1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-22 08:30:48 +00:00

Add GitHub, Gitlab, GoAnywhere products

This commit is contained in:
justmurphy 2022-02-02 16:11:36 -05:00 committed by GitHub
parent 0a5a312ade
commit 584a6904f7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -90,9 +90,8 @@ software:
unaffected_versions: [] unaffected_versions: []
vendor_links: vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently
in development environment and the team is currently deploying the fixes in deploying the fixes in the production environment.
the production environment.
references: references:
- '' - ''
last_updated: '2021-12-22T00:00:00' last_updated: '2021-12-22T00:00:00'
@ -122,8 +121,7 @@ software:
unaffected_versions: [] unaffected_versions: []
vendor_links: vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: GE Gas Power is still validating the workaround provided by FoxGuard in notes: GE Gas Power is still validating the workaroun provided by FoxGuard in Technical Information Notice M1221-S01.
Technical Information Notice M1221-S01.
references: references:
- '' - ''
last_updated: '2021-12-22T00:00:00' last_updated: '2021-12-22T00:00:00'
@ -153,12 +151,11 @@ software:
unaffected_versions: [] unaffected_versions: []
vendor_links: vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: GE Gas Power has tested and validated the component of the BSC 2.0 that notes: GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x).
is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not
from link in reference section. This update is available to customer only and been reviewed by CISA.
has not been reviewed by CISA.
references: references:
- '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)' - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420'
last_updated: '2021-12-22T00:00:00' last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power - vendor: GE Gas Power
product: Control Server product: Control Server
@ -186,8 +183,7 @@ software:
unaffected_versions: [] unaffected_versions: []
vendor_links: vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: Please see vCenter. Control Server is not directly impacted. It is impacted notes: Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter.
through vCenter.
references: references:
- '' - ''
last_updated: '2021-12-22T00:00:00' last_updated: '2021-12-22T00:00:00'
@ -337,14 +333,14 @@ software:
unaffected_versions: [] unaffected_versions: []
vendor_links: vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: GE Gas Power has tested and validated the update provided by Vmware. The notes: GE Gas Power has tested and validated the update provided by Vmware.
update and instructions can be downloaded from link in reference section. This The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not
update is available to customer only and has not been reviewed by CISA. been reviewed by CISA.
references: references:
- '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)' - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417'
last_updated: '2021-12-22T00:00:00' last_updated: '2021-12-22T00:00:00'
- vendor: GE Healthcare - vendor: GE Healthcare
product: '' product: All
cves: cves:
cve-2021-4104: cve-2021-4104:
investigated: false investigated: false
@ -374,7 +370,7 @@ software:
- '' - ''
last_updated: '2021-12-22T00:00:00' last_updated: '2021-12-22T00:00:00'
- vendor: Gearset - vendor: Gearset
product: '' product: All
cves: cves:
cve-2021-4104: cve-2021-4104:
investigated: false investigated: false
@ -403,7 +399,7 @@ software:
- '' - ''
last_updated: '2022-01-12T07:18:50+00:00' last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Genesys - vendor: Genesys
product: '' product: All
cves: cves:
cve-2021-4104: cve-2021-4104:
investigated: false investigated: false
@ -432,7 +428,7 @@ software:
- '' - ''
last_updated: '2022-01-12T07:18:50+00:00' last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GeoServer - vendor: GeoServer
product: '' product: All
cves: cves:
cve-2021-4104: cve-2021-4104:
investigated: false investigated: false
@ -460,8 +456,68 @@ software:
references: references:
- '' - ''
last_updated: '2022-01-12T07:18:50+00:00' last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gerrit code review - vendor: GeoSolutions
product: '' product: GeoNetwork
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
'All'
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html
notes: ''
references:
- ''
last_updated: '2021-12-16T07:18:50+00:00'
- vendor: GeoSolutions
product: GeoServer
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- 'All'
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html
notes: ''
references:
- ''
last_updated: '2021-12-16T07:18:50+00:00'
- vendor: Gerrit Code Review
product: All
cves: cves:
cve-2021-4104: cve-2021-4104:
investigated: false investigated: false
@ -489,8 +545,8 @@ software:
references: references:
- '' - ''
last_updated: '2022-01-12T07:18:50+00:00' last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GFI - vendor: GFI Software
product: '' product: All
cves: cves:
cve-2021-4104: cve-2021-4104:
investigated: false investigated: false
@ -518,8 +574,38 @@ software:
references: references:
- '' - ''
last_updated: '2022-01-12T07:18:50+00:00' last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GFI Software
product: Kerio Connect
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Ghidra - vendor: Ghidra
product: '' product: All
cves: cves:
cve-2021-4104: cve-2021-4104:
investigated: false investigated: false
@ -547,6 +633,36 @@ software:
references: references:
- '' - ''
last_updated: '2022-01-12T07:18:50+00:00' last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Ghisler
product: Total Commander
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ghisler.com/whatsnew.htm
notes: Third Party plugins might contain log4j.
