.2 + - 8.1.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9656,7 +9668,7 @@ software: investigated: true affected_versions: - '10.1' - - '8.1.3' + - 8.1.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9686,11 +9698,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - '3.11[P]' - - '3.8.1[P]' - - '3.8[P]' - - '3.9.1[P]' - - '3.9[P]' + - 3.11[P] + - 3.8.1[P] + - 3.8[P] + - 3.9.1[P] + - 3.9[P] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9722,7 +9734,7 @@ software: affected_versions: - '3.7' - '3.8' - - '3.8.1' + - 3.8.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9752,11 +9764,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - '7.0.2' - - '7.0.3' + - 7.0.2 + - 7.0.3 - '7.1' - - '7.1.1' - - '7.1.2' + - 7.1.1 + - 7.1.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9816,7 +9828,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '3.1.22' + - 3.1.22 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9846,9 +9858,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - '9.1.10' - - '9.1.11' - - '9.1.12' + - 9.1.10 + - 9.1.11 + - 9.1.12 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9868,7 +9880,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya OneCloud-Private-UCaaS - Mid Market Aura + product: Avaya OneCloud-Private cves: cve-2021-4104: investigated: false @@ -9878,7 +9890,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '1' + - '2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9898,7 +9910,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya OneCloud-Private + product: Avaya OneCloud-Private-UCaaS - Mid Market Aura cves: cve-2021-4104: investigated: false @@ -9908,7 +9920,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2' + - '1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9938,11 +9950,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - '8.0.1' + - 8.0.1 - '8.1' - - '8.1.1' - - '8.1.2' - - '8.1.3' + - 8.1.1 + - 8.1.2 + - 8.1.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10066,7 +10078,7 @@ software: investigated: true affected_versions: - '5' - - '5.0.1' + - 5.0.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10096,8 +10108,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - '9.0.2' - - '9.0.2.1' + - 9.0.2 + - 9.0.2.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10157,7 +10169,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '9.1.2' + - 9.1.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10187,7 +10199,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '7.3.9' + - 7.3.9 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10217,10 +10229,10 @@ software: cve-2021-44228: investigated: true affected_versions: - - '11.0.4' + - 11.0.4 - '11.1' - - '11.1.1' - - '11.1.2' + - 11.1.1 + - 11.1.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10250,10 +10262,10 @@ software: cve-2021-44228: investigated: true affected_versions: - - '3.1.2' - - '3.1.3' + - 3.1.2 + - 3.1.3 - '4' - - '4.0.1' + - 4.0.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: From a2a55d51e1650846409d703a4e5be0b5b10893b6 Mon Sep 17 00:00:00 2001 From: Sidgawri <64966459+Sidgawri@users.noreply.github.com> Date: Mon, 14 Feb 2022 13:47:41 -0500 Subject: [PATCH 22/27] Update cisagov_C.yml Providing the latest changes for Citrix products and services in context to the Log4j vulnerabilities --- data/cisagov_C.yml | 234 ++++++++++++++++++++------------------------- 1 file changed, 103 insertions(+), 131 deletions(-) diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index ab59ef7..5a553a2 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -4588,22 +4588,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4622,22 +4620,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4650,27 +4646,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4683,27 +4678,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4717,27 +4711,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4750,31 +4743,23 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: [10.14 RP2, 10.13 RP5, 10.12 RP10] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: [10.14 RP2, 10.13 RP5, 10.12 RP10] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: [10.14 RP3, 10.13 RP6, 10.12 RP11] unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised - to apply the latest CEM rolling patch updates listed below as soon as possible - to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); - [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); - and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). - Note: Customers who have upgraded their XenMobile Server to the updated versions - are recommended not to apply the responder policy mentioned in the blog listed - below to the Citrix ADC vserver in front of the XenMobile Server as it may impact - the enrollment of Android devices. For CVE-2021-45105: Investigation in progress.' + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4787,27 +4772,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4820,27 +4804,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4859,22 +4842,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4887,30 +4868,24 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: [Linux Virtual Delivery Agent 2112] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: [Linux Virtual Delivery Agent 2112] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: - Customers are advised to apply the latest update as soon as possible to reduce - the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). - See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for - additional mitigations. For CVE-2021-45105: Investigation has shown that Linux - VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, - released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: - Linux VDA LTSR all versions; All other CVAD components.' + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4929,22 +4904,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4957,27 +4930,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' From c1fa8e764aca1ee5fba0809dcea5f95e9dbadd90 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 14 Feb 2022 16:15:05 -0500 Subject: [PATCH 23/27] Adjusted fix versions --- data/cisagov_C.yml | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index 5a553a2..ed26121 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -4745,17 +4745,26 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [10.14 RP2, 10.13 RP5, 10.12 RP10] + fixed_versions: + - '10.14 RP2' + - '10.13 RP5' + - '10.12 RP10' unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] - fixed_versions: [10.14 RP2, 10.13 RP5, 10.12 RP10] + fixed_versions: + - '10.14 RP2' + - '10.13 RP5' + - '10.12 RP10' unaffected_versions: [] cve-2021-45105: investigated: true affected_versions: [] - fixed_versions: [10.14 RP3, 10.13 RP6, 10.12 RP11] + fixed_versions: + - '10.14 RP3' + - '10.13 RP6' + - '10.12 RP11' unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 @@ -4870,12 +4879,14 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [Linux Virtual Delivery Agent 2112] + fixed_versions: + - 'Linux Virtual Delivery Agent 2112' unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] - fixed_versions: [Linux Virtual Delivery Agent 2112] + fixed_versions: + - 'Linux Virtual Delivery Agent 2112' unaffected_versions: [] cve-2021-45105: investigated: true From fe8c12349bc86cdc7c51eede11122fd90e5d91d1 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 14 Feb 2022 16:35:03 -0500 Subject: [PATCH 24/27] Fix trailing whitespace --- data/cisagov_C.