From 3bdde3eac3d49e7c280bca9297a847e405e251a5 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 10:41:22 -0500 Subject: [PATCH 01/25] Update Daktronics entries --- data/cisagov_D.yml | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index f8738da..3b9a85c 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -74,7 +74,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - DWP-1000 + - 'DWP-1000' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -89,8 +89,8 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: 'DWP-1000: Not present in our codebase, but awaiting confirmation from - LG re: webOS platform.' + notes: DWP-1000 is not present in our codebase, but awaiting confirmation from + LG re webOS platform. references: - '' last_updated: '2022-01-06T00:00:00' @@ -166,7 +166,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - P10 + - 'P10' cve-2021-45046: investigated: false affected_versions: [] @@ -196,13 +196,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - AMP-R200 - - AMP-R400 - - AMP-R800 - - AMP-SM100 - - AMP-SE100 - - AMP-SM200 - - AMP-SM400 + - 'AMP-R200' + - 'AMP-R400' + - 'AMP-R800' + - 'AMP-SM100' + - 'AMP-SE100' + - 'AMP-SM200' + - 'AMP-SM400' cve-2021-45046: investigated: false affected_versions: [] @@ -244,8 +244,8 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: 'DMS Web Player: Not present in our codebase, but awaiting confirmation - from LG re: webOS platform.' + notes: DMS Web Player not present in our codebase, but awaiting confirmation + from LG re webOS platform. references: - '' last_updated: '2022-01-06T00:00:00' @@ -262,7 +262,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - A-3257 + - 'A-3257' - '3256' - '2270' - '2269' @@ -296,7 +296,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - A-3189335 + - 'A-3189335' - '3128' - '3416' - '3418' @@ -332,7 +332,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - A-4036028 + - 'A-4036028' cve-2021-45046: investigated: false affected_versions: [] @@ -362,7 +362,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - A-3665 + - 'A-3665' cve-2021-45046: investigated: false affected_versions: [] @@ -390,7 +390,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - A-3350704 + - 'A-3350704' fixed_versions: [] unaffected_versions: [] cve-2021-45046: From 5e5fee897e66584847474963f25bb47d8c297909 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 13:12:12 -0500 Subject: [PATCH 02/25] Update Darktrace entry --- data/cisagov_D.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 3b9a85c..3d4ba8e 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -588,7 +588,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: DarkTrace - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -612,7 +612,7 @@ software: unaffected_versions: [] vendor_links: - https://customerportal.darktrace.com/inside-the-soc/get-article/201 - notes: '' + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' From a509271b8aa3dcc368933e154fb91db40ec743a0 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 13:15:18 -0500 Subject: [PATCH 03/25] Update Dassualt & Databricks --- data/cisagov_D.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 3d4ba8e..4c3f8f2 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -617,7 +617,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dassault Systèmes - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -641,12 +641,12 @@ software: unaffected_versions: [] vendor_links: - https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e - notes: '' + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Databricks - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -675,10 +675,10 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Datadog - product: Datadog Agent + product: Agent cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -687,9 +687,9 @@ software: affected_versions: [] fixed_versions: - '>=6.17.0' - - <=6.32.2 + - '<=6.32.2' - '>=7.17.0' - - <=7.32.2 + - '<=7.32.2' unaffected_versions: [] cve-2021-45046: investigated: false From f89db346a6fc52f43d2e303f06c17e324c7265bf Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 13:24:17 -0500 Subject: [PATCH 04/25] Add Datadog entries --- data/cisagov_D.yml | 69 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 66 insertions(+), 3 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 4c3f8f2..29c18a3 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -675,13 +675,14 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Datadog - product: Agent + product: Datadog Agent cves: cve-2021-4104: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] @@ -703,7 +704,69 @@ software: unaffected_versions: [] vendor_links: - https://www.datadoghq.com/log4j-vulnerability/ - notes: '' + notes: JMX monitoring component leverages an impacted version of log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datadog + product: datadog-kafka-connect-logs + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '< 1.0.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.datadoghq.com/log4j-vulnerability/ + notes: Version 1.0.2 of the library uses version 2.16.0 of Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datadog + product: datadog-lambda-java + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '< 1.0.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.datadoghq.com/log4j-vulnerability/ + notes: Following AWS recommendation, library updated using the latest version of amazon-lambda-java-log4j2 (1.4.0). references: - '' last_updated: '2022-01-12T07:18:50+00:00' From cbd9ed7fe22cba5a9f1e2c89b2c7ec28b14ce4fe Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 13:34:54 -0500 Subject: [PATCH 05/25] Add DBeaver, small edits --- data/cisagov_D.yml | 39 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 29c18a3..eb5f5af 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -771,7 +771,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dataminer - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -829,7 +829,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Datto - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -857,8 +857,41 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: DBeaver + product: All + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dcache.org/post/log4j-vulnerability/ + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: dCache.org - product: '' + product: All cves: cve-2021-4104: investigated: false From fda6ce74fd36ed80cee4633764bc11ce5af14d39 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 13:38:08 -0500 Subject: [PATCH 06/25] Add Debian products --- data/cisagov_D.yml | 37 +++++++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index eb5f5af..386a6b0 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -920,18 +920,51 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Debian - product: '' + product: Apache-log4j.1.2 cves: cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - stretch, buster, bullseye + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - stretch, buster, bullseye + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-tracker.debian.org/tracker/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Debian + product: Apache-log4j2 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - stretch, buster, bullseye cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - stretch, buster, bullseye cve-2021-45046: investigated: false affected_versions: [] From ccc0e36e0e159fffad003a0afa302ff2cf630e18 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 13:42:22 -0500 Subject: [PATCH 07/25] remove trailing whitespace, Datadog --- data/cisagov_D.