From a9091cacf82f9fbb12712ad3d517e0141719faba Mon Sep 17 00:00:00 2001 From: rajendrapshrestha Date: Thu, 23 Dec 2021 13:53:24 -0500 Subject: [PATCH 1/4] Update SOFTWARE-LIST.md Adding entries for Oracle Exadata and Oracle Enterprise Manager --- SOFTWARE-LIST.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 7d3fb15..aef8453 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2054,6 +2054,8 @@ download | | 12/20/2021 | | OpenNMS | | | | | [OpenNMS Link](https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/) | | | | | OpenSearch | | | | | [OpenSearch Discussion Link](https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950) | | | | | Oracle | | | Affected | | [Oracle Security Alert](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) [My Oracle Support Document](https://support.oracle.com/rs?type=doc&id=2827611.1) | The support document is available to customers only and has not been reviewed by CISA | | 12/17/2021 | +| Oracle | Exadata | | Affected | | | | | | +| Oracle | Enterprise Manager | | Affected | | | | | | | Orgavision | | | | | [Orgavision Link](https://www.orgavision.com/neuigkeiten/sicherheitsluecke-java-library-log4j) | | | | | Osirium | PAM | | Not Affected | | [Osirium statement](https://www.osirium.com/blog/apache-log4j-vulnerability) | | | | | Osirium | PEM | | Not Affected | | [Osirium statement](https://www.osirium.com/blog/apache-log4j-vulnerability) | | | | From 6a5d1e8e1e92aec63b8eb7f0bb2059c789ea001f Mon Sep 17 00:00:00 2001 From: rajendrapshrestha Date: Thu, 30 Dec 2021 09:00:17 -0500 Subject: [PATCH 2/4] Update SOFTWARE-LIST.md Oracle Exadata & Oracle EM - Added affected version and link to Oracle site --- SOFTWARE-LIST.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 0ea45e0..a9a7240 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2069,8 +2069,8 @@ download | | 12/20/2021 | | OpenSearch | | | | | [OpenSearch Discussion Link](https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950) | | | | | OpenText | | | | | [OpenText Log4J Remote Code Execution](https://www.opentext.com/support/log4j-remote-code-execution-advisory) | | | 12/23/2021 | | Oracle | | | Affected | | [Oracle Security Alert](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) [My Oracle Support Document](https://support.oracle.com/rs?type=doc&id=2827611.1) | The support document is available to customers only and has not been reviewed by CISA | | 12/17/2021 | -| Oracle | Exadata | | Affected | | | | | | -| Oracle | Enterprise Manager | | Affected | | | | | | +| Oracle | Exadata | <21.3.4 | Affected | | https://www.oracle.com/security-alerts/alert-cve-2021-44228.html (patch status and other security guidance is restricted to Oracle account/support members) | | | | +| Oracle | Enterprise Manager | 13.5 ,13.4 & 13.3.2 | Affected | | https://www.oracle.com/security-alerts/alert-cve-2021-44228.html (patch status and other security guidance is restricted to Oracle account/support members) | | | | | Orgavision | | | | | [Orgavision Link](https://www.orgavision.com/neuigkeiten/sicherheitsluecke-java-library-log4j) | | | | | Osirium | PAM | | Not Affected | | [Osirium statement](https://www.osirium.com/blog/apache-log4j-vulnerability) | | | | | Osirium | PEM | | Not Affected | | [Osirium statement](https://www.osirium.com/blog/apache-log4j-vulnerability) | | | | From 3dce153b353e60cc217e5f29c4989f8853fbb98b Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 30 Dec 2021 09:07:01 -0500 Subject: [PATCH 3/4] Add note & dates --- SOFTWARE-LIST.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 727a1e8..96db1ed 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2068,8 +2068,8 @@ This list was initially populated using information from the following sources: | OpenSearch | | | | | [OpenSearch Discussion Link](https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950) | | | | | OpenText | | | | | [OpenText Log4J Remote Code Execution](https://www.opentext.com/support/log4j-remote-code-execution-advisory) | | | 12/23/2021 | | Oracle | | | Affected | | [Oracle Security Alert](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) [My Oracle Support Document](https://support.oracle.com/rs?type=doc&id=2827611.1) | The support document is available