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index ed26121..b484a43 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -4702,7 +4702,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Content Collaboration (ShareFile Integration) – Citrix Files for + product: Citrix Content Collaboration (ShareFile Integration)–Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook cves: cve-2021-4104: @@ -4790,7 +4790,7 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: + unaffected_versions: - All Platforms cve-2021-45105: investigated: true From 79616e8d66dede61e962c970aab2fda12e37c2d4 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 14 Feb 2022 16:38:27 -0500 Subject: [PATCH 25/27] Revert "Update cisagov_C.yml" --- data/cisagov_C.yml | 247 ++++++++++++++++++++++++--------------------- 1 file changed, 132 insertions(+), 115 deletions(-) diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index b484a43..ab59ef7 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -4588,20 +4588,22 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' @@ -4620,20 +4622,22 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' @@ -4646,26 +4650,27 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' @@ -4678,31 +4683,32 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Content Collaboration (ShareFile Integration)–Citrix Files for + product: Citrix Content Collaboration (ShareFile Integration) – Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook cves: cve-2021-4104: @@ -4711,26 +4717,27 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' @@ -4743,32 +4750,31 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '10.14 RP2' - - '10.13 RP5' - - '10.12 RP10' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '10.14 RP2' - - '10.13 RP5' - - '10.12 RP10' + fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '10.14 RP3' - - '10.13 RP6' - - '10.12 RP11' + fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: 'For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised + to apply the latest CEM rolling patch updates listed below as soon as possible + to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); + [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); + and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). + Note: Customers who have upgraded their XenMobile Server to the updated versions + are recommended not to apply the responder policy mentioned in the blog listed + below to the Citrix ADC vserver in front of the XenMobile Server as it may impact + the enrollment of Android devices. For CVE-2021-45105: Investigation in progress.' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4781,26 +4787,27 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' @@ -4813,26 +4820,27 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' @@ -4851,20 +4859,22 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' @@ -4877,26 +4887,30 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 'Linux Virtual Delivery Agent 2112' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 'Linux Virtual Delivery Agent 2112' + fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: + Customers are advised to apply the latest update as soon as possible to reduce + the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). + See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for + additional mitigations. For CVE-2021-45105: Investigation has shown that Linux + VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, + released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: + Linux VDA LTSR all versions; All other CVAD components.' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4915,20 +4929,22 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' @@ -4941,26 +4957,27 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' From 06dc0d8bdd35e00d25c3db34855e79f63e22e4b4 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 14 Feb 2022 16:59:20 -0500 Subject: [PATCH 26/27] Update Citrix products --- data/cisagov_C.yml | 247 +++++++++++++++++++++------------------------ 1 file changed, 115 insertions(+), 132 deletions(-) diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index ab59ef7..b484a43 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -4588,22 +4588,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4622,22 +4620,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4650,27 +4646,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4683,32 +4678,31 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Content Collaboration (ShareFile Integration) – Citrix Files for + product: Citrix Content Collaboration (ShareFile Integration)–Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook cves: cve-2021-4104: @@ -4717,27 +4711,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4750,31 +4743,32 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '10.14 RP2' + - '10.13 RP5' + - '10.12 RP10' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '10.14 RP2' + - '10.13 RP5' + - '10.12 RP10' unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '10.14 RP3' + - '10.13 RP6' + - '10.12 RP11' unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised - to apply the latest CEM rolling patch updates listed below as soon as possible - to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); - [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); - and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). - Note: Customers who have upgraded their XenMobile Server to the updated versions - are recommended not to apply the responder policy mentioned in the blog listed - below to the Citrix ADC vserver in front of the XenMobile Server as it may impact - the enrollment of Android devices. For CVE-2021-45105: Investigation in progress.' + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4787,27 +4781,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4820,27 +4813,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4859,22 +4851,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4887,30 +4877,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'Linux Virtual Delivery Agent 2112' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'Linux Virtual Delivery Agent 2112' unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: - Customers are advised to apply the latest update as soon as possible to reduce - the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). - See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for - additional mitigations. For CVE-2021-45105: Investigation has shown that Linux - VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, - released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: - Linux VDA LTSR all versions; All other CVAD components.' + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4929,22 +4915,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4957,27 +4941,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' From fd89a69603318788a4acb2e33e6ae53a66ed0ec1 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Mon, 14 Feb 2022 22:06:02 +0000 Subject: [PATCH 27/27] Update the software list --- SOFTWARE-LIST.md | 24 ++--- data/cisagov.yml | 247 +++++++++++++++++++++------------------------ data/cisagov_C.yml | 22 ++-- 3 files changed, 138 insertions(+), 155 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 61321b9..a9552e2 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -745,18 +745,18 