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 386a6b0..9834dd3 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -766,7 +766,7 @@ software: unaffected_versions: [] vendor_links: - https://www.datadoghq.com/log4j-vulnerability/ - notes: Following AWS recommendation, library updated using the latest version of amazon-lambda-java-log4j2 (1.4.0). + notes: Following AWS recommendation, library updated using the latest version of amazon-lambda-java-log4j2 (1.4.0). references: - '' last_updated: '2022-01-12T07:18:50+00:00' From 66c8be9a318b29ebe79dffb14ae2e66ee12b83c7 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 13:52:44 -0500 Subject: [PATCH 08/25] Add Decos products --- data/cisagov_D.yml | 227 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 227 insertions(+) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 9834dd3..13e8e18 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -981,6 +981,233 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Decos + product: Cloud + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: EvenementenAssistent + InkomensAssistent + Leerlingenvervoer + AIM online + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: Fixi + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: Integrations (StUF/ZGW/Doclogic-DataIntegrator) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: JOIN Klant Contact + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: JOIN Zaak &I Document (on-premise) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: The solution contains Elasticsearch (vulnerable). Mitigating actions available on our WIKI. + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: JOIN Zaak &I Document (on-premise) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: The SaaS hosted solution contains Logstash + Elasticsearch (vulnerable). Mitigating actions taken. + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' - vendor: Deepinstinct product: '' cves: From 8f52bdb4d26db77eb79f90cbe9cfc001d12cb3b7 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 14:13:46 -0500 Subject: [PATCH 09/25] Update/add Dell products through Avamar vproxy --- data/cisagov_D.yml | 207 +++++++++++++++++++-------------------------- 1 file changed, 86 insertions(+), 121 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 13e8e18..754078e 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -1209,7 +1209,7 @@ software: - '' last_updated: '2022-02-01T07:18:50+00:00' - vendor: Deepinstinct - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1237,90 +1237,33 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Dell - product: '"Dell EMC PowerMax VMAX VMAX3 and VMAX AFA"' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: '"Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC"' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Alienware Command Center cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1331,26 +1274,29 @@ software: product: Alienware OC Controls cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1361,26 +1307,29 @@ software: product: Alienware On Screen Display cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1391,26 +1340,29 @@ software: product: Alienware Update cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1421,29 +1373,32 @@ software: product: APEX Console cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - - N/A + - '' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + notes: Cloud environment patched. references: - '' last_updated: '2021-12-15T00:00:00' @@ -1451,28 +1406,32 @@ software: product: APEX Data Storage Services cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patch in progress + notes: Cloud environment patch in progress. references: - '' last_updated: '2021-12-15T00:00:00' @@ -1480,26 +1439,29 @@ software: product: Atmos cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1507,29 +1469,32 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Azure Stack HCI + product: Avamar vproxy cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' From 84754ab03e06700775d13152db4291a0c3d6ebce Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 14:29:49 -0500 Subject: [PATCH 10/25] Update/Add Dell products, through Cloud --- data/cisagov_D.yml | 224 ++++++++++++++++++++++++++++++++------------- 1 file changed, 159 insertions(+), 65 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 754078e..739fcf6 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -1505,26 +1505,29 @@ software: product: CalMAN Powered Calibration Firmware cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1535,26 +1538,29 @@ software: product: CalMAN Ready for Dell cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1565,26 +1571,29 @@ software: product: Centera cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1595,26 +1604,29 @@ software: product: Chameleon Linux Based Diagnostics cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1625,26 +1637,29 @@ software: product: Chassis Management Controller (CMC) cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1655,26 +1670,29 @@ software: product: China HDD Deluxe cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1685,28 +1703,32 @@ software: product: Cloud IQ cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + notes: Cloud environment patched. references: - '' last_updated: '2021-12-15T00:00:00' @@ -1714,26 +1736,29 @@ software: product: Cloud Mobility for Dell EMC Storage cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1744,26 +1769,95 @@ software: product: Cloud Tiering Appliance cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: CloudIQ Collector + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Common Event Enabler + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' From b7bacc95e446e0fc6671f1db3413c6a1d862fad7 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 14:33:56 -0500 Subject: [PATCH 11/25] Fix indent issue --- data/cisagov_D.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 739fcf6..f08f4ee 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -1521,13 +1521,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - '' cve-2021-45105: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' From b73968802b10dacf46fe9aded68cf93780ab4ce6 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 15:47:55 -0500 Subject: [PATCH 12/25] Update/Add Dell products through Data Domain --- data/cisagov_D.yml | 62 +++++++++++++++++++++++++--------------------- 1 file changed, 34 insertions(+), 28 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index f08f4ee..9100be3 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -1868,26 +1868,29 @@ software: product: Connectrix (Cisco MDS 9000 switches) cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1898,36 +1901,39 @@ software: product: Connectrix (Cisco MDS DCNM) cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + 'Versions prior to 11.5(1x)' fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: Patch expected by 12/23/21. references: - - '' + - 'https://www.dell.com/support/kbdoc/en-us/000194797/dsa-2021-302-dell-connectrix-mds-dcnm-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Connectrix B-Series SANnav cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -1938,26 +1944,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 3/31/2022 + notes: Patch expected by 2/28/2022. references: - - '' + - 'https://www.dell.com/support/kbdoc/en-us/000194461/dsa-2021-266-dell-emc-connectrix-b-series-sannav-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Connextrix B Series cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -1966,14 +1972,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -1996,7 +2002,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2026,7 +2032,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2054,7 +2060,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Versions between 7.3.0.5 and 7.7.0.6;Versions before 7.6.0.30 + - Versions from 7.3.0.5 to 7.7.0.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2071,7 +2077,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-274 references: - - '' + - 'https://www.dell.com/support/kbdoc/en-us/000194503/dsa-2021-274-dell-emc-data-domain-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell BSAFE Crypto-C Micro Edition From 498fcbbf71e7b13aed05067e55ea63b0bb556ab2 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 16:05:32 -0500 Subject: [PATCH 13/25] Update Dell Products through Dell EMC DCA --- data/cisagov_D.yml | 109 ++++++++++++++++++++++++++++++--------------- 1 file changed, 72 insertions(+), 37 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 9100be3..df05ebd 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -2092,7 +2092,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2122,7 +2122,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2152,7 +2152,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2182,7 +2182,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2212,7 +2212,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Client Platforms (Latitude, OptiPlex, Alienware, Inspiron, Precision, XPS, Vostro, ChengMing) BIOS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2242,7 +2272,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2272,7 +2302,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2302,7 +2332,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2332,7 +2362,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2362,7 +2392,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2392,7 +2422,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2422,7 +2452,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2452,7 +2482,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2482,7 +2512,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2512,7 +2542,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2542,7 +2572,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2572,7 +2602,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2602,7 +2632,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2632,7 +2662,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2662,7 +2692,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2692,7 +2722,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2722,7 +2752,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2752,7 +2782,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2782,7 +2812,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2812,7 +2842,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2842,7 +2872,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2900,7 +2930,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"18.2 19.1 19.2 19.3 19.4"' + - '18.2' + - '19.1' + - '19.2' + - '19.3' + - '19.4' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2915,9 +2949,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: Patch expected by 12/20/21. references: - - '' + - 'https://www.dell.com/support/kbdoc/en-us/000194480/dsa-2021-277-dell-emc-avamar-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC BSN Controller Node @@ -2930,7 +2964,8 @@ software: cve-2021-44228: investigated: false affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2946,7 +2981,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-305 references: - - '' + - 'https://www.dell.com/support/kbdoc/en-us/000194631/dsa-2021-305-dell-emc-bsn-controller-node-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Cloud Disaster Recovery @@ -2959,7 +2994,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - N/A + - 'Versions from 19.6 and later' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2976,7 +3011,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: Patch pending references: - - '' + - 'https://www.dell.com/support/kbdoc/en-us/000194663/dsa-2021-289-dell-emc-cloud-disaster-recovery-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Cloudboost @@ -2991,7 +3026,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3021,7 +3056,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3051,7 +3086,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3081,7 +3116,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] From f9cb625c7d030bc65344a03f5d8aea5732a09e90 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 12:37:44 -0500 Subject: [PATCH 14/25] Update Dell to Storage Analytics --- data/cisagov_D.yml | 111 ++++++++++++++++++++++++--------------------- 1 file changed, 60 insertions(+), 51 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index df05ebd..ed70ff1 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -1906,7 +1906,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: 'Versions prior to 11.5(1x)' fixed_versions: [] @@ -1927,7 +1927,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: Patch expected by 12/23/21. references: - - 'https://www.dell.com/support/kbdoc/en-us/000194797/dsa-2021-302-dell-connectrix-mds-dcnm-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228' + - '[DSA-2021-302](https://www.dell.com/support/kbdoc/en-us/000194797/dsa-2021-302-dell-connectrix-mds-dcnm-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Connectrix B-Series SANnav @@ -1957,7 +1957,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: Patch expected by 2/28/2022. references: - - 'https://www.dell.com/support/kbdoc/en-us/000194461/dsa-2021-266-dell-emc-connectrix-b-series-sannav-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228' + - '[DSA-2021-266](https://www.dell.com/support/kbdoc/en-us/000194461/dsa-2021-266-dell-emc-connectrix-b-series-sannav-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Connextrix B Series @@ -2060,7 +2060,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Versions from 7.3.0.5 to 7.7.0.6 + - 'Versions from 7.3.0.5 to 7.7.0.6' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2077,7 +2077,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-274 references: - - 'https://www.dell.com/support/kbdoc/en-us/000194503/dsa-2021-274-dell-emc-data-domain-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228' + - '[DSA-2021-274](https://www.dell.com/support/kbdoc/en-us/000194503/dsa-2021-274-dell-emc-data-domain-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell BSAFE Crypto-C Micro Edition @@ -2902,7 +2902,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2951,7 +2951,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: Patch expected by 12/20/21. references: - - 'https://www.dell.com/support/kbdoc/en-us/000194480/dsa-2021-277-dell-emc-avamar-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228' + - '[DSA-2021-277](https://www.dell.com/support/kbdoc/en-us/000194480/dsa-2021-277-dell-emc-avamar-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC BSN Controller Node @@ -2962,7 +2962,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: - '' @@ -2981,7 +2981,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-305 references: - - 'https://www.dell.com/support/kbdoc/en-us/000194631/dsa-2021-305-dell-emc-bsn-controller-node-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228' + - '[DSA-2021-305](https://www.dell.com/support/kbdoc/en-us/000194631/dsa-2021-305-dell-emc-bsn-controller-node-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Cloud Disaster Recovery @@ -3011,7 +3011,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: Patch pending references: - - 'https://www.dell.com/support/kbdoc/en-us/000194663/dsa-2021-289-dell-emc-cloud-disaster-recovery-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046' + - '[DSA-2021-289](https://www.dell.com/support/kbdoc/en-us/000194663/dsa-2021-289-dell-emc-cloud-disaster-recovery-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Cloudboost @@ -3144,9 +3144,16 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '18.x (or earlier) -standalone DPA is EOSL' + - '18.2.x (IDPA)' + - '19.1.x' + - '19.2.x' + - '19.3.x' + - '19.4.x' + - '19.5.x' + - '19.6.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3161,7 +3168,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - - '' + - '[DSA-2021-309](https://www.dell.com/support/kbdoc/en-us/000194651/dsa-2021-309-dell-emc-dpa-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Data Protection Central @@ -3172,9 +3179,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '18.2.x-19.4.x' + - '19.5.0-19.5.0.7' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3188,9 +3197,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021- 269 + notes: See DSA-2021-269 references: - - '' + - '[DSA-2021-269](https://www.dell.com/support/kbdoc/en-us/000194557/dsa-2021-269-dell-emc-data-protection-central-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Data Protection Search @@ -3203,7 +3212,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Versions before 19.5.0.7 + - 'Versions before 19.6' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3220,7 +3229,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-279 references: - - '' + - '[DSA-2021-279](https://www.dell.com/support/kbdoc/en-us/000194629/dsa-2021-279-dell-emc-data-protection-search-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC DataIQ @@ -3235,7 +3244,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3265,7 +3274,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3282,35 +3291,6 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC ECS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 - references: - - '' - last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Enterprise Storage Analytics for vRealize Operations cves: @@ -5920,6 +5900,35 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: ECS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/18/21 + references: + - '' + last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Embedded NAS cves: From 2f15a136a76c72ec4b0fd871f5bcfae62d098d87 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 12:54:51 -0500 Subject: [PATCH 15/25] Update Dell to Ansible Modules --- data/cisagov_D.yml | 55 ++++++++++++++++++++++++---------------------- 1 file changed, 29 insertions(+), 26 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index ed70ff1..ef2535c 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -3302,7 +3302,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"<6.0.0 6.1.0 6.2.x"' + - '<6.0.0' + - '6.1.0' + - '6.2.x' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3319,7 +3321,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-278 references: - - '' + - '[DSA-2021-278](https://www.dell.com/support/kbdoc/en-us/000194488/dsa-2021-278)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC GeoDrive @@ -3334,7 +3336,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3362,7 +3364,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - N/A + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3377,13 +3379,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Dell EMC Integrated System for Azure Stack HCI is not impacted by this + notes: Dell EMC Integrated System for Azure Stack HCI is not impacted by this advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect Gateway (SCG) were optionally installed with Dell EMC Integrated System for - Azure Stack HCI monitor the following advisories. Apply workaround guidance - and remediations as they become [available:](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + Azure Stack HCI monitor the following advisories. See DSA-2021-307. references: - - '' + - '[DSA-2021-307](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Integrated System for Microsoft Azure Stack Hub @@ -3396,7 +3397,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - N/A + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3411,7 +3412,7 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: Patch expected by 2022-01-31. references: - '' last_updated: '2021-12-15T00:00:00' @@ -3428,7 +3429,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3458,7 +3459,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3486,7 +3487,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 7.0.x + - 'Versions before 7.0.1 P2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3503,10 +3504,10 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-308 references: - - '' + - '[DSA-2021-308](https://www.dell.com/support/kbdoc/en-us/000194630/dsa-2021)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC NetWorker Server + product: Dell EMC NetWorker cves: cve-2021-4104: investigated: false @@ -3516,7 +3517,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + - '19.4.x' + - '19.5.x' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3533,10 +3535,10 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: Patch expected by 12/20/21 references: - - '' + - '[DSA-2021-280](https://www.dell.com/support/kbdoc/en-us/000194541/dsa-2021-280-dell-emc-networker-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC NetWorker Virtual Edition + product: Dell EMC NetWorker VE cves: cve-2021-4104: investigated: false @@ -3546,7 +3548,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + - '19.4.x' + - '19.5.x' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3563,7 +3566,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: Patch expected by 12/20/21 references: - - '' + - '[DSA-2021-280](https://www.dell.com/support/kbdoc/en-us/000194541/dsa-2021-280-dell-emc-networker-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Networking Onie @@ -3578,7 +3581,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3605,10 +3608,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"with Versa Concerto with Versa Analytics with Versa Concero Director"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3621,7 +3624,7 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-304 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' @@ -3638,7 +3641,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] From 70aae6a92bc9e70746d584ddd293effeb30e81fc Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 13:19:55 -0500 Subject: [PATCH 16/25] Update Dell through Powerflex Alliance --- data/cisagov_D.yml | 98 ++++++++++++++++++++++++++++++---------------- 1 file changed, 64 insertions(+), 34 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index ef2535c..87f385c 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -3658,6 +3658,66 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell OpenManage Enterprise Modular + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'Versions before 1.40.10' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-268 + references: + - '[DSA-2021-268](https://www.dell.com/support/kbdoc/en-us/000194625/dsa-2021-268-dell-emc-openmanage-enterprise-modular-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC OpenManage Enterprise Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'Version 1.2 and earlier' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/20/21 + references: + - '[DSA-2021-276](https://www.dell.com/support/kbdoc/en-us/000194652/dsa-2021-276-dell-emc-openmanage-enterprise-services-security-update-for-apache-log4j-remote-code-execution-vulnerabilities-cve-2021-44228-cve-2021-45046)' + last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC OpenManage integration for Splunk cves: @@ -3671,7 +3731,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3701,7 +3761,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3731,7 +3791,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3762,7 +3822,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5094,36 +5154,6 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Open Management Enterprise - Modular - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - <1.40.10 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-268 - references: - - '' - last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell OpenManage Change Management cves: From ac0bbc41e45ad55b98921e715518dc61d6f4ff09 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 13:22:40 -0500 Subject: [PATCH 17/25] Remove EMC Enterprise Services duplicate --- data/cisagov_D.yml | 29 ----------------------------- 1 file changed, 29 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 87f385c..3562bd5 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -5814,35 +5814,6 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: DellEMC OpenManage Enterprise Services - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 - references: - - '' - last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dream Catcher cves: From c7d20ebfded0f033eb8a16eb9094c7512aae386d Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 13:59:51 -0500 Subject: [PATCH 18/25] Update Dell products through EMC PowerShell --- data/cisagov_D.yml | 133 ++++++++++++++++++++++++--------------------- 1 file changed, 72 insertions(+), 61 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 3562bd5..9a081de 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -3658,6 +3658,36 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell OpenManage Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'Versions before 3.8.2' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-275 + references: + - '[DSA-2021-275](https://www.dell.com/support/kbdoc/en-us/000194638/dsa-2021-275-dell-emc-openmanage-enterprise-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell OpenManage Enterprise Modular cves: @@ -3850,8 +3880,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"All versions up to Intelligent Catalog 38_356_00_r10.zip All versions - up to Intelligent Catalog 38_362_00_r7.zip"' + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3866,9 +3895,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-293. references: - - '' + - '[DSA-2021-293](https://www.dell.com/support/kbdoc/en-us/000194579/dsa-2021-293-dell-powerflex-appliance-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC PowerFlex Rack @@ -3881,7 +3910,10 @@ software: cve-2021-44228: investigated: true affected_versions: - - N/A + - 'RCM 3.3 train - all versions up to 3.3.11.0' + - 'RCM 3.4 train - all versions up to 3.4.6.0' + - 'RCM 3.5 train - all versions up to 3.5.6.0' + - 'RCM 3.6 train - all versions up to 3.6.2.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3896,9 +3928,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-292. references: - - '' + - '[DSA-2021-292](https://www.dell.com/support/kbdoc/en-us/000194578/dsa-2021-292-dell-powerflex-rack-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC PowerFlex Software (SDS) @@ -3911,7 +3943,15 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"3.5 3.5.1 3.5.1.1 3.5.1.2 3.5.1.3 3.5.1.4 3.6 3.6.0.1 3.6.0.2"' + - '3.5' + - '3.5.1' + - '3.5.1.1' + - '3.5.1.2' + - '3.5.1.3' + - '3.5.1.4' + - '3.6' + - '3.6.0.1' + - '3.6.0.