diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 651f889..2a2a8d0 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -12,10 +12,11 @@ ## Software List ## -This list was initially populated using information from the following sources: +This list has been populated using information from the following sources: - Kevin Beaumont - SwitHak +- National Cyber Security Centre - Netherlands (NCSC-NL) NOTE: This file is automatically generated. To submit updates, please refer to [`CONTRIBUTING.md`](CONTRIBUTING.md). @@ -27,6 +28,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | 3CX | | | | Unknown | [link](https://www.3cx.com/community/threads/log4j-vulnerability-cve-2021-44228.86436/#post-407911) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | 3M Health Information Systems | CGS | | | Unknown | [link](https://support.3mhis.com/app/account/updates/ri/5210) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | 7-Zip | | | | Unknown | [link](https://sourceforge.net/p/sevenzip/discussion/45797/thread/b977bbd4d1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| 7Signal | Sapphire | | | Fixed | [link](https://www.7signal.com/info/se-release-notes) | Fix released 2021-12-14 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | ABB | | | | Unknown | [link](https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ABB | ABB Remote Service | ABB Remote Platform (RAP) | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ABB | AlarmInsight Cloud | AlarmInsight KPI Dashboards 1.0.0 | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -43,6 +45,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Adeptia | | | | Unknown | [link](https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Adobe ColdFusion | | | | Unknown | [link](https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ADP | | | | Unknown | [link](https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Advanced Micro Devices (AMD) | All | | | Not Affected | [link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Advanced Systems Concepts (formally Jscape) | Active MFT | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Advanced Systems Concepts (formally Jscape) | MFT | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Advanced Systems Concepts (formally Jscape) | MFT Gateway | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | @@ -200,12 +203,12 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Barco | | | | Unknown | [link](https://www.barco.com/en/support/knowledge-base/kb12495) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Barracuda | | | | Unknown | [link](https://www.barracuda.com/company/legal/trust-center) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Baxter | | | | Unknown | [link](https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | APEX® Compounder | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | Outlook® Safety Infusion System Pump family | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | Pinnacle® Compounder | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | Pump, SpaceStation, and Space® Wireless Battery) | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® Space® Infusion | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BBraun | APEX® Compounder | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software | | All | Fixed | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Outlook® Safety Infusion System Pump family | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Pinnacle® Compounder | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Pump, SpaceStation, and Space® Wireless Battery) | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® Space® Infusion | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | | BD | Arctic Sun™ Analytics | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | BD | BD Diabetes Care App Cloud | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | BD | BD HealthSight™ Clinical Advisor | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | @@ -219,7 +222,75 @@ NOTE: This file is automatically generated. To submit updates, please refer to | BD | BD Knowledge Portal for Medication Technologies | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | BD | BD Synapsys™ Informatics Solution | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | BD | BD Veritor™ COVID At Home Solution Cloud | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Beckman Coulter | | | | Unknown | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Beckman Coulter | Access 2 (Immunoassay System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Ac•T 5diff (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Ac•T Family (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU2700 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU480 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU5400 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU5800 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU640 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU680 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AutoMate 1200 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AutoMate 1250 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AutoMate 2500 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AutoMate 2550 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxA 5000 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxA 5000 Fit (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 500 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 520 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 560 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 600 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 690T (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 800 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 900 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH SMS (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH SMS II (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxM Autoplak (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxM WalkAway 1040 (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxM WalkAway 1096 (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxONE Command Central (Information Systems) | | All | Fixed | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | Customers can follow instructions to remove log4j | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxONE Insights (Information Systems) | | | Fixed | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | Patch has been applied. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxONE Inventory Manager (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxONE Workflow Manager (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxU Workcell (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxUc (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxUm (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | HighFlexX Software (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | HmX (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | HmX AL (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | iChemVELOCITY (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | IMMAGE 800 (Nephelometry) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Intelligent Sample Banking ISB (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Ipaw (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | iQ Workcell (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | iQ200 (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | iRICELL (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LabPro Workstation and Database Computers Provided by Beckman Coulter (Microbiology) | All | | Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | The only known instance of vulnerability due to Log4J is using Axeda services | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH 500 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH Slidemaker (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH Slidestraine (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH750 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH780 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH785 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | MicroScan autoSCAN-4 (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | PK7300 (Blood Bank) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | PK7400 (Blood Bank) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Power Express (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Power Link (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Power Processor (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | PROService (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | RAP Box (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | REMISOL ADVANCE (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Sorting Drive (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Unicel DxC 600 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Unicel DxC 800 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Unicel DxI 600 (Immunoassay System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Unicel DxI 800 (Immunoassay System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | WalkAway 40 plus (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | WalkAway 40 SI (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | WalkAway 96 plus (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | WalkAway 96 SI (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | | Beijer Electronics | acirro+ | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Beijer Electronics | BFI frequency inverters | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Beijer Electronics | BSD servo drives | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | @@ -344,14 +415,16 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Campbell Scientific | All | | | Unknown | [link](https://s.campbellsci.com/documents/us/miscellaneous/log4j2-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | | Camunda | | | | Unknown | [link](https://forum.camunda.org/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228/31910) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Canary Labs | All | | | Unknown | [link](https://helpcenter.canarylabs.com/t/83hjjk0/log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | Alphenix (Angio Workstation) | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | CT Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | Infinix-i (Angio Workstation) | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | MR Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | NM Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | UL Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | Vitrea Advanced 7.x | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | XR Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Canon | Canon DR Products CXDI_NE) | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | Such as Omnera, FlexPro, Soltus | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | CT Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | Eye-Care Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | MR Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | NM Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | UL Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | Vitrea Advanced 7.x | All | | Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | VL Alphenix Angio Workstation (AWS) | All | | Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | VL Infinix-i Angio Workstation (AWS) | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | XR Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | CapStorm | Copystorm | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | CarbonBlack | | | | Unknown | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Carestream | | | | Unknown | [link](https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | @@ -591,12 +664,12 @@ NOTE: This file is automatically generated. To submit updates, please refer to | CyberRes | | | | Unknown | [link](https://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Daktronics | All Sport Pro | | | Unknown | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Dakronics Media Player | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | -| Daktronics | Dakronics Web Player | DWP-1000 | | Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | DWP-1000: Not present in our codebase, but awaiting confirmation from LG re: webOS platform. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | +| Daktronics | Dakronics Web Player | DWP-1000 | | Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | DWP-1000 is not present in our codebase, but awaiting confirmation from LG re webOS platform. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Data Vision Software (DVS) | | | Unknown | [link](https://www.daktronics.com/en-us/support/kb/000025337) | DVS has one microservice that uses Log4j, but it uses a version that is not impacted. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Dynamic Messaging System (DMS) | | | Unknown | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Dynamic Messaging System - DMS Core Player | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Dynamic Messaging System - DMS Player hardware | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | -| Daktronics | Dynamic Messaging System - DMS Web Player | | | Unknown | [link](https://www.daktronics.com/en-us/support/kb/000025337) | DMS Web Player: Not present in our codebase, but awaiting confirmation from LG re: webOS platform. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | +| Daktronics | Dynamic Messaging System - DMS Web Player | | | Unknown | [link](https://www.daktronics.com/en-us/support/kb/000025337) | DMS Web Player not present in our codebase, but awaiting confirmation from LG re webOS platform. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | IBoot - Dataprobe IBoot Devices | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Outdoor Smartlink Devices | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Routers - Cisco Meraki Z3/Z3c Routers | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | @@ -608,42 +681,54 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Daktronics | Venus Control Suite (VCS) | | | Unknown | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Video Image Processors | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Webcam - Mobotix | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | -| DarkTrace | | | | Unknown | [link](https://customerportal.darktrace.com/inside-the-soc/get-article/201) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Dassault Systèmes | | | | Unknown | [link](https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Databricks | | | | Unknown | [link](https://docs.google.com/document/d/e/2PACX-1vREjwZk17BAHGwj5Phizi4DPFS9EIUbAMX-CswlgbFwqwKXNKZC8MrT-L6wUgfIChsSHtvd_QD3-659/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Datadog | Datadog Agent | | >=6.17.0, <=6.32.2, >=7.17.0, <=7.32.2 | Fixed | [link](https://www.datadoghq.com/log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Dataminer | | | | Unknown | [link](https://community.dataminer.services/responding-to-log4shell-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| DarkTrace | All | | | Unknown | [link](https://customerportal.darktrace.com/inside-the-soc/get-article/201) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Dassault Systèmes | All | | | Unknown | [link](https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Databricks | All | | | Unknown | [link](https://docs.google.com/document/d/e/2PACX-1vREjwZk17BAHGwj5Phizi4DPFS9EIUbAMX-CswlgbFwqwKXNKZC8MrT-L6wUgfIChsSHtvd_QD3-659/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Datadog | Datadog Agent | | >=6.17.0, <=6.32.2, >=7.17.0, <=7.32.2 | Fixed | [link](https://www.datadoghq.com/log4j-vulnerability/) | JMX monitoring component leverages an impacted version of log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Datadog | datadog-kafka-connect-logs | | < 1.0.2 | Fixed | [link](https://www.datadoghq.com/log4j-vulnerability/) | Version 1.0.2 of the library uses version 2.16.0 of Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Datadog | datadog-lambda-java | | < 1.0.2 | Fixed | [link](https://www.datadoghq.com/log4j-vulnerability/) | Following AWS recommendation, library updated using the latest version of amazon-lambda-java-log4j2 (1.4.0). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Dataminer | All | | | Unknown | [link](https://community.dataminer.services/responding-to-log4shell-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Datev | | | | Unknown | [link](https://www.datev-community.de/t5/Freie-Themen/Log4-J-Schwachstelle/m-p/258185/highlight/true#M14308) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Datto | | | | Unknown | [link](https://www.datto.com/blog/dattos-response-to-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| dCache.org | | | | Unknown | [link](https://www.dcache.org/post/log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Debian | | | | Unknown | [link](https://security-tracker.debian.org/tracker/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Deepinstinct | | | | Unknown | [link](https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-what-you-need-to-know) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Dell | "Dell EMC PowerMax VMAX VMAX3 and VMAX AFA" | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | "Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC" | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Datto | All | | | Unknown | [link](https://www.datto.com/blog/dattos-response-to-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| DBeaver | All | | | Not Affected | [link](https://www.dcache.org/post/log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| dCache.org | All | | | Unknown | [link](https://www.dcache.org/post/log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Debian | Apache-log4j.1.2 | | | Not Affected | [link](https://security-tracker.debian.org/tracker/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Debian | Apache-log4j2 | | | Unknown | [link](https://security-tracker.debian.org/tracker/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Decos | Cloud | | | Not Affected | [link](https://decos.freshdesk.com/nl/support/solutions/articles/17000121598) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| Decos | EvenementenAssistent + InkomensAssistent + Leerlingenvervoer + AIM online | | | Not Affected | [link](https://decos.freshdesk.com/nl/support/solutions/articles/17000121598) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| Decos | Fixi | | | Not Affected | [link](https://decos.freshdesk.com/nl/support/solutions/articles/17000121598) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| Decos | Integrations (StUF/ZGW/Doclogic-DataIntegrator) | | | Not Affected | [link](https://decos.freshdesk.com/nl/support/solutions/articles/17000121598) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| Decos | JOIN Klant Contact | | | Not Affected | [link](https://decos.freshdesk.com/nl/support/solutions/articles/17000121598) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| Decos | JOIN Zaak &I Document (on-premise) | | All | Fixed | [link](https://decos.freshdesk.com/nl/support/solutions/articles/17000121598) | The solution contains Elasticsearch (vulnerable). Mitigating actions available on our WIKI. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| Decos | JOIN Zaak &I Document (on-premise) | | All | Fixed | [link](https://decos.freshdesk.com/nl/support/solutions/articles/17000121598) | The SaaS hosted solution contains Logstash + Elasticsearch (vulnerable). Mitigating actions taken. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| Deepinstinct | All | | | Unknown | [link](https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-what-you-need-to-know) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Dell | Alienware Command Center | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Alienware OC Controls | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Alienware On Screen Display | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Alienware Update | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | APEX Console | | N/A | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Cloud environment patched | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | APEX Data Storage Services | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Cloud environment patch in progress | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | APEX Console | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Cloud environment patched. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | APEX Data Storage Services | | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Cloud environment patch in progress. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Atmos | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Azure Stack HCI | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Avamar vproxy | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | CalMAN Powered Calibration Firmware | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | CalMAN Ready for Dell | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Centera | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Chameleon Linux Based Diagnostics | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Chassis Management Controller (CMC) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | China HDD Deluxe | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Cloud IQ | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Cloud environment patched | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Client Platforms (Latitude, OptiPlex, Alienware, Inspiron, Precision, XPS, Vostro, ChengMing) BIOS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Cloud IQ | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Cloud environment patched. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Cloud Mobility for Dell EMC Storage | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Cloud Tiering Appliance | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | CloudIQ Collector | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Common Event Enabler | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Connectrix (Cisco MDS 9000 switches) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Connectrix (Cisco MDS DCNM) | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/23/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Connectrix B-Series SANnav | 2.1.1 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 3/31/2022 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Connectrix (Cisco MDS DCNM) | V, e, r, s, i, o, n, s, , p, r, i, o, r, , t, o, , 1, 1, ., 5, (, 1, x, ) | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/23/21. | [DSA-2021-302](https://www.dell.com/support/kbdoc/en-us/000194797/dsa-2021-302-dell-connectrix-mds-dcnm-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Connectrix B-Series SANnav | 2.1.1 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 2/28/2022. | [DSA-2021-266](https://www.dell.com/support/kbdoc/en-us/000194461/dsa-2021-266-dell-emc-connectrix-b-series-sannav-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Connextrix B Series | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | CyberSecIQ Application | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | CyberSense for PowerProtect Cyber Recovery | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Data Domain OS | Versions between 7.3.0.5 and 7.7.0.6;Versions before 7.6.0.30 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-274 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Data Domain OS | Versions from 7.3.0.5 to 7.7.0.6 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-274 | [DSA-2021-274](https://www.dell.com/support/kbdoc/en-us/000194503/dsa-2021-274-dell-emc-data-domain-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell BSAFE Crypto-C Micro Edition | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell BSAFE Crypto-J | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell BSAFE Micro Edition Suite | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -671,65 +756,67 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | Dell Display Manager 1.5 for Windows / macOS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Display Manager 2.0 for Windows / macOS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC AppSync | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Avamar | "18.2 19.1 19.2 19.3 19.4" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC BSN Controller Node | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-305 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Cloud Disaster Recovery | N/A | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Avamar | 18.2, 19.1, 19.2, 19.3, 19.4 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21. | [DSA-2021-277](https://www.dell.com/support/kbdoc/en-us/000194480/dsa-2021-277-dell-emc-avamar-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC BSN Controller Node | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-305 | [DSA-2021-305](https://www.dell.com/support/kbdoc/en-us/000194631/dsa-2021-305-dell-emc-bsn-controller-node-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Cloud Disaster Recovery | Versions from 19.6 and later | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | [DSA-2021-289](https://www.dell.com/support/kbdoc/en-us/000194663/dsa-2021-289-dell-emc-cloud-disaster-recovery-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Cloudboost | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC CloudLink | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Container Storage Modules | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Data Computing Appliance (DCA) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Data Protection Advisor | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Data Protection Central | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021- 269 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Data Protection Search | Versions before 19.5.0.7 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-279 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Data Protection Advisor | | 18.x (or earlier) -standalone DPA is EOSL, 18.2.x (IDPA), 19.1.x, 19.2.x, 19.3.x, 19.4.x, 19.5.x, 19.6.0 | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | [DSA-2021-309](https://www.dell.com/support/kbdoc/en-us/000194651/dsa-2021-309-dell-emc-dpa-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Data Protection Central | | 18.2.x-19.4.x, 19.5.0-19.5.0.7 | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-269 | [DSA-2021-269](https://www.dell.com/support/kbdoc/en-us/000194557/dsa-2021-269-dell-emc-data-protection-central-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Data Protection Search | Versions before 19.6 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-279 | [DSA-2021-279](https://www.dell.com/support/kbdoc/en-us/000194629/dsa-2021-279-dell-emc-data-protection-search-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC DataIQ | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Disk Library for Mainframe | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC ECS | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/18/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Enterprise Storage Analytics for vRealize Operations | "<6.0.0 6.1.0 6.2.x" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-278 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Enterprise Storage Analytics for vRealize Operations | <6.0.0, 6.1.0, 6.2.x | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-278 | [DSA-2021-278](https://www.dell.com/support/kbdoc/en-us/000194488/dsa-2021-278) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC GeoDrive | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Integrated System for Azure Stack HCI | N/A | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | "Dell EMC Integrated System for Azure Stack HCI is not impacted by this advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect Gateway (SCG) were optionally installed with Dell EMC Integrated System for Azure Stack HCI monitor the following advisories. Apply workaround guidance and remediations as they become [available:](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Integrated System for Microsoft Azure Stack Hub | N/A | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Integrated System for Azure Stack HCI | | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Dell EMC Integrated System for Azure Stack HCI is not impacted by this advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect Gateway (SCG) were optionally installed with Dell EMC Integrated System for Azure Stack HCI monitor the following advisories. See DSA-2021-307. | [DSA-2021-307](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Integrated System for Microsoft Azure Stack Hub | | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 2022-01-31. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Isilon InsightIQ | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC License Manager | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Metro Node | 7.0.x | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-308 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC NetWorker Server | "19.5.x 19.4.x 19.3.x" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC NetWorker Virtual Edition | "19.5.x 19.4.x 19.3.x" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Metro Node | Versions before 7.0.1 P2 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-308 | [DSA-2021-308](https://www.dell.com/support/kbdoc/en-us/000194630/dsa-2021) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC NetWorker | 19.4.x, 19.5.x | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | [DSA-2021-280](https://www.dell.com/support/kbdoc/en-us/000194541/dsa-2021-280-dell-emc-networker-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC NetWorker VE | 19.4.x, 19.5.x | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | [DSA-2021-280](https://www.dell.com/support/kbdoc/en-us/000194541/dsa-2021-280-dell-emc-networker-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Networking Onie | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Networking Virtual Edge Platform with VersaOS | "with Versa Concerto with Versa Analytics with Versa Concero Director" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-304 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Networking Virtual Edge Platform with VersaOS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC OpenManage Ansible Modules | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC OpenManage Enterprise Services | Version 1.2 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | [DSA-2021-276](https://www.dell.com/support/kbdoc/en-us/000194652/dsa-2021-276-dell-emc-openmanage-enterprise-services-security-update-for-apache-log4j-remote-code-execution-vulnerabilities-cve-2021-44228-cve-2021-45046) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC OpenManage integration for Splunk | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC OpenManage Integration for VMware vCenter | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC OpenManage Management pack for vRealize Operations | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge Manager | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC PowerFlex Appliance | "All versions up to Intelligent Catalog 38_356_00_r10.zip All versions up to Intelligent Catalog 38_362_00_r7.zip" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC PowerFlex Rack | N/A | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC PowerFlex Software (SDS) | "3.5 3.5.1 3.5.1.1 3.5.1.2 3.5.1.3 3.5.1.4 3.6 3.6.0.1 3.6.0.2" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerFlex Appliance | | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-293. | [DSA-2021-293](https://www.dell.com/support/kbdoc/en-us/000194579/dsa-2021-293-dell-powerflex-appliance-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerFlex Rack | RCM 3.3 train - all versions up to 3.3.11.0, RCM 3.4 train - all versions up to 3.4.6.0, RCM 3.5 train - all versions up to 3.5.6.0, RCM 3.6 train - all versions up to 3.6.2.0 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-292. | [DSA-2021-292](https://www.dell.com/support/kbdoc/en-us/000194578/dsa-2021-292-dell-powerflex-rack-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerFlex Software (SDS) | 3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4, 3.6, 3.6.0.1, 3.6.0.2 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-272. | [DSA-2021-272](https://www.dell.com/support/kbdoc/en-us/000194548/dsa-2021-272-dell-powerflex-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerPath | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerPath Management Appliance | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerProtect Cyber Recovery | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC PowerProtect Data Manager | All versions 19.9 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC PowerProtect DP Series Appliance (iDPA) | 2.7.0 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerProtect Data Manager | All versions 19.9 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-286. | [DSA-2021-286](https://www.dell.com/support/kbdoc/en-us/000194549/dsa-2021-286-dell-emc-power-protect-data-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerProtect DP Series Appliance (iDPA) | 2.7.0 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA 2021-285. | [DSA-2021-285](https://www.dell.com/support/kbdoc/en-us/000194532/dsa-2021-285-dell-emc-integrated-data-protection-appliance-powerprotect-dp-series-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerScale OneFS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerShell for PowerMax | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerShell for Powerstore | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerShell for Unity | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC PowerStore | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/23/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC PowerVault MD3 Series Storage Arrays | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerStore | Versions before 2.0.1.3-1538564 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-295. | [DSA-2021-295](https://www.dell.com/support/kbdoc/en-us/000194739/dsa-2021-295-dell-emc-powerstore-family-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerSwitch Z9264F-ON BMC | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerSwitch Z9432F-ON BMC | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerVault ME4 Series Storage Arrays | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC RecoverPoint Classic | All 5.1.x and later versions | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC RecoverPoint for Virtual Machine | All 5.0.x and later versions | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC RecoverPoint | All | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA 2021-284. | [DSA 2021-284](https://www.dell.com/support/kbdoc/en-us/000194531/dsa-2021-284-dell-emc-recoverpoint-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Repository Manager (DRM) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Ruckus SmartZone 100 Controller | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-303 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Ruckus SmartZone 300 Controller | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-303 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Ruckus Virtual Software | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-303 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Ruckus SmartZone 100 Controller | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-303 | [DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Ruckus SmartZone 300 Controller | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-303 | [DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Ruckus Virtual Software | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-303 | [DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC SourceOne | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC SRM vApp | Versions before 4.6.0.2 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 1/25/2022 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Streaming Data Platform | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/18/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC SRM | | Versions before 4.6.0.2 | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-301. | [DSA-2021-301](https://www.dell.com/support/kbdoc/en-us/000194613/dsa-2021-301) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Streaming Data Platform | 1.1, 1.2, 1.2 HF1, 1.3, 1.3.1 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-297. | [DSA-2021-297](https://www.dell.com/support/kbdoc/en-us/000194627/dsa-2021-297-dell-emc-streaming-data-platform-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Systems Update (DSU) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Unisphere 360 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Unity | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/29/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Unity | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-294. | [DSA-2021-294](https://www.dell.com/support/kbdoc/en-us/000194826/dsa-2021-294-dell-emc-unity-dell-emc-unityvsa-and-dell-emc-unity-xt-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Virtual Storage Integrator | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC VPLEX | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC VxRail | "4.5.x 4.7.x 7.0.x" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC vProtect | 19.5-19.9 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2022-007. | [DSA-2022-007](https://www.dell.com/support/kbdoc/en-us/000195003/title-dsa-2022-007-dell-emc-vprotect-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC VxRail | 4.5.x, 4.7.x, 7.0.x | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-265. | [DSA-2021-265](https://www.dell.com/support/kbdoc/en-us/000194466/dsa-2021-265-dell-emc-vxrail-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC XC | | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-311. | [DSA-2021-311](https://www.dell.com/support/kbdoc/en-us/000194822/dsa-2021-311-dell-emc-xc-series-and-core-appliance-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC XtremIO | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Encryption Enterprise* | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Encryption Personal* | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -738,15 +825,18 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | Dell ImageAssist | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Insights Client | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Linux Assistant | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell Memory Solutions | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Mobile Connect | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Monitor ISP (Windows/Mac/Linux) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Monitor SDK | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Networking X-Series | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell Open Manage Mobile | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell Open Manage Server Administrator | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell Open Management Enterprise - Modular | <1.40.10 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-268 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell OpenManage Change Management | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell OpenManage Enterprise Power Manager Plugin | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell OpenManage Enterprise | Versions before 3.8.2 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-275 | [DSA-2021-275](https://www.dell.com/support/kbdoc/en-us/000194638/dsa-2021-275-dell-emc-openmanage-enterprise-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell OpenManage Enterprise CloudIQ plugin | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell OpenManage Enterprise Modular | Versions before 1.40.10 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-268 | [DSA-2021-268](https://www.dell.com/support/kbdoc/en-us/000194625/dsa-2021-268-dell-emc-openmanage-enterprise-modular-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell OpenManage Enterprise Power Manager plugin | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell OpenManage Mobile | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell OpenManage Server Administrator | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Optimizer | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell OS Recovery Tool | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Peripheral Manager 1.4 / 1.5 for Windows | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -767,13 +857,13 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | Dell True Color | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Trusted Device | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Update | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | DellEMC OpenManage Enterprise Services | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dream Catcher | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | DUP Creation Service | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | DUP Framework (ISG) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | ECS | | 3.3.x, 3.4.x, 3.5.x, 3.6.0.x, 3.6.1.x, 3.6.2.0 | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-273. | [DSA-2021-273](https://www.dell.com/support/kbdoc/en-us/000194612/dsa-2021-273-dell-emc-ecs-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Embedded NAS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Embedded Service Enabler | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Enterprise Hybrid Cloud | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | [link](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Enterprise Hybrid Cloud | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-270. | [DSA-2021-270](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Equallogic PS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Fluid FS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | iDRAC Service Module (iSM) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -781,9 +871,11 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | Integrated Dell Remote Access Controller (iDRAC) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | ISG Accelerators | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | ISG Board & Electrical | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | ISG Drive & Storage Media | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | IsilonSD Management Server | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | IVE-WinDiag | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Mainframe Enablers | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | MDS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | My Dell | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | MyDell Mobile | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | NetWorker Management Console | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -791,7 +883,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | Networking DIAG | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Networking N-Series | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Networking OS 10 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Networking OS9 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Networking OS 9 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Networking SD-WAN Edge SD-WAN | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Networking W-Series | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Networking X-Series | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -799,15 +891,18 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | OMNIA | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | OpenManage Connections - Nagios | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | OpenManage Connections - ServiceNow | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | OpenManage Enterprise | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | OpenManage Integration for Microsoft System Center for System Center Operations Manager | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | OpenManage Integration with Microsoft Windows Admin Center | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | OpenManage Network Integration | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | OpenManage Power Center | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PowerConnect N3200 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PowerConnect PC2800 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PowerConnect PC8100 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | PowerEdge Accelerator Solutions | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PowerEdge BIOS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | PowerEdge Networking Solutions | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PowerEdge Operating Systems | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | PowerEdge RAID Controller Solutions | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PowerTools Agent | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PPDM Kubernetes cProxy | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PPDM VMware vProxy | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -817,8 +912,9 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | Rugged Control Center (RCC) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | SD ROM Utility | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | SDNAS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Secure Connect Gateway (SCG) Appliance | "5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-282 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Secure Connect Gateway (SCG) Policy Manager | "5.00.00.10 5.00.05.10" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-281 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Secure Connect Gateway (SCG) Appliance | "5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-282 | [] | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Secure Connect Gateway (SCG) Appliance | | 5.00.00, 5.00.05, and 4.0.06 and earlier versions (OVF and VHD) | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-282 | [DSA-2021-282](https://www.dell.com/support/kbdoc/en-us/000194624/dsa-2021-282-dell-emc-secure-connect-gateway-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Secure Connect Gateway (SCG) Policy Manager | | 5.00.00.10, 5.00.05.10 | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-281 | [DSA-2021-281](https://www.dell.com/support/kbdoc/en-us/000194539/dsa-2021-281-dell-emc-policy-manager-for-secure-connect-gateway-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Server Storage | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Smart Fabric Storage Software | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | SmartByte | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -827,103 +923,108 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | Solutions Enabler | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Solutions Enabler vApp | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Sonic | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | SRS Policy Manager | 7 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | SRS Policy Manager | | 7.0 | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-287. | [DSA-2021-287](https://www.dell.com/support/kbdoc/en-us/000194544/dsa-2021-287-dell-emc-srs-policy-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | SRS VE | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Storage Center - Dell Storage Manager | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Storage Center - Dell Storage Manager | 16.x, 17.x, 18.x, 19.x, 20.1.1 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-310. | [DSA-2021-310](https://www.dell.com/support/kbdoc/en-us/000194790/dsa-2021-310-storage-center-dell-storage-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Storage Center OS and additional SC applications unless otherwise noted | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | SupportAssist Client Commercial | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | SupportAssist Client Consumer | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | SupportAssist Enterprise | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/23/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | SupportAssist Enterprise | 2.0.70 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-283. | [DSA-2021-283](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | UCC Edge | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Unisphere Central | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 1/10/2022 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Unisphere Central | | Versions before 4.0 SP 9.2 (4.0.9.1541235) | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-296. | [DSA-2021-296](https://www.dell.com/support/kbdoc/en-us/000194874/dsa-2021-296-dell-emc-unisphere-central-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Unisphere for PowerMax | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Unisphere for PowerMax vApp | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Unisphere for VMAX | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Unisphere for VNX | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Update Manager Plugin | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Vblock | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending See vce6771 (requires customer login) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Vblock | | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending See vce6771 (requires customer login). This advisory is available to customer only and has not been reviewed by CISA. | [vce6771](https://support-dellemc-com.secure.force.com/) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | ViPR Controller | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | VMware vRealize Automation 8.x | "8.2 8.3 8.4 8.5 and 8.6" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | VMware vRealize Orchestrator 8.x | "8.2 8.3 8.4 8.5 and 8.6" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | VMware vRealize Automation 8.x | 8.2 8.3 8.4 8.5 and 8.6 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | VMware vRealize Orchestrator 8.x | 8.2 8.3 8.4 8.5 and 8.6 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | VNX Control Station | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | VNX1 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | VNX2 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | VNXe 1600 | Versions 3.1.16.10220572 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | VNXe 3200 | Version 3.1.15.10216415 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | VNXe 1600 | | Versions 3.1.16.10220572 and earlier | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-299 | [DSA-2021-299](https://www.dell.com/support/kbdoc/en-us/000194605/dsa-2021-299-dell-emc-vnxe1600-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228?lang=en) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | VNXe 3200 | | Version 3.1.15.10216415 and earlier | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-298 | [DSA-2021-298](https://www.dell.com/support/kbdoc/en-us/000194606/dsa-2021-298-dell-emc-vnxe3200-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228?lang=en) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | VPLEX VS2/VS6 / VPLEX Witness | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | vRealize Data Protection Extension Data Management | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | vRealize Data Protection Extension for vRealize Automation (vRA) 8.x | "version 19.6 version 19.7 version 19.8 and version 19.9" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage | Various | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | vRO Plugin for Dell EMC PowerMax | Version 1.2.3 or earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | vRO Plugin for Dell EMC PowerScale | Version 1.1.0 or earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | vRealize Data Protection Extension Data Management | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-290. | [DSA-2021-290](https://www.dell.com/support/kbdoc/en-us/000194614/dsa-2021-290-dell-emc-vrealize-data-protection-extension-for-vrealize-automation-vra-8-x-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300. | [DSA-2021-300](https://www.dell.com/support/kbdoc/en-us/000194610/dsa-2021-300) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | vRO Plugin for Dell EMC PowerMax | | Version 1.2.3 or earlier | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | vRO Plugin for Dell EMC PowerScale | | Version 1.1.0 or earlier | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | vRO Plugin for Dell EMC PowerStore | Version 1.1.4 or earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | vRO Plugin for Dell EMC Unity | Version 1.0.6 or earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | vRO Plugin for Dell EMC XtremIO | Version 4.1.2 or earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Vsan Ready Nodes | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | VxBlock | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | "Patch pending See vce6771 (requires customer login) " | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | VxBlock | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending See vce6771 (requires customer login). This advisory is available to customer only and has not been reviewed by CISA. | [vce6771](https://support-dellemc-com.secure.force.com/) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Warnado MLK (firmware) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Wyse Management Suite | <3.5 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-267 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Wyse Management Suite | | < 3.5 | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-267 | [DSA-2021-267](https://www.dell.com/support/kbdoc/en-us/000194459/dsa-2021-267-dell-wyse-management-suite-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Wyse Proprietary OS (ThinOS) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Wyse Windows Embedded Suite | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Deltares | Delft-FEWS | | >2018.02 | Fixed | [link](https://publicwiki.deltares.nl/display/FEWSDOC/Delft-FEWS+and+Log4J+vulnerability) | Mitigations Only | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Denequa | | | | Unknown | [link](https://denequa.de/log4j-information.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Device42 | | | | Unknown | [link](https://blog.device42.com/2021/12/13/log4j-zero-day/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Devolutions | All products | | | Unknown | [link](https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Diebold Nixdorf | | | | Unknown | [link](https://www.dieboldnixdorf.com/en-us/apache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Digi International | AnywhereUSB Manager | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | ARMT | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Aview | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | AVWOB | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | CTEK G6200 family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | CTEK SkyCloud | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | CTEK Z45 family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi 54xx family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi 63xx family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi AnywhereUSB (G2) family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi AnywhereUSB Plus family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Connect EZ family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Connect family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Connect IT family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Connect Sensor family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Connect WS family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi ConnectPort family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi ConnectPort LTS family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Embedded Android | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Embedded Yocto | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi EX routers | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi IX routers | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi LR54 | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Navigator | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi One family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Passport family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi PortServer TS family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Remote Manager | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi TX routers | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi WR11 | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi WR21 | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi WR31 | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi WR44R/RR | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi WR54 | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi WR64 | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Xbee mobile app | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Lighthouse | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Realport | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Remote Hub Config Utility | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digicert | | | | Unknown | [link](https://knowledge.digicert.com/alerts/digicert-log4j-response.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Digital AI | | | | Unknown | [link](https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Denequa | All | | | Unknown | [link](https://denequa.de/log4j-information.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Device42 | All | | | Not Affected | [link](https://blog.device42.com/2021/12/13/log4j-zero-day/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Devolutions | All | | | Not Affected | [link](https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Diebold Nixdorf | All | | | Unknown | [link](https://www.dieboldnixdorf.com/en-us/apache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Digi International | AnywhereUSB Manager | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | ARMT | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Aview | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | AVWOB | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | CTEK G6200 family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | CTEK SkyCloud | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | CTEK Z45 family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi 54xx family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi 63xx family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi AnywhereUSB (G2) family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi AnywhereUSB Plus family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Connect EZ family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Connect family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Connect IT family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Connect Sensor family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Connect WS family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi ConnectPort family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi ConnectPort LTS family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Embedded Android | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Embedded Yocto | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi EX routers | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi IX routers | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi LR54 | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Navigator | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi One family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Passport family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi PortServer TS family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Remote Manager | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi TX routers | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi WR11 | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi WR21 | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi WR31 | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi WR44R/RR | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi WR54 | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi WR64 | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Xbee mobile app | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Lighthouse | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Realport | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Remote Hub Config Utility | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digicert | All | | | Unknown | [link](https://knowledge.digicert.com/alerts/digicert-log4j-response.