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Cisco | duo network gateway (on-prem/self-hosted) | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cisco | Exony Virtualized Interaction Manager (VIM) | | | Unknown | [link](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cisco | Managed Services Accelerator (MSX) Network Access Control Service | | | Unknown | [link](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Citrix | Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Application Delivery Management (NetScaler MAS) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Cloud Connector | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Connector Appliance for Cloud Services | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Content Collaboration (ShareFile Integration) – Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Endpoint Management (Citrix XenMobile Server) | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised to apply the latest CEM rolling patch updates listed below as soon as possible to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). Note: Customers who have upgraded their XenMobile Server to the updated versions are recommended not to apply the responder policy mentioned in the blog listed below to the Citrix ADC vserver in front of the XenMobile Server as it may impact the enrollment of Android devices. For CVE-2021-45105: Investigation in progress. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Hypervisor (XenServer) | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix License Server | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix SD-WAN | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Virtual Apps and Desktops (XenApp & XenDesktop) | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: Customers are advised to apply the latest update as soon as possible to reduce the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for additional mitigations. For CVE-2021-45105: Investigation has shown that Linux VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: Linux VDA LTSR all versions; All other CVAD components. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Workspace App | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | ShareFile Storage Zones Controller | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Application Delivery Management (NetScaler MAS) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Cloud Connector | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Connector Appliance for Cloud Services | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Content Collaboration (ShareFile Integration)–Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Endpoint Management (Citrix XenMobile Server) | | 10.14 RP2, 10.13 RP5, 10.12 RP10 | Fixed | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Hypervisor (XenServer) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix License Server | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix SD-WAN | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Virtual Apps and Desktops (XenApp & XenDesktop) | | Linux Virtual Delivery Agent 2112 | Fixed | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Workspace App | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | ShareFile Storage Zones Controller | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Claris | | | | Unknown | [link](https://support.claris.com/s/article/CVE-2021-44228-Apache-Log4j-Vulnerability-and-Claris-products?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cloudera | AM2CM Tool | | | Unknown | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cloudera | Ambari | Only versions 2.x, 1.x | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 7f791b8..6f63573 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -21569,22 +21569,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -21603,22 +21601,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -21631,27 +21627,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -21664,32 +21659,31 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Content Collaboration (ShareFile Integration) – Citrix Files for + product: Citrix Content Collaboration (ShareFile Integration)–Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook cves: cve-2021-4104: @@ -21698,27 +21692,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -21731,31 +21724,32 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 10.14 RP2 + - 10.13 RP5 + - 10.12 RP10 unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 10.14 RP2 + - 10.13 RP5 + - 10.12 RP10 unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 10.14 RP3 + - 10.13 RP6 + - 10.12 RP11 unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised - to apply the latest CEM rolling patch updates listed below as soon as possible - to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); - [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); - and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). - Note: Customers who have upgraded their XenMobile Server to the updated versions - are recommended not to apply the responder policy mentioned in the blog listed - below to the Citrix ADC vserver in front of the XenMobile Server as it may impact - the enrollment of Android devices. For CVE-2021-45105: Investigation in progress.' + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -21768,27 +21762,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -21801,27 +21794,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -21840,22 +21832,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -21868,30 +21858,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Linux Virtual Delivery Agent 2112 unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Linux Virtual Delivery Agent 2112 unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: - Customers are advised to apply the latest update as soon as possible to reduce - the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). - See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for - additional mitigations. For CVE-2021-45105: Investigation has shown that Linux - VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, - released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: - Linux VDA LTSR all versions; All other CVAD components.' + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -21910,22 +21896,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -21938,27 +21922,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index b484a43..a17ca4c 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -4746,25 +4746,25 @@ software: investigated: true affected_versions: [] fixed_versions: - - '10.14 RP2' - - '10.13 RP5' - - '10.12 RP10' + - 10.14 RP2 + - 10.13 RP5 + - 10.12 RP10 unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - '10.14 RP2' - - '10.13 RP5' - - '10.12 RP10' + - 10.14 RP2 + - 10.13 RP5 + - 10.12 RP10 unaffected_versions: [] cve-2021-45105: investigated: true affected_versions: [] fixed_versions: - - '10.14 RP3' - - '10.13 RP6' - - '10.12 RP11' + - 10.14 RP3 + - 10.13 RP6 + - 10.12 RP11 unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 @@ -4880,13 +4880,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'Linux Virtual Delivery Agent 2112' + - Linux Virtual Delivery Agent 2112 unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'Linux Virtual Delivery Agent 2112' + - Linux Virtual Delivery Agent 2112 unaffected_versions: [] cve-2021-45105: investigated: true