to customers only and has not been reviewed by CISA | | 12/17/2021 | -| Oracle | Exadata | <21.3.4 | Affected | | https://www.oracle.com/security-alerts/alert-cve-2021-44228.html (patch status and other security guidance is restricted to Oracle account/support members) | | | | -| Oracle | Enterprise Manager | 13.5 ,13.4 & 13.3.2 | Affected | | https://www.oracle.com/security-alerts/alert-cve-2021-44228.html (patch status and other security guidance is restricted to Oracle account/support members) | | | | +| Oracle | Exadata | <21.3.4 | Affected | | https://www.oracle.com/security-alerts/alert-cve-2021-44228.html (patch status and other security guidance is restricted to Oracle account/support members) | The support document is available to customers only and has not been reviewed by CISA. | | 12/17/2021 | +| Oracle | Enterprise Manager | 13.5 ,13.4 & 13.3.2 | Affected | | https://www.oracle.com/security-alerts/alert-cve-2021-44228.html (patch status and other security guidance is restricted to Oracle account/support members) | The support document is available to customers only and has not been reviewed by CISA. | | 12/17/2021 | | Orgavision | | | | | [Orgavision Link](https://www.orgavision.com/neuigkeiten/sicherheitsluecke-java-library-log4j) | | | | | Osirium | PAM | | Not Affected | | [Osirium statement](https://www.osirium.com/blog/apache-log4j-vulnerability) | | | | | Osirium | PEM | | Not Affected | | [Osirium statement](https://www.osirium.com/blog/apache-log4j-vulnerability) | | | | From 1c363a75d198d988316d0c4d4379b26660b8bd5b Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 30 Dec 2021 09:10:13 -0500 Subject: [PATCH 4/4] Fix bare urls Oracle --- SOFTWARE-LIST.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 96db1ed..13ebbff 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2068,8 +2068,8 @@ This list was initially populated using information from the following sources: | OpenSearch | | | | | [OpenSearch Discussion Link](https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950) | | | | | OpenText | | | | | [OpenText Log4J Remote Code Execution](https://www.opentext.com/support/log4j-remote-code-execution-advisory) | | | 12/23/2021 | | Oracle | | | Affected | | [Oracle Security Alert](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) [My Oracle Support Document](https://support.oracle.com/rs?type=doc&id=2827611.1) | The support document is available to customers only and has not been reviewed by CISA | | 12/17/2021 | -| Oracle | Exadata | <21.3.4 | Affected | | https://www.oracle.com/security-alerts/alert-cve-2021-44228.html (patch status and other security guidance is restricted to Oracle account/support members) | The support document is available to customers only and has not been reviewed by CISA. | | 12/17/2021 | -| Oracle | Enterprise Manager | 13.5 ,13.4 & 13.3.2 | Affected | | https://www.oracle.com/security-alerts/alert-cve-2021-44228.html (patch status and other security guidance is restricted to Oracle account/support members) | The support document is available to customers only and has not been reviewed by CISA. | | 12/17/2021 | +| Oracle | Exadata | <21.3.4 | Affected | | [https://www.oracle.com/security-alerts/alert-cve-2021-44228.html](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | Patch status and other security guidance is restricted to Oracle account/support members. The support document is available to customers only and has not been reviewed by CISA. | | 12/17/2021 | +| Oracle | Enterprise Manager | 13.5 ,13.4 & 13.3.2 | Affected | | [https://www.oracle.com/security-alerts/alert-cve-2021-44228.html](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | Patch status and other security guidance is restricted to Oracle account/support members. The support document is available to customers only and has not been reviewed by CISA. | | 12/17/2021 | | Orgavision | | | | | [Orgavision Link](https://www.orgavision.com/neuigkeiten/sicherheitsluecke-java-library-log4j) | | | | | Osirium | PAM | | Not Affected | | [Osirium statement](https://www.osirium.com/blog/apache-log4j-vulnerability) | | | | | Osirium | PEM | | Not Affected | | [Osirium statement](https://www.osirium.com/blog/apache-log4j-vulnerability) | | | |