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3926,9 +3966,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-272. references: - - '' + - '[DSA-2021-272](https://www.dell.com/support/kbdoc/en-us/000194548/dsa-2021-272-dell-powerflex-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC PowerPath @@ -3943,7 +3983,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3973,7 +4013,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4003,7 +4043,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4031,7 +4071,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - All versions 19.9 and earlier + - 'All versions 19.9 and earlier' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4046,9 +4086,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-286. references: - - '' + - '[DSA-2021-286](https://www.dell.com/support/kbdoc/en-us/000194549/dsa-2021-286-dell-emc-power-protect-data-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC PowerProtect DP Series Appliance (iDPA) @@ -4061,7 +4101,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2.7.0 and earlier + - '2.7.0 and earlier' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4076,9 +4116,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA 2021-285. references: - - '' + - '[DSA-2021-285](https://www.dell.com/support/kbdoc/en-us/000194532/dsa-2021-285-dell-emc-integrated-data-protection-appliance-powerprotect-dp-series-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC PowerScale OneFS @@ -4093,7 +4133,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4123,7 +4163,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4153,7 +4193,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4183,7 +4223,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4209,8 +4249,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'Versions before 2.0.1.3-1538564' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4225,9 +4266,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: See DSA-2021-295. references: - - '' + - '[DSA-2021-295](https://www.dell.com/support/kbdoc/en-us/000194739/dsa-2021-295-dell-emc-powerstore-family-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC PowerVault MD3 Series Storage Arrays @@ -4242,7 +4283,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5095,7 +5136,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Mobile + product: Dell OpenManage Mobile cves: cve-2021-4104: investigated: false @@ -5125,7 +5166,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Server Administrator + product: Dell OpenManage Server Administrator cves: cve-2021-4104: investigated: false @@ -6773,37 +6814,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Enterprise - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: OpenManage Integration for Microsoft System Center for System Center - Operations Manager + product: OpenManage Integration for Microsoft System Center for System Center Operations Manager cves: cve-2021-4104: investigated: false From f5f56dfe7dca81e44c98c443220b2237ba841219 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 14:04:05 -0500 Subject: [PATCH 19/25] Fix trailing whitespace in versions --- data/cisagov_D.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 9a081de..1f45e5e 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -3946,9 +3946,9 @@ software: - '3.5' - '3.5.1' - '3.5.1.1' - - '3.5.1.2' - - '3.5.1.3' - - '3.5.1.4' + - '3.5.1.2' + - '3.5.1.3' + - '3.5.1.4' - '3.6' - '3.6.0.1' - '3.6.0.2' From 09c0725de1499cef357dcbee0558bffc862aa333 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 14:53:40 -0500 Subject: [PATCH 20/25] Add/Update through DUP --- data/cisagov_D.yml | 349 +++++++++++++++++++++++++++++++-------------- 1 file changed, 240 insertions(+), 109 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 1f45e5e..d1a7da5 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -4271,7 +4271,37 @@ software: - '[DSA-2021-295](https://www.dell.com/support/kbdoc/en-us/000194739/dsa-2021-295-dell-emc-powerstore-family-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerVault MD3 Series Storage Arrays + product: Dell EMC PowerSwitch Z9264F-ON BMC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC PowerSwitch Z9432F-ON BMC cves: cve-2021-4104: investigated: false @@ -4313,7 +4343,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4331,7 +4361,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC RecoverPoint Classic + product: Dell EMC RecoverPoint cves: cve-2021-4104: investigated: false @@ -4341,7 +4371,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - All 5.1.x and later versions + - 'All' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4356,39 +4386,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA 2021-284. references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC RecoverPoint for Virtual Machine - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All 5.0.x and later versions - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending - references: - - '' + - '[DSA 2021-284](https://www.dell.com/support/kbdoc/en-us/000194531/dsa-2021-284-dell-emc-recoverpoint-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Repository Manager (DRM) @@ -4403,7 +4403,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4429,9 +4429,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4447,7 +4448,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-303 references: - - '' + - '[DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Ruckus SmartZone 300 Controller @@ -4458,9 +4459,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4476,7 +4478,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-303 references: - - '' + - '[DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Ruckus Virtual Software @@ -4487,9 +4489,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4505,7 +4508,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-303 references: - - '' + - '[DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC SourceOne @@ -4520,7 +4523,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4538,7 +4541,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC SRM vApp + product: Dell EMC SRM cves: cve-2021-4104: investigated: false @@ -4547,9 +4550,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions before 4.6.0.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'Versions before 4.6.0.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4563,9 +4566,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/25/2022 + notes: See DSA-2021-301. references: - - '' + - '[DSA-2021-301](https://www.dell.com/support/kbdoc/en-us/000194613/dsa-2021-301)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Streaming Data Platform @@ -4576,8 +4579,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '1.1' + - '1.2' + - '1.2 HF1' + - '1.3' + - '1.3.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4592,9 +4600,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + notes: See DSA-2021-297. references: - - '' + - '[DSA-2021-297](https://www.dell.com/support/kbdoc/en-us/000194627/dsa-2021-297-dell-emc-streaming-data-platform-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Systems Update (DSU) @@ -4609,7 +4617,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4639,7 +4647,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4665,9 +4673,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4681,9 +4690,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/29/21 + notes: See DSA-2021-294. references: - - '' + - '[DSA-2021-294](https://www.dell.com/support/kbdoc/en-us/000194826/dsa-2021-294-dell-emc-unity-dell-emc-unityvsa-and-dell-emc-unity-xt-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Virtual Storage Integrator @@ -4698,7 +4707,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4728,7 +4737,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4746,7 +4755,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC VxRail + product: Dell EMC vProtect cves: cve-2021-4104: investigated: false @@ -4756,7 +4765,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"4.5.x 4.7.x 7.0.x"' + - '19.5-19.9' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4771,9 +4780,71 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2022-007. references: - - '' + - '[DSA-2022-007](https://www.dell.com/support/kbdoc/en-us/000195003/title-dsa-2022-007-dell-emc-vprotect-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC VxRail + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '4.5.x' + - '4.7.x' + - '7.0.x' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-265. + references: + - '[DSA-2021-265](https://www.dell.com/support/kbdoc/en-us/000194466/dsa-2021-265-dell-emc-vxrail-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC XC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-311. + references: + - '[DSA-2021-311](https://www.dell.com/support/kbdoc/en-us/000194822/dsa-2021-311-dell-emc-xc-series-and-core-appliance-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC XtremIO @@ -4788,7 +4859,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4818,7 +4889,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4848,7 +4919,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4878,7 +4949,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4908,7 +4979,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4938,7 +5009,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4968,7 +5039,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4998,7 +5069,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Memory Solutions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5028,7 +5129,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5058,7 +5159,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5088,7 +5189,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5118,7 +5219,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5148,7 +5249,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5178,7 +5279,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5208,7 +5309,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5226,7 +5327,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Enterprise Power Manager Plugin + product: Dell OpenManage Enterprise Power Manager plugin cves: cve-2021-4104: investigated: false @@ -5238,7 +5339,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell OpenManage Enterprise CloudIQ plugin + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5268,7 +5399,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5298,7 +5429,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5328,7 +5459,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5358,7 +5489,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5388,7 +5519,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5418,7 +5549,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5448,7 +5579,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5478,7 +5609,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5508,7 +5639,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5538,7 +5669,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5568,7 +5699,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5598,7 +5729,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5628,7 +5759,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5658,7 +5789,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5688,7 +5819,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5718,7 +5849,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5748,7 +5879,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5778,7 +5909,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5808,7 +5939,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5838,7 +5969,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5868,7 +5999,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5898,7 +6029,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5928,7 +6059,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] From 12d381b5426114e8a5bb2fab543026a1974ec875 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 14:57:41 -0500 Subject: [PATCH 21/25] Fix trailing whitespace --- data/cisagov_D.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index d1a7da5..3a3e7a4 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -4581,7 +4581,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '1.1' + - '1.1' - '1.2' - '1.2 HF1' - '1.3' From 74c0f645adcb3a0bc8ed5196bdc74f76db5c4c45 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 15:13:12 -0500 Subject: [PATCH 22/25] Update to Dell Secure Connect --- data/cisagov_D.yml | 349 ++++++++++++++++++++++++++++++++++----------- 1 file changed, 268 insertions(+), 81 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 3a3e7a4..c66647c 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -6085,9 +6085,15 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '3.3.x' + - '3.4.x' + - '3.5.x' + - '3.6.0.x' + - '3.6.1.x' + - '3.6.2.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6101,9 +6107,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + notes: See DSA-2021-273. references: - - '' + - '[DSA-2021-273](https://www.dell.com/support/kbdoc/en-us/000194612/dsa-2021-273-dell-emc-ecs-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Embedded NAS @@ -6118,7 +6124,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6148,7 +6154,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6174,10 +6180,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6190,9 +6197,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '[link](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + notes: See DSA-2021-270. references: - - '' + - '[DSA-2021-270](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Equallogic PS @@ -6207,7 +6214,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6237,7 +6244,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6267,7 +6274,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6297,7 +6304,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6327,7 +6334,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6357,7 +6364,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6387,7 +6394,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: ISG Drive & Storage Media + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6417,7 +6454,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6447,7 +6484,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6477,7 +6514,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: MDS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6507,7 +6574,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6537,7 +6604,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6567,7 +6634,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6597,7 +6664,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6627,7 +6694,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6657,7 +6724,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Networking OS 9 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6687,37 +6784,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Networking OS9 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6747,7 +6814,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6777,7 +6844,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6807,7 +6874,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6837,7 +6904,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6867,7 +6934,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6897,7 +6964,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6927,7 +6994,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6957,7 +7024,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6987,7 +7054,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7017,7 +7084,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: OpenManage Power Center + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7047,7 +7144,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7077,7 +7174,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7107,7 +7204,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerEdge Accelerator Solutions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7137,7 +7264,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerEdge Networking Solutions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7167,7 +7324,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerEdge RAID Controller Solutions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7197,7 +7384,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7227,7 +7414,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7257,7 +7444,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7287,7 +7474,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7317,7 +7504,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7347,7 +7534,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7377,7 +7564,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7407,7 +7594,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7437,7 +7624,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] From b8e8b9b3644ccc62f66a09196ab1055063dc8c0c Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 15:45:34 -0500 Subject: [PATCH 23/25] Finish update Dell products --- data/cisagov_D.yml | 278 ++++++++++++++++++++++++++------------------- 1 file changed, 159 insertions(+), 119 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index c66647c..a93b7dc 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -7669,7 +7669,37 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-282 references: - - '' + - '[]' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Secure Connect Gateway (SCG) Appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '5.00.00, 5.00.05, and 4.0.06 and earlier versions (OVF and VHD)' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-282 + references: + - '[DSA-2021-282](https://www.dell.com/support/kbdoc/en-us/000194624/dsa-2021-282-dell-emc-secure-connect-gateway-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Secure Connect Gateway (SCG) Policy Manager @@ -7681,9 +7711,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"5.00.00.10 5.00.05.10"' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '5.00.00.10' + - '5.00.05.10' unaffected_versions: [] cve-2021-45046: investigated: false @@ -7699,7 +7730,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-281 references: - - '' + - '[DSA-2021-281](https://www.dell.com/support/kbdoc/en-us/000194539/dsa-2021-281-dell-emc-policy-manager-for-secure-connect-gateway-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Server Storage @@ -7714,7 +7745,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7744,7 +7775,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7774,7 +7805,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7804,7 +7835,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7834,7 +7865,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7864,7 +7895,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7894,7 +7925,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7924,7 +7955,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7951,9 +7982,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '7' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '7.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -7967,9 +7998,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-287. references: - - '' + - '[DSA-2021-287](https://www.dell.com/support/kbdoc/en-us/000194544/dsa-2021-287-dell-emc-srs-policy-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: SRS VE @@ -7984,7 +8015,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8010,8 +8041,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '16.x' + - '17.x' + - '18.x' + - '19.x' + - '20.1.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8026,9 +8062,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-310. references: - - '' + - '[DSA-2021-310](https://www.dell.com/support/kbdoc/en-us/000194790/dsa-2021-310-storage-center-dell-storage-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Storage Center OS and additional SC applications unless otherwise noted @@ -8043,7 +8079,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8073,7 +8109,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8103,7 +8139,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8129,8 +8165,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '2.0.70 and earlier' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8145,9 +8182,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: See DSA-2021-283. references: - - '' + - '[DSA-2021-283](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: UCC Edge @@ -8162,7 +8199,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8188,9 +8225,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'Versions before 4.0 SP 9.2 (4.0.9.1541235)' unaffected_versions: [] cve-2021-45046: investigated: false @@ -8204,9 +8242,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/10/2022 + notes: See DSA-2021-296. references: - - '' + - '[DSA-2021-296](https://www.dell.com/support/kbdoc/en-us/000194874/dsa-2021-296-dell-emc-unisphere-central-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Unisphere for PowerMax @@ -8221,7 +8259,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8251,7 +8289,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8281,7 +8319,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8311,7 +8349,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8341,7 +8379,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8367,8 +8405,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8383,9 +8422,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending See vce6771 (requires customer login) + notes: Patch pending See vce6771 (requires customer login). This advisory is available to customer only and has not been reviewed by CISA. references: - - '' + - '[vce6771](https://support-dellemc-com.secure.force.com/)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: ViPR Controller @@ -8400,7 +8439,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8428,7 +8467,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + - '8.2 8.3 8.4 8.5 and 8.6' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8458,7 +8497,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + - '8.2 8.3 8.4 8.5 and 8.6' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8477,6 +8516,36 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VNX Control Station + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' - vendor: Dell product: VNX1 cves: @@ -8490,7 +8559,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8520,7 +8589,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8547,9 +8616,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions 3.1.16.10220572 and earlier - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'Versions 3.1.16.10220572 and earlier' unaffected_versions: [] cve-2021-45046: investigated: false @@ -8563,9 +8632,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: See DSA-2021-299 references: - - '' + - '[DSA-2021-299](https://www.dell.com/support/kbdoc/en-us/000194605/dsa-2021-299-dell-emc-vnxe1600-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228?lang=en)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: VNXe 3200 @@ -8577,9 +8646,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 3.1.15.10216415 and earlier - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'Version 3.1.15.10216415 and earlier' unaffected_versions: [] cve-2021-45046: investigated: false @@ -8593,9 +8662,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: See DSA-2021-298 references: - - '' + - '[DSA-2021-298](https://www.dell.com/support/kbdoc/en-us/000194606/dsa-2021-298-dell-emc-vnxe3200-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228?lang=en)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: VPLEX VS2/VS6 / VPLEX Witness @@ -8610,7 +8679,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8629,35 +8698,6 @@ software: last_updated: '2021-12-15T00:00:00' - vendor: Dell product: vRealize Data Protection Extension Data Management - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: vRealize Data Protection Extension for vRealize Automation (vRA) 8.x cves: cve-2021-4104: investigated: false @@ -8666,9 +8706,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"version 19.6 version 19.7 version 19.8 and version 19.9"' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -8682,9 +8722,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: See DSA-2021-290. references: - - '' + - '[DSA-2021-290](https://www.dell.com/support/kbdoc/en-us/000194614/dsa-2021-290-dell-emc-vrealize-data-protection-extension-for-vrealize-automation-vra-8-x-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage @@ -8696,9 +8736,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Various - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -8712,9 +8752,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: See DSA-2021-300. references: - - '' + - '[DSA-2021-300](https://www.dell.com/support/kbdoc/en-us/000194610/dsa-2021-300)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: vRO Plugin for Dell EMC PowerMax @@ -8726,9 +8766,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 1.2.3 or earlier - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'Version 1.2.3 or earlier' unaffected_versions: [] cve-2021-45046: investigated: false @@ -8756,9 +8796,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 1.1.0 or earlier - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'Version 1.1.0 or earlier' unaffected_versions: [] cve-2021-45046: investigated: false @@ -8787,7 +8827,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Version 1.1.4 or earlier + - 'Version 1.1.4 or earlier' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8817,7 +8857,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Version 1.0.6 or earlier + - 'Version 1.0.6 or earlier' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8847,7 +8887,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Version 4.1.2 or earlier + - 'Version 4.1.2 or earlier' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8879,7 +8919,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8905,7 +8945,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -8921,9 +8961,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Patch pending See vce6771 (requires customer login) "' + notes: Patch pending See vce6771 (requires customer login). This advisory is available to customer only and has not been reviewed by CISA. references: - - '' + - '[vce6771](https://support-dellemc-com.secure.force.com/)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Warnado MLK (firmware) @@ -8938,7 +8978,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8965,9 +9005,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <3.5 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 3.5' unaffected_versions: [] cve-2021-45046: investigated: false @@ -8983,7 +9023,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-267 references: - - '' + - '[DSA-2021-267](https://www.dell.com/support/kbdoc/en-us/000194459/dsa-2021-267-dell-wyse-management-suite-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Wyse Proprietary OS (ThinOS) @@ -8998,7 +9038,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9028,7 +9068,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] From a2d943dd32af514c2da4330b0086b6cea278cc95 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 15:54:50 -0500 Subject: [PATCH 24/25] Update Digi International products --- data/cisagov_D.yml | 219 +++++++++++++++++++++++++++------------------ 1 file changed, 130 insertions(+), 89 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index a93b7dc..839acdf 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -9116,7 +9116,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Denequa - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -9145,7 +9145,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Device42 - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -9153,10 +9153,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9174,7 +9175,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Devolutions - product: All products + product: All cves: cve-2021-4104: investigated: false @@ -9182,10 +9183,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9203,7 +9205,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Diebold Nixdorf - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -9240,10 +9242,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9269,10 +9272,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9298,10 +9302,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9327,10 +9332,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9356,10 +9362,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9385,10 +9392,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9414,10 +9422,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9443,10 +9452,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9472,10 +9482,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9501,10 +9512,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9530,10 +9542,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9559,10 +9572,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9588,10 +9602,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9617,10 +9632,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9646,10 +9662,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9675,10 +9692,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9704,10 +9722,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9733,10 +9752,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9762,10 +9782,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9791,10 +9812,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9820,10 +9842,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9849,10 +9872,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9878,10 +9902,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9907,10 +9932,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9936,10 +9962,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9965,10 +9992,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9994,10 +10022,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10023,10 +10052,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10052,10 +10082,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10081,10 +10112,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10110,10 +10142,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10139,10 +10172,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10168,10 +10202,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10197,10 +10232,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10226,10 +10262,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10255,10 +10292,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10284,10 +10322,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10313,10 +10352,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10342,10 +10382,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10363,7 +10404,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digicert - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10392,7 +10433,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Digital AI - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10450,7 +10491,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: DNSFilter - product: '' + product: All cves: cve-2021-4104: investigated: false From c3029622e24c489f6a02fb46887a47c5b9dd64db Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 16:07:53 -0500 Subject: [PATCH 25/25] Finish D Products, update Dynatrace entries --- data/cisagov_D.yml | 207 +++++++++++++++++++++++++++++++++++++++------ 1 file changed, 183 insertions(+), 24 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 839acdf..3bfc34b 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -10490,6 +10490,36 @@ software: references: - '' last_updated: '2022-01-05T00:00:00' + - vendor: DirectAdmin + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.directadmin.com/threads/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare.65173/#post-339723 + notes: Invidivual plugins not developed as part of DirectAdmin core may be vulnerable. + references: + - '' + last_updated: '2022-01-05T00:00:00' - vendor: DNSFilter product: All cves: @@ -10520,7 +10550,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Docker - product: '' + product: Infrastructure cves: cve-2021-4104: investigated: false @@ -10528,10 +10558,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10544,12 +10575,12 @@ software: unaffected_versions: [] vendor_links: - https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ - notes: '' + notes: Docker infrastructure not vulnerable, Docker images could be vulnerable. For more info see source. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Docusign - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10577,9 +10608,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: DrayTek - product: Vigor Routers, Access Points, Switches, VigorACS Central Management Software, - MyVigor Platform + - vendor: DotCMS + product: Hybrid Content Management System cves: cve-2021-4104: investigated: false @@ -10587,10 +10617,71 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/dotCMS/core/issues/21393 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Dräger + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://static.draeger.com/security + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: DrayTek + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10607,8 +10698,38 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' + - vendor: Dropwizard + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/dropwizardio/status/1469285337524580359 + notes: Only vulnerable if you manually added Log4j. + references: + - '' + last_updated: '2021-12-15T00:00:00' - vendor: DSpace - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10645,9 +10766,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -10666,7 +10788,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: Dynatrace Extensions + product: Cloud Services cves: cve-2021-4104: investigated: false @@ -10674,10 +10796,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + notes: Please see Dynatrace Communication for details + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: Extensions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -10703,9 +10856,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -10732,10 +10886,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10761,10 +10916,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10790,9 +10946,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -10819,9 +10976,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -10848,9 +11006,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false