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Digital AI | All | | | Unknown | [link](https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Digital Alert Systems | All | | | Unknown | [link](https://www.digitalalertsystems.com/default-2.htm) | Formerly Monroe Electronics, Inc. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | -| DNSFilter | | | | Unknown | [link](https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Docker | | | | Unknown | [link](https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Docusign | | | | Unknown | [link](https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| DrayTek | Vigor Routers, Access Points, Switches, VigorACS Central Management Software, MyVigor Platform | | | Unknown | [link](https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| DSpace | | | | Unknown | [link](https://groups.google.com/g/dspace-community/c/Fa4VdjiiNyE) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Dynatrace | ActiveGate | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Dynatrace | Dynatrace Extensions | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Dynatrace | FedRamp SAAS | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Dynatrace | Managed cluster nodes | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Dynatrace | OneAgent | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Dynatrace | SAAS | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Dynatrace | Synthetic Private ActiveGate | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Dynatrace | Synthetic public locations | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| DirectAdmin | All | | | Not Affected | [link](https://forum.directadmin.com/threads/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare.65173/#post-339723) | Invidivual plugins not developed as part of DirectAdmin core may be vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | +| DNSFilter | All | | | Unknown | [link](https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Docker | Infrastructure | | | Not Affected | [link](https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/) | Docker infrastructure not vulnerable, Docker images could be vulnerable. For more info see source. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Docusign | All | | | Unknown | [link](https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| DotCMS | Hybrid Content Management System | | | Fixed | [link](https://github.com/dotCMS/core/issues/21393) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| DrayTek | All | | | Not Affected | [link](https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dropwizard | All | | | Not Affected | [link](https://twitter.com/dropwizardio/status/1469285337524580359) | Only vulnerable if you manually added Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dräger | All | | | Not Affected | [link](https://static.draeger.com/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| DSpace | All | | | Unknown | [link](https://groups.google.com/g/dspace-community/c/Fa4VdjiiNyE) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Dynatrace | ActiveGate | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | Cloud Services | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | Extensions | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | FedRamp SAAS | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | Managed cluster nodes | | | Not Affected | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | OneAgent | | | Not Affected | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | SAAS | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | Synthetic Private ActiveGate | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | Synthetic public locations | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | EasyRedmine | | | | Unknown | [link](https://www.easyredmine.com/news/easy-redmine-application-is-not-affected-by-the-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Eaton | Undisclosed | Undisclosed | | Affected | [link](https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf) | Doesn't openly disclose what products are affected or not for quote 'security purposes'. Needs email registration. No workaround provided due to registration wall. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | EclecticIQ | | | | Unknown | [link](https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1079,7 +1180,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | ESRI | Portal for ArcGIS | | All | Fixed | [link](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/) | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Estos | | | | Unknown | [link](https://support.estos.de/de/sicherheitshinweise/estos-von-kritischer-schwachstelle-in-log4j-cve-2021-44228-nicht-betroffen) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Evolveum Midpoint | | | | Unknown | [link](https://evolveum.com/midpoint-not-vulnerable-to-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Ewon | | | | Unknown | [link](https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ewon | All | | | Not Affected | [link](https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Exabeam | | | | Unknown | [link](https://community.exabeam.com/s/discussions?t=1639379479381) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Exact | | | | Unknown | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Exivity | | | | Unknown | [link](https://docs.exivity.com/getting-started/releases/announcements#announcement-regarding-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1156,166 +1257,192 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Fortinet | FortiWeb Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Fortinet | ShieldX | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | FTAPI | | | | Unknown | [link](https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/#) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fuji Electric | MONITOUCH TS1000 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH TS1000S series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH TS2000 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH V8 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH V9 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH X1 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | TELLUS and V-Server | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | V-SFT | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Fujitsu | | | | Unknown | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | FusionAuth | FusionAuth | | | Not Affected | [link](https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GE Digital | | | | Unknown | [link](https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Digital Grid | | | | Unknown | [link](https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Asset Performance Management (APM) | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | GE verifying workaround. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Baseline Security Center (BSC) | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | Vulnerability to be fixed by vendor provided workaround. No user actions necessary. Contact GE for details. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Baseline Security Center (BSC) 2.0 | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | Vulnerability to be fixed by vendor provided workaround. No user actions necessary. Contact GE for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Control Server | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | The Control Server is Affected via vCenter. There is a fix for vCenter. Please see below. GE verifying the vCenter fix as proposed by the vendor. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Tag Mapping Service | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Digital | All | | | Unknown | [link](https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Digital Grid | All | | | Unknown | [link](https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Asset Performance Management (APM) | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently deploying the fixes in the production environment. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Baseline Security Center (BSC) | | | Affected | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power is still validating the workaround provided by FoxGuard in Technical Information Notice – M1221-S01. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Baseline Security Center (BSC) 2.0 | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. | [Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Control Server | | | Affected | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | MyFleet | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | OPM Performance Intelligence | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | OPM Performance Planning | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Tag Mapping Service | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | vCenter | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power has tested and validated the update provided by Vmware. The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. | [Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | GE Healthcare | | | | Unknown | [link](https://securityupdate.gehealthcare.com) | This advisory is not available at the time of this review, due to maintence on the GE Healthcare website. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Gearset | | | | Unknown | [link](https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Genesys | | | | Unknown | [link](https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GeoServer | | | | Unknown | [link](http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gerrit code review | | | | Unknown | [link](https://www.gerritcodereview.com/2021-12-13-log4j-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GFI | | | | Unknown | [link](https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Ghidra | | | | Unknown | [link](https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gigamon | Fabric Manager | <5.13.01.02 | | Affected | [link](https://community.gigamon.com/gigamoncp/s/my-gigamon) | Updates available via the Gigamon Support Portal. This advisory available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Gearset | All | | | Unknown | [link](https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Genesys | All | | | Unknown | [link](https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GeoServer | All | | | Unknown | [link](http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GeoSolutions | GeoNetwork | | A, l, l | Fixed | [link](https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| GeoSolutions | GeoServer | | | Not Affected | [link](https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Gerrit Code Review | All | | | Unknown | [link](https://www.gerritcodereview.com/2021-12-13-log4j-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GFI Software | All | | | Unknown | [link](https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GFI Software | Kerio Connect | | | Fixed | [link](https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ghidra | All | | | Unknown | [link](https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ghisler | Total Commander | | | Not Affected | [link](https://www.ghisler.com/whatsnew.htm) | Third Party plugins might contain log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gigamon | Fabric Manager | | <5.13.01.02 | Fixed | [link](https://community.gigamon.com/gigamoncp/s/my-gigamon) | Updates available via the Gigamon Support Portal. This advisory available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | GitHub | GitHub | | GitHub.com and GitHub Enterprise Cloud | Fixed | [link](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| GitLab | | | | Unknown | [link](https://forum.gitlab.com/t/cve-2021-4428/62763) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Globus | | | | Unknown | [link](https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GoAnywhere | Gateway | < 2.8.4 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | -| GoAnywhere | MFT | < 6.8.6 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | -| GoAnywhere | MFT Agents | < 1.6.5 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | -| GoCD | | | | Unknown | [link](https://www.gocd.org/2021/12/14/log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitHub | GitHub Enterprise Server | | 3.0.22, 3.1.14, 3.2.6, 3.3.1 | Fixed | [link](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| GitLab | All | | | Not Affected | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | DAST Analyzer | | | Not Affected | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | Dependency Scanning | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | Gemnasium-Maven | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | PMD OSS | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | SAST | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | Spotbugs | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Globus | All | | | Unknown | [link](https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GoAnywhere | Agents | | | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | Gateway | | Version 2.7.0 or later | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | MFT | | Version 5.3.0 or later | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | MFT Agents | 1.4.2 or later | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | Versions less than GoAnywhere Agent version 1.4.2 are not affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | Open PGP Studio | | | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | Suveyor/400 | | | Not Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoCD | All | | | Unknown | [link](https://www.gocd.org/2021/12/14/log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Google | Chrome | | | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 | -| Google Cloud | Access Transparency | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Actifio | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) for the full statement and to obtain the hotfix (available to Actifio customers only). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AI Platform Data Labeling | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AI Platform Neural Architecture Search (NAS) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AI Platform Training and Prediction | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Config Management | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Connect | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Hub | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Identity Service | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos on VMWare | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds to their VMware products as they become available. We also recommend customers review their respective applications and workloads affected by the same vulnerabilities and apply appropriate patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Premium Software | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Service Mesh | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Apigee | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not used and therefore the VMs were not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. It is possible that customers may have introduced custom resources that are using vulnerable versions of Log4j. We strongly encourage customers who manage Apigee environments to identify components dependent on Log4j and update them to the latest version. Visit the Apigee Incident Report for more information. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Google Cloud | App Engine | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage App Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AppSheet | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At this time, we have identified no impact to core AppSheet functionality. Additionally, we have patched one Java-based auxiliary service in our platform. We will continue to monitor for affected services and patch or remediate as required. If you have any questions or require assistance, contact AppSheet Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Artifact Registry | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Assured Workloads | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Natural Language | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Tables | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Translation | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Video | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Vision | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | BigQuery | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | BigQuery Data Transfer Service | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | BigQuery Omni | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | BigQuery Omni, which runs on AWS and Azure infrastructure, does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We continue to work with AWS and Azure to assess the situation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Binary Authorization | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Certificate Manager | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Chronicle | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Asset Inventory | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Bigtable | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Cloud Build | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Build environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud CDN | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Composer | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible that customers may have imported or introduced other dependencies via DAGs, installed PyPI modules, plugins, or other services that are using vulnerable versions of Log4j 2. We strongly encourage customers, who manage Composer environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Google Cloud | Cloud Console App | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Data Loss Prevention | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Debugger | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Deployment Manager | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud DNS | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Endpoints | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud External Key Manager (EKM) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Functions | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Functions environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Hardware Security Module (HSM) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Interconnect | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Intrusion Detection System (IDS) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Key Management Service | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Load Balancing | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Logging | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Natural Language API | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Network Address Translation (NAT) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Profiler | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Router | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Run | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Run for Anthos | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run for Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Scheduler | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud SDK | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Shell | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Shell environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Source Repositories | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Spanner | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Cloud SQL | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Cloud Storage | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Tasks | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Trace | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Traffic Director | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Translation | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Vision | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Vision OCR On-Prem | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud VPN | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | CompilerWorks | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Compute Engine | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Compute Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes to Google Cloud VMware Engine as they become available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Contact Center AI (CCAI) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Contact Center AI Insights | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Container Registry | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Data Catalog | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers who introduced their own connectors to identify dependencies on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Data Fusion | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Data Fusion does not use Log4j 2, but uses Dataproc as one of the options to execute pipelines. Dataproc released new images on December 18, 2021 to address the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow instructions in a notification sent on December 18, 2021 with the subject line “Important information about Data Fusion.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Database Migration Service (DMS) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Dataflow | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. If you have changed dependencies or default behavior, it is strongly recommended you verify there is no dependency on vulnerable versions Log4j 2. Customers have been provided details and instructions in a notification sent on December 17, 2021 with the subject line “Update #1 to Important information about Dataflow.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Google Cloud | Dataproc | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Dataproc released new images on December 18, 2021 to address the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions in notifications sent on December 18, 2021 with the subject line “Important information about Dataproc” with Dataproc documentation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Dataproc Metastore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Dataproc Metastore has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent two notifications with instructions on December 17, 2021 with the subject line “Important information regarding Log4j 2 vulnerability in your gRPC-enabled Dataproc Metastore.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Datastore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Datastream | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Dialogflow Essentials (ES) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Document AI | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Event Threat Detection | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Eventarc | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Filestore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Log4j 2 is contained within the Filestore service; there is a technical control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Log4j 2 will be updated to the latest version as part of the scheduled rollout in January 2022. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Firebase | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Firestore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Game Servers | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Google Cloud Armor | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Google Cloud Armor Managed Protection Plus | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Google Cloud VMware Engine | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | We are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes as they become available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-11 | -| Google Cloud | Google Kubernetes Engine | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Google Kubernetes Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Google Kubernetes Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Healthcare Data Engine (HDE) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Human-in-the-Loop AI | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | IoT Core | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Key Access Justifications (KAJ) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Looker | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. Looker is currently working with third-party driver vendors to evaluate the impact of the Log4j vulnerability. As Looker does not enable logging for these drivers in Looker-hosted instances, no messages are logged. We conclude that the vulnerability is mitigated. We continue to actively work with the vendors to deploy a fix for these drivers. Looker customers who self-manage their Looker instances have received instructions through their technical contacts on how to take the necessary steps to address the vulnerability. Looker customers who have questions or require assistance, please visit Looker Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | -| Google Cloud | Media Translation API | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Memorystore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Migrate for Anthos | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Migrate for Compute Engine (M4CE) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | M4CE has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. A notification was sent to customers on December 17, 2021 with subject line “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 or below. If you are on M4CE v5.0 or above, no action is needed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Network Connectivity Center | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Network Intelligence Center | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Network Service Tiers | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Persistent Disk | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Pub/Sub | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Google Cloud | Pub/Sub Lite | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Pub/Sub Lite environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Google Cloud | reCAPTCHA Enterprise | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Recommendations AI | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Retail Search | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Risk Manager | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Secret Manager | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Security Command Center | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Service Directory | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Service Infrastructure | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Speaker ID | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Speech-to-Text | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Speech-to-Text On-Prem | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Storage Transfer Service | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Talent Solution | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Text-to-Speech | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Transcoder API | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Transfer Appliance | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Video Intelligence API | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Virtual Private Cloud | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Web Security Scanner | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Workflows | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Gradle | Gradle | | | Unknown | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gradle | Gradle Enterprise | < 2021.3.6 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gradle | Gradle Enterprise Build Cache Node | < 10.1 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gradle | Gradle Enterprise Test Distribution Agent | < 1.6.2 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Grafana | | | | Unknown | [link](https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Grandstream | | | | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Google Cloud | Access Transparency | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Actifio | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) for the full statement and to obtain the hotfix (available to Actifio customers only). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AI Platform Data Labeling | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AI Platform Neural Architecture Search (NAS) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AI Platform Training and Prediction | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Config Management | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Connect | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Hub | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Identity Service | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos on VMWare | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds to their VMware products as they become available. We also recommend customers review their respective applications and workloads affected by the same vulnerabilities and apply appropriate patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Premium Software | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Service Mesh | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Apigee | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not used and therefore the VMs were not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. It is possible that customers may have introduced custom resources that are using vulnerable versions of Log4j. We strongly encourage customers who manage Apigee environments to identify components dependent on Log4j and update them to the latest version. Visit the Apigee Incident Report for more information. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Google Cloud | App Engine | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage App Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AppSheet | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At this time, we have identified no impact to core AppSheet functionality. Additionally, we have patched one Java-based auxiliary service in our platform. We will continue to monitor for affected services and patch or remediate as required. If you have any questions or require assistance, contact AppSheet Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Artifact Registry | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Assured Workloads | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Natural Language | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Tables | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Translation | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Video | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Vision | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | BigQuery | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | BigQuery Data Transfer Service | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | BigQuery Omni | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | BigQuery Omni, which runs on AWS and Azure infrastructure, does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We continue to work with AWS and Azure to assess the situation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Binary Authorization | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Certificate Manager | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Chronicle | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Asset Inventory | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Bigtable | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Cloud Build | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Build environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud CDN | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Composer | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible that customers may have imported or introduced other dependencies via DAGs, installed PyPI modules, plugins, or other services that are using vulnerable versions of Log4j 2. We strongly encourage customers, who manage Composer environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Google Cloud | Cloud Console App | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Data Loss Prevention | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Debugger | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Deployment Manager | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud DNS | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Endpoints | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud External Key Manager (EKM) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Functions | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Functions environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Hardware Security Module (HSM) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Interconnect | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Intrusion Detection System (IDS) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Key Management Service | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Load Balancing | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Logging | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Natural Language API | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Network Address Translation (NAT) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Profiler | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Router | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Run | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Run for Anthos | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run for Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Scheduler | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud SDK | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Shell | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Shell environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Source Repositories | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Spanner | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Cloud SQL | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Cloud Storage | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Tasks | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Trace | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Traffic Director | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Translation | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Vision | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Vision OCR On-Prem | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud VPN | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | CompilerWorks | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Compute Engine | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Compute Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes to Google Cloud VMware Engine as they become available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Contact Center AI (CCAI) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Contact Center AI Insights | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Container Registry | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Data Catalog | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers who introduced their own connectors to identify dependencies on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Data Fusion | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Data Fusion does not use Log4j 2, but uses Dataproc as one of the options to execute pipelines. Dataproc released new images on December 18, 2021 to address the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow instructions in a notification sent on December 18, 2021 with the subject line “Important information about Data Fusion.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Database Migration Service (DMS) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Dataflow | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. If you have changed dependencies or default behavior, it is strongly recommended you verify there is no dependency on vulnerable versions Log4j 2. Customers have been provided details and instructions in a notification sent on December 17, 2021 with the subject line “Update #1 to Important information about Dataflow.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Google Cloud | Dataproc | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Dataproc released new images on December 18, 2021 to address the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions in notifications sent on December 18, 2021 with the subject line “Important information about Dataproc” with Dataproc documentation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Dataproc Metastore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Dataproc Metastore has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent two notifications with instructions on December 17, 2021 with the subject line “Important information regarding Log4j 2 vulnerability in your gRPC-enabled Dataproc Metastore.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Datastore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Datastream | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Dialogflow Essentials (ES) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Document AI | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Event Threat Detection | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Eventarc | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Filestore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Log4j 2 is contained within the Filestore service; there is a technical control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Log4j 2 will be updated to the latest version as part of the scheduled rollout in January 2022. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Firebase | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Firestore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Game Servers | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Google Cloud Armor | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Google Cloud Armor Managed Protection Plus | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Google Cloud VMware Engine | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | We are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes as they become available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-11 | +| Google Cloud | Google Kubernetes Engine | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Google Kubernetes Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Google Kubernetes Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Healthcare Data Engine (HDE) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Human-in-the-Loop AI | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | IoT Core | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Key Access Justifications (KAJ) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Looker | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. Looker is currently working with third-party driver vendors to evaluate the impact of the Log4j vulnerability. As Looker does not enable logging for these drivers in Looker-hosted instances, no messages are logged. We conclude that the vulnerability is mitigated. We continue to actively work with the vendors to deploy a fix for these drivers. Looker customers who self-manage their Looker instances have received instructions through their technical contacts on how to take the necessary steps to address the vulnerability. Looker customers who have questions or require assistance, please visit Looker Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| Google Cloud | Media Translation API | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Memorystore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Migrate for Anthos | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Migrate for Compute Engine (M4CE) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | M4CE has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. A notification was sent to customers on December 17, 2021 with subject line “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 or below. If you are on M4CE v5.0 or above, no action is needed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Network Connectivity Center | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Network Intelligence Center | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Network Service Tiers | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Persistent Disk | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Pub/Sub | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Google Cloud | Pub/Sub Lite | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Pub/Sub Lite environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Google Cloud | reCAPTCHA Enterprise | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Recommendations AI | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Retail Search | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Risk Manager | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Secret Manager | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Security Command Center | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Service Directory | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Service Infrastructure | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Speaker ID | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Speech-to-Text | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Speech-to-Text On-Prem | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Storage Transfer Service | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Talent Solution | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Text-to-Speech | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Transcoder API | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Transfer Appliance | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Video Intelligence API | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Virtual Private Cloud | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Web Security Scanner | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Workflows | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Gradle | All | | | Not Affected | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gradle | Gradle Enterprise | | < 2021.3.6 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gradle | Gradle Enterprise Build Cache Node | | < 10.1 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gradle | Gradle Enterprise Test Distribution Agent | | < 1.6.2 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Grafana | All | | | Not Affected | [link](https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Grandstream | All | | | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Alert Engine | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1323,12 +1450,13 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Gravitee | API Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | API Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Cockpit | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gravitee.io | | | | Unknown | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gravwell | | | | Unknown | [link](https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Graylog | Graylog Server | All versions >= 1.2.0 and <= 4.2.2 | | Affected | [link](https://www.graylog.org/post/graylog-update-for-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GreenShot | | | | Unknown | [link](https://greenshot.atlassian.net/browse/BUG-2871) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gravwell | All | | | Not Affected | [link](https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products) | Gravwell products do not use Java. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Graylog | All | | 3.3.15, 4.0.14, 4.1.9, 4.2.3 | Fixed | [link](https://www.graylog.org/post/graylog-update-for-log4j) | The vulnerable Log4j library is used to record GrayLogs own log information. Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Graylog | Graylog Server | | All versions >= 1.2.0 and <= 4.2.2 | Fixed | [link](https://www.graylog.org/post/graylog-update-for-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GreenShot | All | | | Not Affected | [link](https://greenshot.atlassian.net/browse/BUG-2871) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | GSA | Cloud.gov | | | Unknown | [link](https://cloud.gov/2021/12/14/log4j-buildpack-updates/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Guidewire | | | | Unknown | [link](https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GuardedBox | All | | 3.1.2 | Fixed | [link](https://twitter.com/GuardedBox/status/1469739834117799939) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Guidewire | All | | | Unknown | [link](https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | HAProxy | | | | Unknown | [link](https://www.haproxy.com/blog/december-2021-log4shell-mitigation/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | HarmanPro AMX | | | | Unknown | [link](https://help.harmanpro.com/apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | HashiCorp | Boundary | | | Unknown | [link](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1845,17 +1973,29 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Ivanti | Virtual Desktop Extender | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | | Ivanti | Wavelink License Server | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | | Ivanti | Xtraction | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | -| Jamasoftware | | | | Unknown | [link](https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jamf | Jamf Pro | 10.31.0 – 10.34.0 | | Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamasoftware | All | | | Unknown | [link](https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Cloud | | | Fixed | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Connect | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Data Policy | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Health Care Listener | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Infrastructure Manager | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Now | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Private Access | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Pro (On-Prem) | | 10.34.1 | Fixed | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Protect | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf School | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Threat Defense | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Janitza | GridVis | | | Not Affected | [link](https://www.janitza.com/us/gridvis-download.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | -| Jaspersoft | | | | Unknown | [link](https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jedox | | | | Unknown | [link](https://www.jedox.com/en/trust/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jenkins | CI/CD Core | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jenkins | Plugins | | | Unknown | [link](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/) | [Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Jaspersoft | All | | | Unknown | [link](https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Java Melody | All | | 1.90.0 | Fixed | [link](https://github.com/javamelody/javamelody/wiki/ReleaseNotes) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jedox | All | | | Unknown | [link](https://www.jedox.com/en/trust/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jenkins | CI | | | Not Affected | [link](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jenkins | CI/CD Core | | | Not Affected | [link](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jenkins | Plugins | | | Unknown | [link](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/) | | [Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | JetBrains | All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, dotCover, dotPeek) | | | Not Affected | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jetbrains | Code With Me | | Unknown | Fixed | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jetbrains | Code With Me | | | Fixed | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | JetBrains | Datalore | | | Not Affected | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| JetBrains | Floating license server | | 30211 | Fixed | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| JetBrains | Floating License Server | | 30241 | Fixed | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | JetBrains | Gateway | | | Not Affected | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | JetBrains | Hub | | 2021.1.14080 | Fixed | [link](https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | JetBrains | IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, Rider, RubyMine, WebStorm) | | | Not Affected | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1866,20 +2006,26 @@ NOTE: This file is automatically generated. To submit updates, please refer to | JetBrains | TeamCity | | | Not Affected | [link](https://youtrack.jetbrains.com/issue/TW-74298) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | JetBrains | ToolBox | | | Not Affected | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | JetBrains | UpSource | | 2020.1.1952 | Fixed | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| JetBrains | YouTrack InCloud | | Unknown | Fixed | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| JetBrains | YouTrack InCloud | | | Fixed | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | JetBrains | YouTrack Standalone | | 2021.4.35970 | Fixed | [link](https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| JFROG | | | | Unknown | [link](https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jitsi | | | | Unknown | [link](https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jitterbit | | | | Unknown | [link](https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| JFrog | All | | | Not Affected | [link](https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| JGraph | DrawIO | | | Not Affected | [link](https://github.com/jgraph/drawio/issues/2490) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jitsi | jitsi-videobridge | | v2.1-595-g3637fda42 | Fixed | [link](https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jitterbit | All | | | Unknown | [link](https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Johnson Controls | Athena | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | BCPro | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | CEM AC2000 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | CEM Hardware Products | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | CK721-A (P2000) | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | CloudVue Gateway | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | CloudVue Web | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Johnson Controls | C•CURE‐9000 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Johnson Controls | C•CURE‐9000 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Johnson Controls | C•CURE‐9000 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Johnson Controls | C•CURE‐9000 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Connect24 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Connected Equipment Gateway (CEG) | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | C•CURE Client | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | C•CURE Server | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | C•CURE Web | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | C•CURE-9000 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | DataSource | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | DLS | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | Entrapass | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | exacqVision Client | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | @@ -1889,32 +2035,110 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Johnson Controls | Illustra Cameras | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | Illustra Insight | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | iSTAR | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Kantech Entrapass | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | Metasys Products and Tools | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Active Responder | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Bridge | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Chiller Utility Plant Optimizer | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Cloud | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Connected Chiller | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Enterprise Manager | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Location Manager | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Risk Insight | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Twin | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Workplace | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | P2000 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | PowerSeries NEO | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | PowerSeries Pro | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | Qolsys IQ Panels | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | RFID Overhead360 Backend | | All | Fixed | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | S321-IP (P2000) | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Shoppertrak Analytics (STaN) - Traffic | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Shoppertrak Market Intelligence | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Shoppertrak Perimeter Apps | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Shoppertrak Shopper Journey | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Shoppertrak Video Analytics | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | Sur‐Gard Receivers | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | TrueVue Cloud | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | Tyco AI | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | victor | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | victor/ C•CURE‐9000 Unified | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Johnson Controls | victor/ C•CURE‐9000 Unified | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | VideoEdge | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Journyx | | | | Unknown | [link](https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Johnson Controls | Xaap | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Journyx | All | | | Unknown | [link](https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | jPOS | (ISO-8583) bridge | | | Not Affected | [link](https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jump Desktop | | | | Unknown | [link](https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Juniper Networks | | | | Unknown | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Justice Systems | | | | Unknown | [link](https://www.justicesystems.com/services/support/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| K15t | | | | Unknown | [link](https://help.k15t.com/k15t-apps-and-log4shell-193401141.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| K6 | | | | Unknown | [link](https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Karakun | | | | Unknown | [link](https://board.karakun.com/viewtopic.php?f=21&t=8351) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kaseya | | | | Unknown | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Keeper Security | | | | Unknown | [link](https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| KEMP | | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| KEMP 2 | | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kofax | | | | Unknown | [link](https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228)) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Konica Minolta | | | | Unknown | [link](https://www.konicaminolta.de/de-de/support/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kronos UKG | | | | Unknown | [link](https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kyberna | | | | Unknown | [link](https://www.kyberna.com/detail/log4j-sicherheitsluecke) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jump Desktop | All | | | Unknown | [link](https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Advanced Threat Prevention (JATP) | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | AppFormix | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Apstra System | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Apstra System | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Connectivity Services Director | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Contrail Analytics | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Contrail Cloud | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Contrail Networking | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Contrail Service Orchestration | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Cross Provisioning Platform | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | CTPOS and CTPView | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | ICEAAA Manager | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | JATP Cloud | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Juniper Identity Management Services (JIMS) | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Juniper Mist Edge | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Juniper Sky Enterprise | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Junos OS | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Junos OS Evolved | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Junos Space Network Management Platform | | | Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | MIST - Juniper Networks Marvis Virtual Network Assistant (VNA) | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | MIST - Juniper Networks Mist AI | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | MIST - Juniper Networks Wi-Fi Assurance | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | MIST - Juniper Networks Wired Assurance | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Mist Access Points | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Network Director | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Northstar Controller | | | Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Northstar Planner | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Paragon Insights | >= 21 version 21.1 ; >= 22 version 22.2 | | Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Paragon Pathfinder | >= 21 version 21.1 ; >= 22 version 22.2 | | Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Paragon Planner | >= 21 version 21.1 ; >= 22 version 22.2 | | Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Policy Enforcer | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Products using Wind River Linux in Junos OS and Junos OS Evolved | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | ScreenOS | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | SecIntel | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Secure Analytics | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Security Director | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Security Director Insights | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Session Smart Router (Formerly 128T) | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Space SDK | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Standalone Log Collector 20.1 (as also used by Space Security Director) | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | User Engagement Virtual BLE | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Justice Systems | All | | | Unknown | [link](https://www.justicesystems.com/services/support/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| K15t | All | | | Unknown | [link](https://help.k15t.com/k15t-apps-and-log4shell-193401141.