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gigamon - vendor: Gigamon
product: Fabric Manager product: Fabric Manager
cves: cves:
@ -557,9 +673,9 @@ software:
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: true investigated: true
affected_versions: affected_versions: []
- <5.13.01.02 fixed_versions:
fixed_versions: [] - '<5.13.01.02'
unaffected_versions: [] unaffected_versions: []
cve-2021-45046: cve-2021-45046:
investigated: false investigated: false
@ -608,8 +724,8 @@ software:
references: references:
- '' - ''
last_updated: '2021-12-17T00:00:00' last_updated: '2021-12-17T00:00:00'
- vendor: GitLab - vendor: GitHub
product: '' product: GitHub Enterprise Server
cves: cves:
cve-2021-4104: cve-2021-4104:
investigated: false investigated: false
@ -617,9 +733,13 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions:
- '3.0.22'
- '3.1.14'
- '3.2.6'
- '3.3.1'
unaffected_versions: [] unaffected_versions: []
cve-2021-45046: cve-2021-45046:
investigated: false investigated: false
@ -632,13 +752,223 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
vendor_links: vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763 - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/
notes: ''
references:
- ''
last_updated: '2021-12-17T00:00:00'
- vendor: GitLab
product: All
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763/8
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GitLab
product: DAST Analyzer
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763/8
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GitLab
product: Dependency Scanning
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763/8
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GitLab
product: Gemnasium-Maven
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763/8
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GitLab
product: PMD OSS
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763/8
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GitLab
product: SAST
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763/8
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GitLab
product: Spotbugs
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763/8
notes: '' notes: ''
references: references:
- '' - ''
last_updated: '2022-01-12T07:18:50+00:00' last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Globus - vendor: Globus
product: '' product: All
cves: cves:
cve-2021-4104: cve-2021-4104:
investigated: false investigated: false
@ -666,6 +996,36 @@ software:
references: references:
- '' - ''
last_updated: '2022-01-12T07:18:50+00:00' last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GoAnywhere
product: Agents
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps
notes: ''
references:
- ''
last_updated: '2021-12-18T00:00:00'
- vendor: GoAnywhere - vendor: GoAnywhere
product: Gateway product: Gateway
cves: cves:
@ -676,9 +1036,9 @@ software:
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: true investigated: true
affected_versions: affected_versions: []
- < 2.8.4 fixed_versions:
fixed_versions: [] - 'Version 2.7.0 or later'
unaffected_versions: [] unaffected_versions: []
cve-2021-45046: cve-2021-45046:
investigated: false investigated: false
@ -706,9 +1066,9 @@ software:
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: true investigated: true
affected_versions: affected_versions: []
- < 6.8.6 fixed_versions:
fixed_versions: [] - 'Version 5.3.0 or later'
unaffected_versions: [] unaffected_versions: []
cve-2021-45046: cve-2021-45046:
investigated: false investigated: false
@ -737,7 +1097,7 @@ software:
cve-2021-44228: cve-2021-44228:
investigated: true investigated: true
affected_versions: affected_versions:
- < 1.6.5 - '1.4.2 or later'
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
cve-2021-45046: cve-2021-45046:
@ -752,6 +1112,66 @@ software:
unaffected_versions: [] unaffected_versions: []
vendor_links: vendor_links:
- https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps
notes: Versions less than GoAnywhere Agent version 1.4.2 are not affected.
references:
- ''
last_updated: '2021-12-18T00:00:00'
- vendor: GoAnywhere
product: Open PGP Studio
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps
notes: ''
references:
- ''
last_updated: '2021-12-18T00:00:00'
- vendor: GoAnywhere
product: Suveyor/400
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps
notes: '' notes: ''
references: references:
- '' - ''
@ -4931,7 +5351,7 @@ software:
investigated: true investigated: true
affected_versions: [] affected_versions: []
fixed_versions: fixed_versions:
- < 2021.3.6 - '< 2021.3.6'
unaffected_versions: [] unaffected_versions: []
cve-2021-45046: cve-2021-45046:
investigated: false investigated: false
@ -4961,7 +5381,7 @@ software:
investigated: true investigated: true
affected_versions: [] affected_versions: []
fixed_versions: fixed_versions:
- < 10.1 - '< 10.1'
unaffected_versions: [] unaffected_versions: []
cve-2021-45046: cve-2021-45046:
investigated: false investigated: false
@ -4991,7 +5411,7 @@ software:
investigated: true investigated: true
affected_versions: [] affected_versions: []
fixed_versions: fixed_versions:
- < 1.6.2 - '< 1.6.2'
unaffected_versions: [] unaffected_versions: []
cve-2021-45046: cve-2021-45046:
investigated: false investigated: false