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| K6 | All | | | Unknown | [link](https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kaltura | Blackboard Learn SaaS in the classic Learn experience | | v3900.28.x | Fixed | [link](https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Kaltura | Blackboard Learn Self- and Managed-Hosting | | v3900.26.x | Fixed | [link](https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Karakun | All | | | Unknown | [link](https://board.karakun.com/viewtopic.php?f=21&t=8351) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kaseya | AuthAnvil | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | BMS | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | ID Agent DarkWeb ID and BullPhish ID | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | IT Glue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | MyGlue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Network Glue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Passly | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | RocketCyber | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Spannign Salesforce Backup | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Spanning O365 Backup | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Unitrends | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Vorex | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | VSA SaaS and VSA On-Premises | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| KeePass | All | | | Not Affected | [link](https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Keeper | All | | | Fixed | [link](https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kemp | All | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit) | | [Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Keycloak | All | | | Not Affected | [link](https://github.com/keycloak/keycloak/discussions/9078) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Capture | | | Not Affected | [link](https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Communication Manager | | 5.3 - 5.5 | Fixed | [link](https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Robot File System (RFS) | | >=10.7 | Fixed | [link](https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Robotic Process Automation (RPA) | | 11.1, 11.2 | Fixed | [link](https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Konica Minolta | All | | | Unknown | [link](https://www.konicaminolta.de/de-de/support/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kronos UKG | All | | | Unknown | [link](https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kyberna | All | | | Unknown | [link](https://www.kyberna.com/detail/log4j-sicherheitsluecke) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | L-Soft | | | | Unknown | [link](http://www.lsoft.com/news/log4jinfo.asp) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | L3Harris Geospatial | | | | Unknown | [link](https://www.l3harrisgeospatial.com/Support/Self-Help-Tools/Help-Articles/Help-Articles-Detail/ArtMID/10220/ArticleID/24141/Impact-of-Log4j-Java-Security-Vulnerability-CVE-2021-44228-on-L3Harris-Geospatial-software) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Lancom Systems | | | | Unknown | [link](https://www.lancom-systems.com/service-support/instant-help/general-security-information/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -2329,17 +2553,53 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Pure Storage | PortWorx | 2.8.0+ | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Pure Storage | Pure1 | | N/A | Fixed | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Pyramid Analytics | | | | Unknown | [link](https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QF-Test | | | | Unknown | [link](https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Qlik | | | | Unknown | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QMATIC | Appointment Booking | 2.4+ | | Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | Update to v. 2.8.2 which contains log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| QMATIC | Appointment Booking | Cloud/Managed Service | | Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-15 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| QMATIC | Insights | Cloud | | Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Qconference | FaceTalk | | | Fixed | [link](https://qconferencing.com/status-vulnerability-log4j-en-qconferencing/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| QF-Test | All | | | Unknown | [link](https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Qlik | AIS, including ARC | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Attunity Visibility | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | AutoML | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Blendr | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | C4DL | | 6.6 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | C4DW | | 6.6, 6.6.1, 7.0 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Catalog | | 4.10.0, 4.10.1, 4.10.2, 4.11.0, 4.11.1, 4.12.0, 4.12.1 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Compose | | 2021.2, 2021.5, 2021.8 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Compose for Data Lakes | | | Not Affected | [link](https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869987) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Compose for Data Wharehouses | | | Not Affected | [link](https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | GeoAnalytics Plus | | 5.26.5, 5.27.5 - 5.28.2, 5.29.4 - 5.30.1, 5.31.1, 5.31.2 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | GeoAnalytics Server | | 4.19.1 - 4.27.3, 4.23.4, 4.32.3 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Nodegraph | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Nprinting | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | ODBC Connector Package | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | QEM | | 6.6, 7.0, 2021.5, 2021.11 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Alerting | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Catalog | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Data Transfer | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Enterprise Manager | | 6.6, 7.0, 2021.5, 2021.11 | Fixed | [link](https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869994) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Forts | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik RepliWeb and ARC | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Sense Business | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Sense Enterprise | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Sense Enterprise SaaS | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik View | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Web Connectors | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Replicate | | 6.6, 7.0, 2021.5, 2021.11 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | REST Connectors | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Salesforce and SAP Connectors | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | Connectos are not affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| QMATIC | Appointment Booking | | 2.4+ | Fixed | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | Update to v. 2.8.2 which contains log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| QMATIC | Appointment Booking | | Cloud/Managed Service | Fixed | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-15 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| QMATIC | Insights | | Cloud | Fixed | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | QMATIC | Orchestra Central | | | Not Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| QNAP | | | | Unknown | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QOPPA | | | | Unknown | [link](https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QSC Q-SYS | | | | Unknown | [link](https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QT | | | | Unknown | [link](https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Quest Global | | | | Unknown | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QNAP | QES Operating System | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QNAP | Qsirch | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QNAP | QTS Operating System | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QNAP | QuTS Hero Operating System | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QOPPA | All | | | Unknown | [link](https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QOS.ch | SLF4J Simple Logging Facade for Java | | | Unknown | [link](https://www.slf4j.org/log4shell.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QSC Q-SYS | All | | | Unknown | [link](https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QT | All | | | Unknown | [link](https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Quest | Foglight | | | Unknown | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Quest | Foglight | | 6.0 | Fixed | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Quest | Quest KACE SMA | | | Not Affected | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | R | R | | | Not Affected | [link](https://www.r-project.org/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | R2ediviewer | | | | Unknown | [link](https://r2ediviewer.de/DE/reload.html?Change-log_17858584.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Radware | | | | Unknown | [link](https://support.radware.com/app/answers/answer_view/a_id/1029752) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -2951,13 +3211,21 @@ NOTE: This file is automatically generated. To submit updates, please refer to | VMware | VMware Workspace ONE Access Connector (VMware Identity Manager Connector) | 21.x, 20.10.x, 19.03.0.1 | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | VTScada | All | | | Not Affected | [link](https://www.vtscada.com/vtscada-unaffected-by-log4j/) | Java is not utilized within VTScada software, and thus our users are unaffected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | | Vyaire | | | | Unknown | [link](https://www.vyaire.com/sites/us/files/2021-12/2021-12-15-product-security-bulletin-for-log4shell-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| WAGO | WAGO Smart Script | 4.2.x < 4.8.1.3 | | Affected | [link](https://www.wago.com/de/automatisierungstechnik/psirt#log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Wallarm | | | | Unknown | [link](https://lab.wallarm.com/cve-2021-44228-mitigation-update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Wasp Barcode technologies | | | | Unknown | [link](https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WatchGuard | Secplicity | | | Unknown | [link](https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WAGO | WAGO Smart Script | | 4.2.x < 4.8.1.3 | Fixed | [link](https://www.wago.com/de/automatisierungstechnik/psirt#log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Wallarm | All | | | Unknown | [link](https://lab.wallarm.com/cve-2021-44228-mitigation-update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Wasp Barcode technologies | All | | | Unknown | [link](https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Watcher | All | | | Not Affected | [link](https://twitter.com/felix_hrn/status/1470387338001977344) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | AuthPoint | | Cloud | Fixed | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | Dimension | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | EDPR and Panda AD360 | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | Firebox | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | System Manager, Dimension, and Panda AD360 | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | Threat Detection and Response | | Cloud | Fixed | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | Wi-Fi Cloud | | Cloud | Fixed | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Western Digital | | | | Unknown | [link](https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WIBU Systems | CodeMeter Cloud Lite | 2.2 and prior | | Affected | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| WIBU Systems | CodeMeter Keyring for TIA Portal | 1.30 and prior | | Affected | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | Only the Password Manager is affected | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| WIBU Systems | CodeMeter Cloud Lite | | 2.2 and prior | Fixed | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| WIBU Systems | CodeMeter Keyring for TIA Portal | | 1.30 and prior | Fixed | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | Only the Password Manager is affected | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| WildFly | All | | | Not Affected | [link](https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | Wind River | LTS17 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | Wind River | LTS18 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | Wind River | LTS19 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | @@ -2966,16 +3234,140 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Wind River | WRL-7 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | Wind River | WRL-8 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | Wind River | WRL-9 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | -| WireShark | | | | Unknown | [link](https://gitlab.com/wireshark/wireshark/-/issues/17783) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Wistia | | | | Unknown | [link](https://status.wistia.com/incidents/jtg0dfl5l224) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WitFoo | | | | Unknown | [link](https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WordPress | | | | Unknown | [link](https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Worksphere | | | | Unknown | [link](https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Wowza | | | | Unknown | [link](https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WSO2 | WSO2 Enterprise Integrator | 6.1.0 and above | | Affected | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| XCP-ng | | | | Unknown | [link](https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WireShark | All | | | Not Affected | [link](https://www.wireshark.org/news/20211215.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Wistia | All | | | Unknown | [link](https://status.wistia.com/incidents/jtg0dfl5l224) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WitFoo | Precinct | | 6.x | Fixed | [link](https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/) | WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WordPress | All | | | Not Affected | [link](https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Worksphere | All | | | Unknown | [link](https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Wowza | Streaming Engine | | 4.7.8, 4.8.x | Fixed | [link](https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WSO2 | API Manager | | >= 3.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | API Manager Analytics | | >= 2.6.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Enterprise Integrator | | >= 6.1.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Enterprise Integrator Analytics | | >= 6.6.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Identity Server | | >= 5.9.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Identity Server Analytics | | >= 5.7.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Identity Server as Key Manager | | >= 5.9.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Micro Gateway | | >= 3.2.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Micro Integrator | | >= 1.1.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Micro Integrator Dashboard | | >= 4.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Micro Integrator Monitoring Dashboard | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Open Banking AM | | >= 2.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Open Banking BI | | >= 1.3.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Open Banking KM | | >= 2.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Stream Integrator | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Stream Integrator Tooling | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Stream Processor | | >= 4.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| XCP-ng | All | | | Not Affected | [link](https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | XenForo | | | | Unknown | [link](https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Xerox | | | | Unknown | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2021/12/Xerox-Special-Bulletin-XRX21-021-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.6.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | AltaLink Products | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | CareAR | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ColorQube 8700 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ColorQube 8870 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ColorQube 8880 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ColorQube 9201 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ColorQube 9301 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | DocuCentre SC2020 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ElemX | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Core | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Express to Print | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Makeready | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Output Manager | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Print Manager - APP | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Variable Information Suite | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Nuvera EA Perfecting Production Systems | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Nuvera EA Production Systems | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3300 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3320 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3330 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3435 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3600 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3610 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3635 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 4510 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 4622 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6000 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6020 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6022 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6280 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6510 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6600 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6700 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 7800 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 8860 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | PrimeLink Products | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Versalink Products | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 33xx | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 3615 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 4260 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 4265 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5135 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5150 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5225 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5230 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 53XX | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5645 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5655 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5740 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5745 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5755 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5765 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 58XX | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5945 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5955 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 6025 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 6400 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 6515 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 6605 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 6655 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7425 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7435 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7525 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7535 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7556 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7830 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7835 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7855 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7970i | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre ECXX | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Account Payable Services | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox App Gallery | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox B1022/25 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox B225 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox B230 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox B235 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox B310 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Baltoro HF Inkjet Press | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Branded ConnectKey Applications | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox C230 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox C235 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox C310 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Campaigns on Demand | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Color EC70 Printer | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox D110 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox D125 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox D95A | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Digital Mailroom Services | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox ECXX | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox ED125 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox ED95A | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox iGen 5 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Instant Print Kiosk | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Intelligent Workplace Services (All Including XDM, XDA, CWW) | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Iridesse Production Press | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox J75 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Print and Scan Experience | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Team Availability Application | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Versant 180 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Versant 280 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Versant 3100 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Versant 4100 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Workflow Central Platform | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Workplace Kiosk | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Workplace Suite | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Workspace Cloud | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | XMPie Data-Driven Print and VDP | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | XMPie Omnichannel Communications | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | XMPie Web to Print | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | XPertDoc | | | | Unknown | [link](https://kb.xpertdoc.com/pages/viewpage.action?pageId=87622727) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | XPLG | | | | Unknown | [link](https://www.xplg.com/log4j-vulnerability-exploit-log4shell-xplg-secure/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | XWIKI | | | | Unknown | [link](https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-zero-day-vulnerability/9557) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -2995,23 +3387,50 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Xylem | Water Loss Management (Visenti) | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Xylem | Xylem Cloud | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Xylem | Xylem Edge Gateway (xGW) | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Yahoo | Vespa | | | Not Affected | [link](https://blog.vespa.ai/log4j-vulnerability/) | Your Vespa application may still be affected if log4j is included in your application package. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Yellowbrick | | | | Unknown | [link](https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| YellowFin | | | | Unknown | [link](https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| YOKOGAWA | | | | Unknown | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| YSoft SAFEQ | | | | Unknown | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| YellowFin | All | | 8.0.10.3, 9.7.0.2 | Fixed | [link](https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2) | v7 and v6 releases are not affected unless you have manually upgraded to Log4j2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Yenlo | Connext | | | Not Affected | [link](https://www.yenlo.com/news/vulnerability-code-log4shell-log4j2/) | Connext Platform (Managed WSO2 Cloud) and all underlying middleware components are not vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| YOKOGAWA | CENTUM VP | | | Unknown | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | CENTUM VP (other components) | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier is still under investigation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | CI Server | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | Exaopc | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | Exaplog | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | Exaquantum | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | FAST/TOOLS | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | PRM | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | ProSafe-RS | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | ProSafe-RS Lite | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | STARDOM | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | VTSPortal | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YSoft | SAFEQ 4 | | | Not Affected | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| YSoft | SAFEQ 5 | | | Not Affected | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| YSoft | SAFEQ 6 | | <=6.0.63 | Fixed | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | | Zabbix | | | | Unknown | [link](https://blog.zabbix.com/zabbix-not-affected-by-the-log4j-exploit/17873/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ZAMMAD | | | | Unknown | [link](https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zaproxy | | | | Unknown | [link](https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zebra | | | | Unknown | [link](https://www.zebra.com/us/en/support-downloads/lifeguard-security/cve-2021-442280-dubbed-log4shell-or-logjam-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Zeiss | Cataract Suite | | 1.3.1 | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | EQ Workplace | | 1.6, 1.8 | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | FORUM | | 4.2.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | Glaucoma Workplace | | 3.5.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | Laser Treatment Workplace | | 1.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | Retina Workplace | | 2.5.x, 2.6.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | | Zendesk | All Products | All Versions | | Affected | [link](https://support.zendesk.com/hc/en-us/articles/4413583476122) | Zendesk products are all cloud-based; thus there are no updates for the customers to install as the company is working on patching their infrastructure and systems. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | | Zenoss | | | | Unknown | [link](https://support.zenoss.com/hc/en-us) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zentera Systems, Inc. | CoIP Access Platform | | | Not Affected | [link](https://support.zentera.net/hc/en-us/articles/4416227743511--CVE-2021-44228-Log4Shell-Vulnerability-in-Apache-Log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Zerto | | | | Unknown | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Zerto | Cloud Appliance | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zerto | Cloud Manager | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zerto | Virtual Manager | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zerto | Virtual Replication Appliance | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | | Zesty | | | | Unknown | [link](https://www.zesty.io/mindshare/company-announcements/log4j-exploit/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zimbra | | | | Unknown | [link](https://bugzilla.zimbra.com/show_bug.cgi?id=109428) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zix | | | | Unknown | [link](https://status.appriver.com/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Zoom | | | | Unknown | [link](https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Zoho | Online | | | Unknown | [link](https://help.zoho.com/portal/en/community/topic/update-on-the-recent-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zoom | | | | Not Affected | [link](https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ZPE systems Inc | | | | Unknown | [link](https://support.zpesystems.com/portal/en/kb/articles/is-nodegrid-os-and-zpe-cloud-affected-by-cve-2021-44228-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zscaler | See Link (Multiple Products) | | | Unknown | [link](https://trust.zscaler.com/posts/9581) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Zyxel | | | | Unknown | [link](https://www.zyxel.com/support/Zyxel_security_advisory_for_Apache_Log4j_RCE_vulnerability.shtml) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Zyxel | All other products | | | Not Affected | [link](https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Zyxel | Netlas Element Management System (EMS) | | | Affected | [link](https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability) | Hotfix availibility Dec. 20 2021. Patch availability in end of Feb. 2022. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Zyxel | Security Firewall/Gateways | | | Not Affected | [link](https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | diff --git a/config/SOFTWARE-LIST.tpl.md b/config/SOFTWARE-LIST.tpl.md index 25bd21f..6dc7340 100644 --- a/config/SOFTWARE-LIST.tpl.md +++ b/config/SOFTWARE-LIST.tpl.md @@ -12,10 +12,11 @@ ## Software List ## -This list was initially populated using information from the following sources: +This list has been populated using information from the following sources: - Kevin Beaumont - SwitHak +- National Cyber Security Centre - Netherlands (NCSC-NL) NOTE: This file is automatically generated. To submit updates, please refer to [`CONTRIBUTING.md`](CONTRIBUTING.md). diff --git a/data/cisagov.yml b/data/cisagov.yml index f7a7b7c..2f07023 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -154,6 +154,37 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: 7Signal + product: Sapphire + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.7signal.com/info/se-release-notes + notes: Fix released 2021-12-14 + references: + - '' + last_updated: '2021-12-14T00:00:00' - vendor: ABB product: '' cves: @@ -625,6 +656,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Advanced Micro Devices (AMD) + product: All + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' - vendor: Advanced Systems Concepts (formally Jscape) product: Active MFT cves: @@ -5415,10 +5476,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: BBraun + product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5434,9 +5526,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun - product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software + product: Outlook® Safety Infusion System Pump family cves: cve-2021-4104: investigated: false @@ -5444,10 +5536,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: BBraun + product: Pinnacle® Compounder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5463,9 +5586,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun - product: Outlook® Safety Infusion System Pump family + product: Pump, SpaceStation, and Space® Wireless Battery) cves: cve-2021-4104: investigated: false @@ -5473,10 +5596,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: BBraun + product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® + Space® Infusion + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5490,11 +5645,40 @@ software: vendor_links: - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: BD + product: Arctic Sun™ Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BBraun - product: Pinnacle® Compounder + - vendor: BD + product: BD Diabetes Care App Cloud cves: cve-2021-4104: investigated: false @@ -5517,13 +5701,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BBraun - product: Pump, SpaceStation, and Space® Wireless Battery) + - vendor: BD + product: BD HealthSight™ Clinical Advisor cves: cve-2021-4104: investigated: false @@ -5546,14 +5730,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BBraun - product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® - Space® Infusion + - vendor: BD + product: BD HealthSight™ Data Manager cves: cve-2021-4104: investigated: false @@ -5576,13 +5759,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: Arctic Sun™ Analytics + product: BD HealthSight™ Diversion Management cves: cve-2021-4104: investigated: false @@ -5611,7 +5794,65 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Diabetes Care App Cloud + product: BD HealthSight™ Infection Advisor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight™ Inventory Optimization Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight™ Medication Safety cves: cve-2021-4104: investigated: false @@ -5640,7 +5881,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD HealthSight™ Clinical Advisor + product: BD Knowledge Portal for BD Pyxis™ Supply cves: cve-2021-4104: investigated: false @@ -5669,7 +5910,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD HealthSight™ Data Manager + product: BD Knowledge Portal for Infusion Technologies cves: cve-2021-4104: investigated: false @@ -5698,7 +5939,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD HealthSight™ Diversion Management + product: BD Knowledge Portal for Medication Technologies cves: cve-2021-4104: investigated: false @@ -5727,7 +5968,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD HealthSight™ Infection Advisor + product: BD Synapsys™ Informatics Solution cves: cve-2021-4104: investigated: false @@ -5756,7 +5997,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD HealthSight™ Inventory Optimization Analytics + product: BD Veritor™ COVID At Home Solution Cloud cves: cve-2021-4104: investigated: false @@ -5784,8 +6025,8 @@ software: references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Medication Safety + - vendor: Beckman Coulter + product: Access 2 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -5793,10 +6034,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5808,13 +6050,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Knowledge Portal for BD Pyxis™ Supply + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T 5diff (Hematology) cves: cve-2021-4104: investigated: false @@ -5822,10 +6064,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5837,13 +6080,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Knowledge Portal for Infusion Technologies + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T Family (Hematology) cves: cve-2021-4104: investigated: false @@ -5851,10 +6094,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5866,13 +6110,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Knowledge Portal for Medication Technologies + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU2700 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -5880,10 +6124,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5895,13 +6140,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Synapsys™ Informatics Solution + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU480 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -5909,10 +6154,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5924,13 +6170,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Veritor™ COVID At Home Solution Cloud + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5400 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -5938,10 +6184,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5953,13 +6200,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: '' + product: AU5800 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -5967,10 +6214,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5986,9 +6234,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Beijer Electronics - product: acirro+ + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU640 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -5996,10 +6244,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6011,13 +6260,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: BFI frequency inverters + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU680 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -6025,10 +6274,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6040,13 +6290,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: BSD servo drives + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1200 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -6054,10 +6304,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6069,13 +6320,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: CloudVPN + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1250 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -6083,10 +6334,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6098,13 +6350,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: FnIO-G and M Distributed IO + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2500 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -6112,10 +6364,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6127,13 +6380,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: iX Developer + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2550 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -6141,10 +6394,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6156,13 +6410,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: Nexto modular PLC + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -6170,10 +6424,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6185,13 +6440,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: Nexto Xpress compact controller + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 Fit (Lab Automation) cves: cve-2021-4104: investigated: false @@ -6199,10 +6454,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6214,13 +6470,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: WARP Engineering Studio + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 500 (Hematology) cves: cve-2021-4104: investigated: false @@ -6228,10 +6484,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6243,13 +6500,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Bender - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 520 (Hematology) cves: cve-2021-4104: investigated: false @@ -6257,10 +6514,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6272,14 +6530,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bender.de/en/cert + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Best Practical Request Tracker (RT) and Request Tracker for Incident Response - (RTIR) - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 560 (Hematology) cves: cve-2021-4104: investigated: false @@ -6287,10 +6544,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6302,13 +6560,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BeyondTrust - product: Privilege Management Cloud + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 600 (Hematology) cves: cve-2021-4104: investigated: false @@ -6318,9 +6576,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6332,13 +6590,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust - product: Privilege Management Reporting in BeyondInsight + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 690T (Hematology) cves: cve-2021-4104: investigated: false @@ -6348,9 +6606,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '21.2' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6362,13 +6620,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust - product: Secure Remote Access appliances + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 800 (Hematology) cves: cve-2021-4104: investigated: false @@ -6380,7 +6638,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6392,13 +6650,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust Bomgar - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 900 (Hematology) cves: cve-2021-4104: investigated: false @@ -6406,10 +6664,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6421,13 +6680,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BioMerieux - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS (Hematology) cves: cve-2021-4104: investigated: false @@ -6435,10 +6694,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6450,13 +6710,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.biomerieux.com/en/cybersecurity-data-privacy + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: BisectHosting - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS II (Hematology) cves: cve-2021-4104: investigated: false @@ -6464,10 +6724,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6479,13 +6740,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BitDefender - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM Autoplak (Microbiology) cves: cve-2021-4104: investigated: false @@ -6493,10 +6754,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6508,13 +6770,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BitNami By VMware - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1040 (Microbiology) cves: cve-2021-4104: investigated: false @@ -6522,10 +6784,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6537,13 +6800,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.bitnami.com/general/security/security-2021-12-10/ + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BitRise - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1096 (Microbiology) cves: cve-2021-4104: investigated: false @@ -6551,10 +6814,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6566,13 +6830,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.bitrise.io/post/bitrises-response-to-log4j-vulnerability-cve-2021-44228 + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Bitwarden - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Command Central (Information Systems) cves: cve-2021-4104: investigated: false @@ -6580,9 +6844,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -6595,13 +6860,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bitwarden.com/t/log4j-log4shell-cve-is-bitwarden-affected-due-to-docker-image/36177/2 - notes: '' + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Customers can follow instructions to remove log4j references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Biztory - product: Fivetran + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Insights (Information Systems) cves: cve-2021-4104: investigated: false @@ -6609,9 +6874,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6624,13 +6890,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.biztory.com/blog/apache-log4j2-vulnerability - notes: '' + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Patch has been applied. references: - - Vendor review indicated Fivetran is not vulnerable to Log4j2 - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Black Kite - product: '' + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Inventory Manager (Information Systems) cves: cve-2021-4104: investigated: false @@ -6638,10 +6904,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6653,13 +6920,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blackkite.com/log4j-rce-vulnerability-log4shell-puts-millions-at-risk/ + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Blancco - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Workflow Manager (Information Systems) cves: cve-2021-4104: investigated: false @@ -6667,10 +6934,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6682,13 +6950,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.blancco.com/display/NEWS/2021/12/12/CVE-2021-44228+-+Critical+vulnerability+in+Apache+Log4j+library + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Blumira - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxU Workcell (Urinalysis) cves: cve-2021-4104: investigated: false @@ -6696,10 +6964,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6711,13 +6980,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.blumira.com/cve-2021-44228-log4shell/ + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Bladelogic Database Automation + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUc (Urinalysis) cves: cve-2021-4104: investigated: false @@ -6725,10 +6994,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6740,13 +7010,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUm (Urinalysis) cves: cve-2021-4104: investigated: false @@ -6754,10 +7024,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6769,13 +7040,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Products + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HighFlexX Software (Microbiology) cves: cve-2021-4104: investigated: false @@ -6783,10 +7054,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6798,13 +7070,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX (Hematology) cves: cve-2021-4104: investigated: false @@ -6812,10 +7084,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6827,13 +7100,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Automation Console + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX AL (Hematology) cves: cve-2021-4104: investigated: false @@ -6841,10 +7114,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6856,13 +7130,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Business Workflows + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iChemVELOCITY (Urinalysis) cves: cve-2021-4104: investigated: false @@ -6870,10 +7144,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6885,13 +7160,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Client Management + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: IMMAGE 800 (Nephelometry) cves: cve-2021-4104: investigated: false @@ -6899,10 +7174,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6914,13 +7190,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Cloud Cost + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Intelligent Sample Banking ISB (Lab Automation) cves: cve-2021-4104: investigated: false @@ -6928,10 +7204,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6943,13 +7220,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Cloud Security + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ipaw (Lab Automation) cves: cve-2021-4104: investigated: false @@ -6957,10 +7234,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6972,13 +7250,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix CMDB + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ Workcell (Urinalysis) cves: cve-2021-4104: investigated: false @@ -6986,10 +7264,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7001,13 +7280,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Continuous Optimization + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ200 (Urinalysis) cves: cve-2021-4104: investigated: false @@ -7015,10 +7294,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7030,13 +7310,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Control-M + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iRICELL (Urinalysis) cves: cve-2021-4104: investigated: false @@ -7044,10 +7324,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7059,13 +7340,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Digital Workplace + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LabPro Workstation and Database Computers Provided by Beckman Coulter + (Microbiology) cves: cve-2021-4104: investigated: false @@ -7073,8 +7355,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7088,13 +7371,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: The only known instance of vulnerability due to Log4J is using Axeda services references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Discovery + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH 500 (Hematology) cves: cve-2021-4104: investigated: false @@ -7102,11 +7385,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: + unaffected_versions: + - All + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] @@ -7117,13 +7401,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix ITSM + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidemaker (Hematology) cves: cve-2021-4104: investigated: false @@ -7131,10 +7415,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7146,13 +7431,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Knowledge Management + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidestraine (Hematology) cves: cve-2021-4104: investigated: false @@ -7160,10 +7445,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7175,13 +7461,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Operations Management with AIOps + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH750 (Hematology) cves: cve-2021-4104: investigated: false @@ -7189,10 +7475,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7204,13 +7491,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Platform + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH780 (Hematology) cves: cve-2021-4104: investigated: false @@ -7218,10 +7505,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7233,13 +7521,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix platform + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH785 (Hematology) cves: cve-2021-4104: investigated: false @@ -7247,10 +7535,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7262,13 +7551,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Remediate + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: MicroScan autoSCAN-4 (Microbiology) cves: cve-2021-4104: investigated: false @@ -7276,10 +7565,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7291,13 +7581,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Remediate + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7300 (Blood Bank) cves: cve-2021-4104: investigated: false @@ -7305,10 +7595,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7320,13 +7611,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Remedyforce + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7400 (Blood Bank) cves: cve-2021-4104: investigated: false @@ -7334,10 +7625,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7349,13 +7641,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Virtual Agent + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Express (Lab Automation) cves: cve-2021-4104: investigated: false @@ -7363,10 +7655,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7378,13 +7671,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Cloud Lifecycle Management + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Link (Lab Automation) cves: cve-2021-4104: investigated: false @@ -7392,10 +7685,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7407,13 +7701,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Control-M + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Processor (Lab Automation) cves: cve-2021-4104: investigated: false @@ -7421,10 +7715,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7436,13 +7731,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Footprints + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PROService (Information Systems) cves: cve-2021-4104: investigated: false @@ -7450,10 +7745,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7465,13 +7761,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: MainView Middleware Administrator + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: RAP Box (Information Systems) cves: cve-2021-4104: investigated: false @@ -7479,10 +7775,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7494,13 +7791,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: MainView Middleware Monitor + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: REMISOL ADVANCE (Information Systems) cves: cve-2021-4104: investigated: false @@ -7508,10 +7805,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7523,13 +7821,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Remedy ITSM (IT Service Management) + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Sorting Drive (Lab Automation) cves: cve-2021-4104: investigated: false @@ -7537,10 +7835,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7552,13 +7851,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: SmartIT + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 600 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -7566,10 +7865,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7581,13 +7881,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Track-It! + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 800 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -7595,10 +7895,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7610,13 +7911,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: TrueSight Automation for Networks + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 600 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -7624,10 +7925,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7639,13 +7941,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: TrueSight Automation for Servers + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 800 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -7653,10 +7955,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7668,13 +7971,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: TrueSight Capacity Optimization + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 plus (Microbiology) cves: cve-2021-4104: investigated: false @@ -7682,10 +7985,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7697,13 +8001,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: TrueSight Infrastructure Management + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 SI (Microbiology) cves: cve-2021-4104: investigated: false @@ -7711,10 +8015,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7726,13 +8031,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: TrueSight Operations Management + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 plus (Microbiology) cves: cve-2021-4104: investigated: false @@ -7740,10 +8045,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7755,13 +8061,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: TrueSight Orchestration + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 SI (Microbiology) cves: cve-2021-4104: investigated: false @@ -7769,10 +8075,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7784,13 +8091,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Bosch - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beijer Electronics + product: acirro+ cves: cve-2021-4104: investigated: false @@ -7813,13 +8120,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://bosch-iot-suite.com/news/apache-log4j-rce-vulnerability/ + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Boston Scientific - product: '' + - vendor: Beijer Electronics + product: BFI frequency inverters cves: cve-2021-4104: investigated: false @@ -7842,13 +8149,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bostonscientific.com/content/dam/bostonscientific/corporate/product-security/bsc_statement_on_apache_log4j-v1.pdf + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Box - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: BSD servo drives cves: cve-2021-4104: investigated: false @@ -7871,13 +8178,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.box.com/boxs-statement-recent-log4j-vulnerability-cve-2021-44228 + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Brainworks - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: CloudVPN cves: cve-2021-4104: investigated: false @@ -7900,13 +8207,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.brainworks.de/log4j-exploit-kerio-connect-workaround/ + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BrightSign - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: FnIO-G and M Distributed IO cves: cve-2021-4104: investigated: false @@ -7929,13 +8236,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://brightsign.atlassian.net/wiki/spaces/DOC/pages/370679198/Security+Statement+Log4J+Meltdown+and+Spectre+Vulnerabilities#SecurityStatement%3ALog4J%2CMeltdownandSpectreVulnerabilities-JavaApacheLog4j + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Advanced Secure Gateway (ASG) + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: iX Developer cves: cve-2021-4104: investigated: false @@ -7958,13 +8265,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Automic Automation + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: Nexto modular PLC cves: cve-2021-4104: investigated: false @@ -7987,13 +8294,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.broadcom.com/external/article?articleId=230308 + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: BCAAA + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: Nexto Xpress compact controller cves: cve-2021-4104: investigated: false @@ -8016,13 +8323,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: CA Advanced Authentication + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: WARP Engineering Studio cves: cve-2021-4104: investigated: false @@ -8030,9 +8337,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '9.1' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8045,13 +8351,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: CA Risk Authentication + last_updated: '2021-12-22T00:00:00' + - vendor: Bender + product: '' cves: cve-2021-4104: investigated: false @@ -8073,13 +8380,15 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.bender.de/en/cert notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: CA Strong Authentication + - vendor: Best Practical Request Tracker (RT) and Request Tracker for Incident Response + (RTIR) + product: '' cves: cve-2021-4104: investigated: false @@ -8101,13 +8410,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Cloud Workload Protection (CWP) + - vendor: BeyondTrust + product: Privilege Management Cloud cves: cve-2021-4104: investigated: false @@ -8115,10 +8425,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Unknown + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: BeyondTrust + product: Privilege Management Reporting in BeyondInsight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '21.2' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -8130,13 +8471,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Cloud Workload Protection for Storage (CWP:S) + last_updated: '2021-12-17T00:00:00' + - vendor: BeyondTrust + product: Secure Remote Access appliances + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Unknown + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: BeyondTrust Bomgar + product: '' cves: cve-2021-4104: investigated: false @@ -8159,13 +8530,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: CloudSOC Cloud Access Security Broker (CASB) + - vendor: BioMerieux + product: '' cves: cve-2021-4104: investigated: false @@ -8188,13 +8559,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.biomerieux.com/en/cybersecurity-data-privacy notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Content Analysis (CA) + last_updated: '2021-12-22T00:00:00' + - vendor: BisectHosting + product: '' cves: cve-2021-4104: investigated: false @@ -8217,13 +8588,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Critical System Protection (CSP) + - vendor: BitDefender + product: '' cves: cve-2021-4104: investigated: false @@ -8246,13 +8617,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Data Center Security (DCS) + - vendor: BitNami By VMware + product: '' cves: cve-2021-4104: investigated: false @@ -8275,13 +8646,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://docs.bitnami.com/general/security/security-2021-12-10/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Data Loss Prevention (DLP) + - vendor: BitRise + product: '' cves: cve-2021-4104: investigated: false @@ -8304,13 +8675,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://blog.bitrise.io/post/bitrises-response-to-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Email Security Service (ESS) + - vendor: Bitwarden + product: '' cves: cve-2021-4104: investigated: false @@ -8333,13 +8704,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bitwarden.com/t/log4j-log4shell-cve-is-bitwarden-affected-due-to-docker-image/36177/2 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Ghost Solution Suite (GSS) + - vendor: Biztory + product: Fivetran cves: cve-2021-4104: investigated: false @@ -8362,13 +8733,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.biztory.com/blog/apache-log4j2-vulnerability + notes: '' + references: + - Vendor review indicated Fivetran is not vulnerable to Log4j2 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Black Kite + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blackkite.com/log4j-rce-vulnerability-log4shell-puts-millions-at-risk/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: HSM Agent + - vendor: Blancco + product: '' cves: cve-2021-4104: investigated: false @@ -8391,13 +8791,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://support.blancco.com/display/NEWS/2021/12/12/CVE-2021-44228+-+Critical+vulnerability+in+Apache+Log4j+library notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Industrial Control System Protection (ICSP) + - vendor: Blumira + product: '' cves: cve-2021-4104: investigated: false @@ -8420,13 +8820,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.blumira.com/cve-2021-44228-log4shell/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Integrated Cyber Defense Manager (ICDm) + - vendor: BMC + product: Bladelogic Database Automation cves: cve-2021-4104: investigated: false @@ -8449,13 +8849,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Integrated Secure Gateway (ISG) + - vendor: BMC + product: BMC AMI Ops cves: cve-2021-4104: investigated: false @@ -8478,13 +8878,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: IT Management Suite + - vendor: BMC + product: BMC AMI Products cves: cve-2021-4104: investigated: false @@ -8507,13 +8907,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Layer7 API Developer Portal + - vendor: BMC + product: BMC Compuware cves: cve-2021-4104: investigated: false @@ -8536,13 +8936,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Layer7 API Gateway + - vendor: BMC + product: BMC Helix Automation Console cves: cve-2021-4104: investigated: false @@ -8565,13 +8965,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Layer7 Mobile API Gateway + - vendor: BMC + product: BMC Helix Business Workflows cves: cve-2021-4104: investigated: false @@ -8594,13 +8994,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Management Center (MC) + - vendor: BMC + product: BMC Helix Client Management cves: cve-2021-4104: investigated: false @@ -8623,13 +9023,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: PacketShaper (PS) S-Series + - vendor: BMC + product: BMC Helix Cloud Cost cves: cve-2021-4104: investigated: false @@ -8652,13 +9052,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: PolicyCenter (PC) S-Series + - vendor: BMC + product: BMC Helix Cloud Security cves: cve-2021-4104: investigated: false @@ -8681,13 +9081,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Privileged Access Manager + - vendor: BMC + product: BMC Helix CMDB cves: cve-2021-4104: investigated: false @@ -8710,13 +9110,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Privileged Access Manager Server Control + - vendor: BMC + product: BMC Helix Continuous Optimization cves: cve-2021-4104: investigated: false @@ -8739,13 +9139,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Privileged Identity Manager + - vendor: BMC + product: BMC Helix Control-M cves: cve-2021-4104: investigated: false @@ -8768,13 +9168,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: ProxySG + - vendor: BMC + product: BMC Helix Digital Workplace cves: cve-2021-4104: investigated: false @@ -8797,13 +9197,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Reporter + - vendor: BMC + product: BMC Helix Discovery cves: cve-2021-4104: investigated: false @@ -8826,13 +9226,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Secure Access Cloud (SAC) + - vendor: BMC + product: BMC Helix ITSM cves: cve-2021-4104: investigated: false @@ -8855,13 +9255,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Security Analytics (SA) + - vendor: BMC + product: BMC Helix Knowledge Management cves: cve-2021-4104: investigated: false @@ -8884,13 +9284,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: SiteMinder (CA Single Sign-On) + - vendor: BMC + product: BMC Helix Operations Management with AIOps cves: cve-2021-4104: investigated: false @@ -8913,13 +9313,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: SSL Visibility (SSLV) + - vendor: BMC + product: BMC Helix Platform cves: cve-2021-4104: investigated: false @@ -8942,13 +9342,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Control Compliance Suite (CCS) + - vendor: BMC + product: BMC Helix platform cves: cve-2021-4104: investigated: false @@ -8971,13 +9371,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Directory + - vendor: BMC + product: BMC Helix Remediate cves: cve-2021-4104: investigated: false @@ -9000,13 +9400,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Endpoint Detection and Response (EDR) + - vendor: BMC + product: BMC Helix Remediate cves: cve-2021-4104: investigated: false @@ -9029,13 +9429,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Endpoint Encryption (SEE) + - vendor: BMC + product: BMC Helix Remedyforce cves: cve-2021-4104: investigated: false @@ -9058,13 +9458,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Endpoint Protection (SEP) + - vendor: BMC + product: BMC Helix Virtual Agent cves: cve-2021-4104: investigated: false @@ -9087,13 +9487,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Endpoint Protection (SEP) for Mobile + - vendor: BMC + product: Cloud Lifecycle Management cves: cve-2021-4104: investigated: false @@ -9116,13 +9516,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Endpoint Protection Manager (SEPM) + - vendor: BMC + product: Control-M cves: cve-2021-4104: investigated: false @@ -9130,9 +9530,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '14.3' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9146,13 +9545,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Identity Governance and Administration (IGA) + - vendor: BMC + product: Footprints cves: cve-2021-4104: investigated: false @@ -9175,13 +9574,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Mail Security for Microsoft Exchange (SMSMSE) + - vendor: BMC + product: MainView Middleware Administrator cves: cve-2021-4104: investigated: false @@ -9204,13 +9603,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Messaging Gateway (SMG) + - vendor: BMC + product: MainView Middleware Monitor cves: cve-2021-4104: investigated: false @@ -9233,13 +9632,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec PGP Solutions + - vendor: BMC + product: Remedy ITSM (IT Service Management) cves: cve-2021-4104: investigated: false @@ -9262,13 +9661,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Protection Engine (SPE) + - vendor: BMC + product: SmartIT cves: cve-2021-4104: investigated: false @@ -9291,13 +9690,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Protection for SharePoint Servers (SPSS) + - vendor: BMC + product: Track-It! cves: cve-2021-4104: investigated: false @@ -9320,13 +9719,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: VIP + - vendor: BMC + product: TrueSight Automation for Networks cves: cve-2021-4104: investigated: false @@ -9349,13 +9748,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: VIP Authentication Hub + - vendor: BMC + product: TrueSight Automation for Servers cves: cve-2021-4104: investigated: false @@ -9378,13 +9777,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Web Isolation (WI) + - vendor: BMC + product: TrueSight Capacity Optimization cves: cve-2021-4104: investigated: false @@ -9407,13 +9806,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Web Security Service (WSS) + - vendor: BMC + product: TrueSight Infrastructure Management cves: cve-2021-4104: investigated: false @@ -9436,13 +9835,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: WebPulse + - vendor: BMC + product: TrueSight Operations Management cves: cve-2021-4104: investigated: false @@ -9465,13 +9864,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: C4b XPHONE - product: '' + - vendor: BMC + product: TrueSight Orchestration cves: cve-2021-4104: investigated: false @@ -9494,13 +9893,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.c4b.com/de/news/log4j.php + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Campbell Scientific - product: All + - vendor: Bosch + product: '' cves: cve-2021-4104: investigated: false @@ -9523,12 +9922,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://s.campbellsci.com/documents/us/miscellaneous/log4j2-vulnerability.pdf + - https://bosch-iot-suite.com/news/apache-log4j-rce-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Camunda + last_updated: '2021-12-22T00:00:00' + - vendor: Boston Scientific product: '' cves: cve-2021-4104: @@ -9552,13 +9951,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.camunda.org/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228/31910 + - https://www.bostonscientific.com/content/dam/bostonscientific/corporate/product-security/bsc_statement_on_apache_log4j-v1.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Canary Labs - product: All + last_updated: '2021-12-20T00:00:00' + - vendor: Box + product: '' cves: cve-2021-4104: investigated: false @@ -9581,13 +9980,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpcenter.canarylabs.com/t/83hjjk0/log4j-vulnerability + - https://blog.box.com/boxs-statement-recent-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: Alphenix (Angio Workstation) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Brainworks + product: '' cves: cve-2021-4104: investigated: false @@ -9610,13 +10009,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + - https://www.brainworks.de/log4j-exploit-kerio-connect-workaround/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: CT Medical Imaging Products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BrightSign + product: '' cves: cve-2021-4104: investigated: false @@ -9639,13 +10038,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + - https://brightsign.atlassian.net/wiki/spaces/DOC/pages/370679198/Security+Statement+Log4J+Meltdown+and+Spectre+Vulnerabilities#SecurityStatement%3ALog4J%2CMeltdownandSpectreVulnerabilities-JavaApacheLog4j notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: Infinix-i (Angio Workstation) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Advanced Secure Gateway (ASG) cves: cve-2021-4104: investigated: false @@ -9668,13 +10067,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: MR Medical Imaging Products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Automic Automation cves: cve-2021-4104: investigated: false @@ -9697,13 +10096,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + - https://knowledge.broadcom.com/external/article?articleId=230308 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: NM Medical Imaging Products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: BCAAA cves: cve-2021-4104: investigated: false @@ -9726,13 +10125,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: UL Medical Imaging Products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: CA Advanced Authentication cves: cve-2021-4104: investigated: false @@ -9740,8 +10139,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '9.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9754,14 +10154,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: Vitrea Advanced 7.x + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: CA Risk Authentication cves: cve-2021-4104: investigated: false @@ -9783,14 +10182,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: XR Medical Imaging Products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: CA Strong Authentication cves: cve-2021-4104: investigated: false @@ -9812,14 +10210,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: CapStorm - product: Copystorm + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Cloud Workload Protection (CWP) cves: cve-2021-4104: investigated: false @@ -9841,13 +10238,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: CarbonBlack - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Cloud Workload Protection for Storage (CWP:S) cves: cve-2021-4104: investigated: false @@ -9870,13 +10268,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Carestream - product: '' + - vendor: Broadcom + product: CloudSOC Cloud Access Security Broker (CASB) cves: cve-2021-4104: investigated: false @@ -9899,13 +10297,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Carrier - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Content Analysis (CA) cves: cve-2021-4104: investigated: false @@ -9928,13 +10326,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.corporate.carrier.com/product-security/advisories-resources/ + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CAS genesisWorld - product: '' + - vendor: Broadcom + product: Critical System Protection (CSP) cves: cve-2021-4104: investigated: false @@ -9957,13 +10355,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.cas.de/CASHelpdesk/FAQDetails.aspx?gguid=0x79F9E881EE3C46C1A71BE9EB3E480446 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cato Networks - product: '' + - vendor: Broadcom + product: Data Center Security (DCS) cves: cve-2021-4104: investigated: false @@ -9986,13 +10384,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.catonetworks.com/blog/cato-networks-rapid-response-to-the-apache-log4j-remote-code-execution-vulnerability/ + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cepheid - product: C360 + - vendor: Broadcom + product: Data Loss Prevention (DLP) cves: cve-2021-4104: investigated: false @@ -10015,13 +10413,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.cepheid.com/en_US/legal/product-security-updates + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Cepheid - product: GeneXpert + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Email Security Service (ESS) cves: cve-2021-4104: investigated: false @@ -10044,13 +10442,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.cepheid.com/en_US/legal/product-security-updates + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Cerberus FTP - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Ghost Solution Suite (GSS) cves: cve-2021-4104: investigated: false @@ -10073,13 +10471,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.cerberusftp.com/hc/en-us/articles/4412448183571-Cerberus-is-not-affected-by-CVE-2021-44228-log4j-0-day-vulnerability + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Chaser Systems - product: discrimiNAT Firewall + - vendor: Broadcom + product: HSM Agent cves: cve-2021-4104: investigated: false @@ -10087,11 +10485,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -10103,13 +10500,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://chasersystems.com/discrimiNAT/blog/log4shell-and-its-traces-in-a-network-egress-filter/#are-chasers-products-affected + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Check Point - product: CloudGuard + - vendor: Broadcom + product: Industrial Control System Protection (ICSP) cves: cve-2021-4104: investigated: false @@ -10117,11 +10514,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -10133,13 +10529,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Check Point - product: Harmony Endpoint & Harmony Mobile + - vendor: Broadcom + product: Integrated Cyber Defense Manager (ICDm) cves: cve-2021-4104: investigated: false @@ -10147,11 +10543,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -10163,13 +10558,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Check Point - product: Infinity Portal + - vendor: Broadcom + product: Integrated Secure Gateway (ISG) cves: cve-2021-4104: investigated: false @@ -10192,13 +10587,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Check Point - product: Quantum Security Gateway + - vendor: Broadcom + product: IT Management Suite cves: cve-2021-4104: investigated: false @@ -10206,11 +10601,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -10222,13 +10616,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Check Point - product: Quantum Security Management + - vendor: Broadcom + product: Layer7 API Developer Portal cves: cve-2021-4104: investigated: false @@ -10236,42 +10630,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 - notes: Where used, uses the 1.8.0\_u241 version of the JRE that protects against - this attack by default. - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Check Point - product: SMB - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All cve-2021-45046: investigated: false affected_versions: [] @@ -10283,13 +10645,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Check Point - product: ThreatCloud + - vendor: Broadcom + product: Layer7 API Gateway cves: cve-2021-4104: investigated: false @@ -10312,13 +10674,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CheckMK - product: '' + - vendor: Broadcom + product: Layer7 Mobile API Gateway cves: cve-2021-4104: investigated: false @@ -10341,13 +10703,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.checkmk.com/t/checkmk-not-affected-by-log4shell/28643/3 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ciphermail - product: '' + - vendor: Broadcom + product: Management Center (MC) cves: cve-2021-4104: investigated: false @@ -10370,13 +10732,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ciphermail.com/blog/ciphermail-gateway-and-webmail-messenger-are-not-vulnerable-to-cve-2021-44228.html + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CircleCI - product: CircleCI + - vendor: Broadcom + product: PacketShaper (PS) S-Series cves: cve-2021-4104: investigated: false @@ -10399,13 +10761,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.circleci.com/t/circleci-log4j-information-cve-2021-4422 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: CIS - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: PolicyCenter (PC) S-Series cves: cve-2021-4104: investigated: false @@ -10428,13 +10790,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cisecurity.atlassian.net/servicedesk/customer/portal/15/article/2434301961 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: AppDynamics + - vendor: Broadcom + product: Privileged Access Manager cves: cve-2021-4104: investigated: false @@ -10457,13 +10819,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco ACI Multi-Site Orchestrator + - vendor: Broadcom + product: Privileged Access Manager Server Control cves: cve-2021-4104: investigated: false @@ -10486,13 +10848,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco ACI Virtual Edge + - vendor: Broadcom + product: Privileged Identity Manager cves: cve-2021-4104: investigated: false @@ -10515,13 +10877,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Adaptive Security Appliance (ASA) Software + - vendor: Broadcom + product: ProxySG cves: cve-2021-4104: investigated: false @@ -10544,158 +10906,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Advanced Web Security Reporting Application - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco AMP Virtual Private Cloud Appliance - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco AnyConnect Secure Mobility Client - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Application Policy Infrastructure Controller (APIC) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco ASR 5000 Series Routers - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Broadcloud Calling + - vendor: Broadcom + product: Reporter cves: cve-2021-4104: investigated: false @@ -10718,13 +10935,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco BroadWorks + - vendor: Broadcom + product: Secure Access Cloud (SAC) cves: cve-2021-4104: investigated: false @@ -10747,13 +10964,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Catalyst 9800 Series Wireless Controllers + - vendor: Broadcom + product: Security Analytics (SA) cves: cve-2021-4104: investigated: false @@ -10776,13 +10993,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco CloudCenter Suite Admin + - vendor: Broadcom + product: SiteMinder (CA Single Sign-On) cves: cve-2021-4104: investigated: false @@ -10805,13 +11022,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco CloudCenter Workload Manager + - vendor: Broadcom + product: SSL Visibility (SSLV) cves: cve-2021-4104: investigated: false @@ -10834,13 +11051,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Cognitive Intelligence + - vendor: Broadcom + product: Symantec Control Compliance Suite (CCS) cves: cve-2021-4104: investigated: false @@ -10863,13 +11080,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Common Services Platform Collector + - vendor: Broadcom + product: Symantec Directory cves: cve-2021-4104: investigated: false @@ -10892,13 +11109,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Computer Telephony Integration Object Server (CTIOS) + - vendor: Broadcom + product: Symantec Endpoint Detection and Response (EDR) cves: cve-2021-4104: investigated: false @@ -10921,13 +11138,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Connected Grid Device Manager + - vendor: Broadcom + product: Symantec Endpoint Encryption (SEE) cves: cve-2021-4104: investigated: false @@ -10950,13 +11167,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Connected Mobile Experiences + - vendor: Broadcom + product: Symantec Endpoint Protection (SEP) cves: cve-2021-4104: investigated: false @@ -10979,13 +11196,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Connectivity + - vendor: Broadcom + product: Symantec Endpoint Protection (SEP) for Mobile cves: cve-2021-4104: investigated: false @@ -11008,13 +11225,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Contact Center Domain Manager (CCDM) + - vendor: Broadcom + product: Symantec Endpoint Protection Manager (SEPM) cves: cve-2021-4104: investigated: false @@ -11022,8 +11239,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '14.3' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -11037,13 +11255,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Contact Center Management Portal (CCMP) + - vendor: Broadcom + product: Symantec Identity Governance and Administration (IGA) cves: cve-2021-4104: investigated: false @@ -11066,13 +11284,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Crosswork Change Automation + - vendor: Broadcom + product: Symantec Mail Security for Microsoft Exchange (SMSMSE) cves: cve-2021-4104: investigated: false @@ -11095,13 +11313,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco CX Cloud Agent Software + - vendor: Broadcom + product: Symantec Messaging Gateway (SMG) cves: cve-2021-4104: investigated: false @@ -11124,13 +11342,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Data Center Network Manager (DCNM) + - vendor: Broadcom + product: Symantec PGP Solutions cves: cve-2021-4104: investigated: false @@ -11153,13 +11371,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Defense Orchestrator + - vendor: Broadcom + product: Symantec Protection Engine (SPE) cves: cve-2021-4104: investigated: false @@ -11182,13 +11400,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco DNA Assurance + - vendor: Broadcom + product: Symantec Protection for SharePoint Servers (SPSS) cves: cve-2021-4104: investigated: false @@ -11211,42 +11429,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco DNA Center - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco DNA Spaces + - vendor: Broadcom + product: VIP cves: cve-2021-4104: investigated: false @@ -11269,13 +11458,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Elastic Services Controller (ESC) + - vendor: Broadcom + product: VIP Authentication Hub cves: cve-2021-4104: investigated: false @@ -11298,13 +11487,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Emergency Responder + - vendor: Broadcom + product: Web Isolation (WI) cves: cve-2021-4104: investigated: false @@ -11327,13 +11516,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Enterprise Chat and Email + - vendor: Broadcom + product: Web Security Service (WSS) cves: cve-2021-4104: investigated: false @@ -11356,13 +11545,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Enterprise NFV Infrastructure Software (NFVIS) + - vendor: Broadcom + product: WebPulse cves: cve-2021-4104: investigated: false @@ -11385,13 +11574,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Evolved Programmable Network Manager + - vendor: C4b XPHONE + product: '' cves: cve-2021-4104: investigated: false @@ -11414,13 +11603,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.c4b.com/de/news/log4j.php notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Extensible Network Controller (XNC) + - vendor: Campbell Scientific + product: All cves: cve-2021-4104: investigated: false @@ -11443,13 +11632,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://s.campbellsci.com/documents/us/miscellaneous/log4j2-vulnerability.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Finesse + last_updated: '2021-12-23T00:00:00' + - vendor: Camunda + product: '' cves: cve-2021-4104: investigated: false @@ -11472,13 +11661,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://forum.camunda.org/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228/31910 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Firepower Management Center + - vendor: Canary Labs + product: All cves: cve-2021-4104: investigated: false @@ -11501,13 +11690,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://helpcenter.canarylabs.com/t/83hjjk0/log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Firepower Threat Defense (FTD) + last_updated: '2021-12-22T00:00:00' + - vendor: Canon + product: Canon DR Products CXDI_NE) cves: cve-2021-4104: investigated: false @@ -11515,10 +11704,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11530,13 +11720,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: Such as Omnera, FlexPro, Soltus references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco GGSN Gateway GPRS Support Node + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: CT Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -11544,10 +11734,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11559,13 +11750,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco HyperFlex System + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: Eye-Care Products cves: cve-2021-4104: investigated: false @@ -11573,10 +11764,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11588,13 +11780,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Identity Services Engine (ISE) + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: MR Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -11602,10 +11794,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11617,13 +11810,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Integrated Management Controller (IMC) Supervisor + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: NM Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -11631,10 +11824,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11646,13 +11840,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Intersight + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: UL Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -11660,10 +11854,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11675,13 +11870,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Intersight Virtual Appliance + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: Vitrea Advanced 7.x cves: cve-2021-4104: investigated: false @@ -11689,8 +11884,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -11704,13 +11900,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco IOS and IOS XE Software + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: VL Alphenix Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -11718,8 +11914,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -11733,14 +11930,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco IoT Field Network Director (formerly Cisco Connected Grid Network - Management System) + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: VL Infinix-i Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -11748,10 +11944,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11763,13 +11960,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco IoT Operations Dashboard + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: XR Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -11777,10 +11974,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11792,13 +11990,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco IOx Fog Director + last_updated: '2022-02-02T00:00:00' + - vendor: CapStorm + product: Copystorm cves: cve-2021-4104: investigated: false @@ -11820,14 +12018,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco IP Services Gateway (IPSG) + last_updated: '2021-12-22T00:00:00' + - vendor: CarbonBlack + product: '' cves: cve-2021-4104: investigated: false @@ -11850,13 +12047,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Kinetic for Cities + - vendor: Carestream + product: '' cves: cve-2021-4104: investigated: false @@ -11879,13 +12076,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco MDS 9000 Series Multilayer Switches + last_updated: '2021-12-20T00:00:00' + - vendor: Carrier + product: '' cves: cve-2021-4104: investigated: false @@ -11908,13 +12105,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.corporate.carrier.com/product-security/advisories-resources/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Meeting Server + - vendor: CAS genesisWorld + product: '' cves: cve-2021-4104: investigated: false @@ -11937,13 +12134,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://helpdesk.cas.de/CASHelpdesk/FAQDetails.aspx?gguid=0x79F9E881EE3C46C1A71BE9EB3E480446 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco MME Mobility Management Entity + - vendor: Cato Networks + product: '' cves: cve-2021-4104: investigated: false @@ -11966,13 +12163,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.catonetworks.com/blog/cato-networks-rapid-response-to-the-apache-log4j-remote-code-execution-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Modeling Labs + - vendor: Cepheid + product: C360 cves: cve-2021-4104: investigated: false @@ -11995,13 +12192,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.cepheid.com/en_US/legal/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Network Assessment (CNA) Tool + last_updated: '2021-12-20T00:00:00' + - vendor: Cepheid + product: GeneXpert cves: cve-2021-4104: investigated: false @@ -12024,100 +12221,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Network Assurance Engine - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Network Convergence System 2000 Series - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Network Planner - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.cepheid.com/en_US/legal/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Network Services Orchestrator (NSO) + last_updated: '2021-12-20T00:00:00' + - vendor: Cerberus FTP + product: '' cves: cve-2021-4104: investigated: false @@ -12140,13 +12250,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.cerberusftp.com/hc/en-us/articles/4412448183571-Cerberus-is-not-affected-by-CVE-2021-44228-log4j-0-day-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Nexus 5500 Platform Switches + - vendor: Chaser Systems + product: discrimiNAT Firewall cves: cve-2021-4104: investigated: false @@ -12154,10 +12264,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12169,13 +12280,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://chasersystems.com/discrimiNAT/blog/log4shell-and-its-traces-in-a-network-egress-filter/#are-chasers-products-affected notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Nexus 5600 Platform Switches + - vendor: Check Point + product: CloudGuard cves: cve-2021-4104: investigated: false @@ -12183,10 +12294,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12198,13 +12310,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Nexus 6000 Series Switches + - vendor: Check Point + product: Harmony Endpoint & Harmony Mobile cves: cve-2021-4104: investigated: false @@ -12212,10 +12324,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12227,13 +12340,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Nexus 7000 Series Switches + - vendor: Check Point + product: Infinity Portal cves: cve-2021-4104: investigated: false @@ -12256,14 +12369,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure - (ACI) mode + - vendor: Check Point + product: Quantum Security Gateway cves: cve-2021-4104: investigated: false @@ -12271,10 +12383,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12286,13 +12399,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Nexus Dashboard (formerly Cisco Application Services Engine) + - vendor: Check Point + product: Quantum Security Management cves: cve-2021-4104: investigated: false @@ -12300,10 +12413,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12315,13 +12429,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' + - https://supportcontent.checkpoint.com/solutions?id=sk176865 + notes: Where used, uses the 1.8.0\_u241 version of the JRE that protects against + this attack by default. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Nexus Data Broker + - vendor: Check Point + product: SMB cves: cve-2021-4104: investigated: false @@ -12329,10 +12444,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12344,13 +12460,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Nexus Insights + - vendor: Check Point + product: ThreatCloud cves: cve-2021-4104: investigated: false @@ -12373,13 +12489,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Optical Network Planner + - vendor: CheckMK + product: '' cves: cve-2021-4104: investigated: false @@ -12402,13 +12518,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://forum.checkmk.com/t/checkmk-not-affected-by-log4shell/28643/3 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Packaged Contact Center Enterprise + - vendor: Ciphermail + product: '' cves: cve-2021-4104: investigated: false @@ -12431,13 +12547,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.ciphermail.com/blog/ciphermail-gateway-and-webmail-messenger-are-not-vulnerable-to-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Paging Server + - vendor: CircleCI + product: CircleCI cves: cve-2021-4104: investigated: false @@ -12460,13 +12576,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://discuss.circleci.com/t/circleci-log4j-information-cve-2021-4422 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Paging Server (InformaCast) + last_updated: '2021-12-21T00:00:00' + - vendor: CIS + product: '' cves: cve-2021-4104: investigated: false @@ -12489,13 +12605,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://cisecurity.atlassian.net/servicedesk/customer/portal/15/article/2434301961 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco PDSN/HA Packet Data Serving Node and Home Agent + product: AppDynamics cves: cve-2021-4104: investigated: false @@ -12524,7 +12640,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco PGW Packet Data Network Gateway + product: Cisco ACI Multi-Site Orchestrator cves: cve-2021-4104: investigated: false @@ -12553,7 +12669,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Policy Suite + product: Cisco ACI Virtual Edge cves: cve-2021-4104: investigated: false @@ -12582,7 +12698,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Central for Service Providers + product: Cisco Adaptive Security Appliance (ASA) Software cves: cve-2021-4104: investigated: false @@ -12611,7 +12727,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Collaboration Manager + product: Cisco Advanced Web Security Reporting Application cves: cve-2021-4104: investigated: false @@ -12640,7 +12756,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Collaboration Provisioning + product: Cisco AMP Virtual Private Cloud Appliance cves: cve-2021-4104: investigated: false @@ -12669,7 +12785,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Infrastructure + product: Cisco AnyConnect Secure Mobility Client cves: cve-2021-4104: investigated: false @@ -12698,7 +12814,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime License Manager + product: Cisco Application Policy Infrastructure Controller (APIC) cves: cve-2021-4104: investigated: false @@ -12727,7 +12843,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Network + product: Cisco ASR 5000 Series Routers cves: cve-2021-4104: investigated: false @@ -12756,7 +12872,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Optical for Service Providers + product: Cisco Broadcloud Calling cves: cve-2021-4104: investigated: false @@ -12785,7 +12901,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Provisioning + product: Cisco BroadWorks cves: cve-2021-4104: investigated: false @@ -12814,7 +12930,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Service Catalog + product: Cisco Catalyst 9800 Series Wireless Controllers cves: cve-2021-4104: investigated: false @@ -12843,7 +12959,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Registered Envelope Service + product: Cisco CloudCenter Suite Admin cves: cve-2021-4104: investigated: false @@ -12872,7 +12988,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco SD-WAN vEdge 1000 Series Routers + product: Cisco CloudCenter Workload Manager cves: cve-2021-4104: investigated: false @@ -12901,7 +13017,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco SD-WAN vEdge 2000 Series Routers + product: Cisco Cognitive Intelligence cves: cve-2021-4104: investigated: false @@ -12930,7 +13046,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco SD-WAN vEdge 5000 Series Routers + product: Cisco Common Services Platform Collector cves: cve-2021-4104: investigated: false @@ -12959,7 +13075,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco SD-WAN vEdge Cloud Router Platform + product: Cisco Computer Telephony Integration Object Server (CTIOS) cves: cve-2021-4104: investigated: false @@ -12988,7 +13104,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco SD-WAN vManage + product: Cisco Connected Grid Device Manager cves: cve-2021-4104: investigated: false @@ -13017,7 +13133,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Secure Network Analytics (SNA), formerly Stealthwatch + product: Cisco Connected Mobile Experiences cves: cve-2021-4104: investigated: false @@ -13046,7 +13162,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco SocialMiner + product: Cisco Connectivity cves: cve-2021-4104: investigated: false @@ -13075,7 +13191,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco System Architecture Evolution Gateway (SAEGW) + product: Cisco Contact Center Domain Manager (CCDM) cves: cve-2021-4104: investigated: false @@ -13104,7 +13220,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco TelePresence Management Suite + product: Cisco Contact Center Management Portal (CCMP) cves: cve-2021-4104: investigated: false @@ -13133,7 +13249,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco UCS Director + product: Cisco Crosswork Change Automation cves: cve-2021-4104: investigated: false @@ -13162,7 +13278,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco UCS Performance Manager + product: Cisco CX Cloud Agent Software cves: cve-2021-4104: investigated: false @@ -13191,7 +13307,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Umbrella + product: Cisco Data Center Network Manager (DCNM) cves: cve-2021-4104: investigated: false @@ -13220,7 +13336,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Attendant Console Advanced + product: Cisco Defense Orchestrator cves: cve-2021-4104: investigated: false @@ -13249,7 +13365,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Attendant Console Business Edition + product: Cisco DNA Assurance cves: cve-2021-4104: investigated: false @@ -13278,7 +13394,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Attendant Console Department Edition + product: Cisco DNA Center cves: cve-2021-4104: investigated: false @@ -13307,7 +13423,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Attendant Console Enterprise Edition + product: Cisco DNA Spaces cves: cve-2021-4104: investigated: false @@ -13336,7 +13452,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Attendant Console Premium Edition + product: Cisco Elastic Services Controller (ESC) cves: cve-2021-4104: investigated: false @@ -13365,7 +13481,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Communications Manager Cloud + product: Cisco Emergency Responder cves: cve-2021-4104: investigated: false @@ -13394,7 +13510,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Contact Center Enterprise + product: Cisco Enterprise Chat and Email cves: cve-2021-4104: investigated: false @@ -13423,7 +13539,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Contact Center Enterprise - Live Data server + product: Cisco Enterprise NFV Infrastructure Software (NFVIS) cves: cve-2021-4104: investigated: false @@ -13452,7 +13568,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Contact Center Express + product: Cisco Evolved Programmable Network Manager cves: cve-2021-4104: investigated: false @@ -13481,7 +13597,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Intelligent Contact Management Enterprise + product: Cisco Extensible Network Controller (XNC) cves: cve-2021-4104: investigated: false @@ -13510,7 +13626,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified SIP Proxy Software + product: Cisco Finesse cves: cve-2021-4104: investigated: false @@ -13539,7 +13655,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Video Surveillance Operations Manager + product: Cisco Firepower Management Center cves: cve-2021-4104: investigated: false @@ -13568,7 +13684,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM + product: Cisco Firepower Threat Defense (FTD) cves: cve-2021-4104: investigated: false @@ -13597,7 +13713,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Virtualized Voice Browser + product: Cisco GGSN Gateway GPRS Support Node cves: cve-2021-4104: investigated: false @@ -13626,7 +13742,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Vision Dynamic Signage Director + product: Cisco HyperFlex System cves: cve-2021-4104: investigated: false @@ -13655,7 +13771,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco WAN Automation Engine (WAE) + product: Cisco Identity Services Engine (ISE) cves: cve-2021-4104: investigated: false @@ -13684,7 +13800,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Web Security Appliance (WSA) + product: Cisco Integrated Management Controller (IMC) Supervisor cves: cve-2021-4104: investigated: false @@ -13713,7 +13829,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Webex Cloud-Connected UC (CCUC) + product: Cisco Intersight cves: cve-2021-4104: investigated: false @@ -13742,7 +13858,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Webex Meetings Server + product: Cisco Intersight Virtual Appliance cves: cve-2021-4104: investigated: false @@ -13771,7 +13887,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Webex Teams + product: Cisco IOS and IOS XE Software cves: cve-2021-4104: investigated: false @@ -13800,7 +13916,8 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Wide Area Application Services (WAAS) + product: Cisco IoT Field Network Director (formerly Cisco Connected Grid Network + Management System) cves: cve-2021-4104: investigated: false @@ -13829,7 +13946,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Duo + product: Cisco IoT Operations Dashboard cves: cve-2021-4104: investigated: false @@ -13858,7 +13975,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: DUO network gateway (on-prem/self-hosted) + product: Cisco IOx Fog Director cves: cve-2021-4104: investigated: false @@ -13880,13 +13997,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: duo network gateway (on-prem/self-hosted) + product: Cisco IP Services Gateway (IPSG) cves: cve-2021-4104: investigated: false @@ -13908,13 +14026,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Exony Virtualized Interaction Manager (VIM) + product: Cisco Kinetic for Cities cves: cve-2021-4104: investigated: false @@ -13943,7 +14062,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Managed Services Accelerator (MSX) Network Access Control Service + product: Cisco MDS 9000 Series Multilayer Switches cves: cve-2021-4104: investigated: false @@ -13971,8 +14090,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Citrix - product: Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) + - vendor: Cisco + product: Cisco Meeting Server cves: cve-2021-4104: investigated: false @@ -13980,11 +14099,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -13996,17 +14114,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Application Delivery Management (NetScaler MAS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco MME Mobility Management Entity cves: cve-2021-4104: investigated: false @@ -14014,11 +14128,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14030,17 +14143,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Cloud Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Modeling Labs cves: cve-2021-4104: investigated: false @@ -14063,17 +14172,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Connector Appliance for Cloud Services + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Network Assessment (CNA) Tool cves: cve-2021-4104: investigated: false @@ -14096,18 +14201,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Content Collaboration (ShareFile Integration) – Citrix Files for - Windows, Citrix Files for Mac, Citrix Files for Outlook + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Network Assurance Engine cves: cve-2021-4104: investigated: false @@ -14130,17 +14230,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Endpoint Management (Citrix XenMobile Server) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Network Convergence System 2000 Series cves: cve-2021-4104: investigated: false @@ -14163,21 +14259,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: 'For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised - to apply the latest CEM rolling patch updates listed below as soon as possible - to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); - [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); - and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). - Note: Customers who have upgraded their XenMobile Server to the updated versions - are recommended not to apply the responder policy mentioned in the blog listed - below to the Citrix ADC vserver in front of the XenMobile Server as it may impact - the enrollment of Android devices. For CVE-2021-45105: Investigation in progress.' + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Hypervisor (XenServer) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Network Planner cves: cve-2021-4104: investigated: false @@ -14200,17 +14288,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix License Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Network Services Orchestrator (NSO) cves: cve-2021-4104: investigated: false @@ -14233,17 +14317,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix SD-WAN + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Nexus 5500 Platform Switches cves: cve-2021-4104: investigated: false @@ -14251,11 +14331,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14267,17 +14346,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Virtual Apps and Desktops (XenApp & XenDesktop) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Nexus 5600 Platform Switches cves: cve-2021-4104: investigated: false @@ -14300,20 +14375,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: - Customers are advised to apply the latest update as soon as possible to reduce - the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). - See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for - additional mitigations. For CVE-2021-45105: Investigation has shown that Linux - VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, - released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: - Linux VDA LTSR all versions; All other CVAD components.' + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Workspace App + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Nexus 6000 Series Switches cves: cve-2021-4104: investigated: false @@ -14321,11 +14389,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14337,17 +14404,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: ShareFile Storage Zones Controller + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Nexus 7000 Series Switches cves: cve-2021-4104: investigated: false @@ -14370,17 +14433,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Claris - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure + (ACI) mode cves: cve-2021-4104: investigated: false @@ -14403,13 +14463,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.claris.com/s/article/CVE-2021-44228-Apache-Log4j-Vulnerability-and-Claris-products?language=en_US + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: AM2CM Tool + - vendor: Cisco + product: Cisco Nexus Dashboard (formerly Cisco Application Services Engine) cves: cve-2021-4104: investigated: false @@ -14432,13 +14492,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Ambari + - vendor: Cisco + product: Cisco Nexus Data Broker cves: cve-2021-4104: investigated: false @@ -14446,10 +14506,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only versions 2.x - - 1.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14463,13 +14521,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Arcadia Enterprise + - vendor: Cisco + product: Cisco Nexus Insights cves: cve-2021-4104: investigated: false @@ -14477,9 +14535,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only version 7.1.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14493,13 +14550,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: CDH, HDP, and HDF + - vendor: Cisco + product: Cisco Optical Network Planner cves: cve-2021-4104: investigated: false @@ -14507,9 +14564,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only version 6.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14523,13 +14579,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: CDP Operational Database (COD) + - vendor: Cisco + product: Cisco Packaged Contact Center Enterprise cves: cve-2021-4104: investigated: false @@ -14552,13 +14608,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: CDP Private Cloud Base + - vendor: Cisco + product: Cisco Paging Server cves: cve-2021-4104: investigated: false @@ -14566,9 +14622,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only version 7.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14582,13 +14637,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: CDS 3 Powered by Apache Spark + - vendor: Cisco + product: Cisco Paging Server (InformaCast) cves: cve-2021-4104: investigated: false @@ -14596,9 +14651,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14612,13 +14666,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: CDS 3.2 for GPUs + - vendor: Cisco + product: Cisco PDSN/HA Packet Data Serving Node and Home Agent cves: cve-2021-4104: investigated: false @@ -14626,9 +14680,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14642,13 +14695,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Cybersecurity Platform + - vendor: Cisco + product: Cisco PGW Packet Data Network Gateway cves: cve-2021-4104: investigated: false @@ -14656,9 +14709,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14672,13 +14724,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Data Engineering (CDE) + - vendor: Cisco + product: Cisco Policy Suite cves: cve-2021-4104: investigated: false @@ -14701,13 +14753,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Data Engineering (CDE) + - vendor: Cisco + product: Cisco Prime Central for Service Providers cves: cve-2021-4104: investigated: false @@ -14715,9 +14767,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14731,13 +14782,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Data Flow (CFM) + - vendor: Cisco + product: Cisco Prime Collaboration Manager cves: cve-2021-4104: investigated: false @@ -14760,13 +14811,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Data Science Workbench (CDSW) + - vendor: Cisco + product: Cisco Prime Collaboration Provisioning cves: cve-2021-4104: investigated: false @@ -14774,10 +14825,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only versions 2.x - - 3.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14791,13 +14840,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Data Visualization (CDV) + - vendor: Cisco + product: Cisco Prime Infrastructure cves: cve-2021-4104: investigated: false @@ -14820,13 +14869,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Data Warehouse (CDW) + - vendor: Cisco + product: Cisco Prime License Manager cves: cve-2021-4104: investigated: false @@ -14849,13 +14898,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Data Warehouse (CDW) + - vendor: Cisco + product: Cisco Prime Network cves: cve-2021-4104: investigated: false @@ -14863,9 +14912,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14879,13 +14927,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera DataFlow (CDF) + - vendor: Cisco + product: Cisco Prime Optical for Service Providers cves: cve-2021-4104: investigated: false @@ -14908,13 +14956,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Edge Management (CEM) + - vendor: Cisco + product: Cisco Prime Provisioning cves: cve-2021-4104: investigated: false @@ -14922,9 +14970,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14938,13 +14985,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Enterprise + - vendor: Cisco + product: Cisco Prime Service Catalog cves: cve-2021-4104: investigated: false @@ -14952,9 +14999,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only version 6.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14968,13 +15014,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Flow Management (CFM) + - vendor: Cisco + product: Cisco Registered Envelope Service cves: cve-2021-4104: investigated: false @@ -14982,9 +15028,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14998,13 +15043,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Machine Learning (CML) + - vendor: Cisco + product: Cisco SD-WAN vEdge 1000 Series Routers cves: cve-2021-4104: investigated: false @@ -15027,13 +15072,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Machine Learning (CML) + - vendor: Cisco + product: Cisco SD-WAN vEdge 2000 Series Routers cves: cve-2021-4104: investigated: false @@ -15041,9 +15086,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15057,14 +15101,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication - Manager) + - vendor: Cisco + product: Cisco SD-WAN vEdge 5000 Series Routers cves: cve-2021-4104: investigated: false @@ -15072,9 +15115,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15088,14 +15130,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication - Manager) + - vendor: Cisco + product: Cisco SD-WAN vEdge Cloud Router Platform cves: cve-2021-4104: investigated: false @@ -15103,11 +15144,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only versions 7.0.x - - 7.1.x - - 7.2.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15121,13 +15159,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Manager (Including Backup Disaster Recovery (BDR)) + - vendor: Cisco + product: Cisco SD-WAN vManage cves: cve-2021-4104: investigated: false @@ -15150,13 +15188,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Runtime (including Cloudera Data Hub and all Data Hub templates) + - vendor: Cisco + product: Cisco Secure Network Analytics (SNA), formerly Stealthwatch cves: cve-2021-4104: investigated: false @@ -15164,11 +15202,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only versions 7.0.x - - 7.1.x - - 7.2.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15182,13 +15217,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Stream Processing (CSP) + - vendor: Cisco + product: Cisco SocialMiner cves: cve-2021-4104: investigated: false @@ -15196,9 +15231,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15212,13 +15246,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Streaming Analytics (CSA) + - vendor: Cisco + product: Cisco System Architecture Evolution Gateway (SAEGW) cves: cve-2021-4104: investigated: false @@ -15241,13 +15275,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Streaming Analytics (CSA) + - vendor: Cisco + product: Cisco TelePresence Management Suite cves: cve-2021-4104: investigated: false @@ -15270,13 +15304,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Data Analytics Studio (DAS) + - vendor: Cisco + product: Cisco UCS Director cves: cve-2021-4104: investigated: false @@ -15299,13 +15333,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Data Catalog + - vendor: Cisco + product: Cisco UCS Performance Manager cves: cve-2021-4104: investigated: false @@ -15328,13 +15362,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Data Lifecycle Manager (DLM) + - vendor: Cisco + product: Cisco Umbrella cves: cve-2021-4104: investigated: false @@ -15357,43 +15391,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Data Steward Studio (DSS) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All versions - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Hortonworks Data Flow (HDF) + - vendor: Cisco + product: Cisco Unified Attendant Console Advanced cves: cve-2021-4104: investigated: false @@ -15416,13 +15420,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Hortonworks Data Platform (HDP) + - vendor: Cisco + product: Cisco Unified Attendant Console Business Edition cves: cve-2021-4104: investigated: false @@ -15430,11 +15434,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only versions 7.1.x - - 2.7.x - - 2.6.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15448,13 +15449,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Hortonworks DataPlane Platform + - vendor: Cisco + product: Cisco Unified Attendant Console Department Edition cves: cve-2021-4104: investigated: false @@ -15477,13 +15478,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Management Console + - vendor: Cisco + product: Cisco Unified Attendant Console Enterprise Edition cves: cve-2021-4104: investigated: false @@ -15491,9 +15492,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15507,13 +15507,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Management Console for CDP Public Cloud + - vendor: Cisco + product: Cisco Unified Attendant Console Premium Edition cves: cve-2021-4104: investigated: false @@ -15536,13 +15536,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Replication Manager + - vendor: Cisco + product: Cisco Unified Communications Manager Cloud cves: cve-2021-4104: investigated: false @@ -15565,13 +15565,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: SmartSense + - vendor: Cisco + product: Cisco Unified Contact Center Enterprise cves: cve-2021-4104: investigated: false @@ -15594,13 +15594,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Workload Manager + - vendor: Cisco + product: Cisco Unified Contact Center Enterprise - Live Data server cves: cve-2021-4104: investigated: false @@ -15623,13 +15623,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Workload XM + - vendor: Cisco + product: Cisco Unified Contact Center Express cves: cve-2021-4104: investigated: false @@ -15637,9 +15637,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15653,13 +15652,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Workload XM (SaaS) + - vendor: Cisco + product: Cisco Unified Intelligent Contact Management Enterprise cves: cve-2021-4104: investigated: false @@ -15682,13 +15681,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CloudFlare - product: '' + - vendor: Cisco + product: Cisco Unified SIP Proxy Software cves: cve-2021-4104: investigated: false @@ -15711,13 +15710,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/ + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudian HyperStore - product: '' + - vendor: Cisco + product: Cisco Video Surveillance Operations Manager cves: cve-2021-4104: investigated: false @@ -15740,13 +15739,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloudian-support.force.com/s/article/SECURITY-Cloudian-HyperStore-Log4j-vulnerability-CVE-2021-44228 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudogu - product: Ecosystem + - vendor: Cisco + product: Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM cves: cve-2021-4104: investigated: false @@ -15754,9 +15753,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15770,13 +15768,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.cloudogu.com/t/security-vulnerability-log4shell-cve-2021-44228/417 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudogu - product: SCM-Manager + - vendor: Cisco + product: Cisco Virtualized Voice Browser cves: cve-2021-4104: investigated: false @@ -15799,13 +15797,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://scm-manager.org/blog/posts/2021-12-13-log4shell/ + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudron - product: '' + - vendor: Cisco + product: Cisco Vision Dynamic Signage Director cves: cve-2021-4104: investigated: false @@ -15828,13 +15826,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.cloudron.io/topic/6153/log4j-and-log4j2-library-vulnerability?lang=en-US + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Clover - product: '' + - vendor: Cisco + product: Cisco WAN Automation Engine (WAE) cves: cve-2021-4104: investigated: false @@ -15857,74 +15855,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.clover.com/articles/35868/apache-log4j-vulnerability-cve-2021-44228.html + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Code42 - product: Code42 App - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - 8.8.1 - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Code42 - product: Crashplan - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates - notes: The CrashPlan app is EOL and is now called Code42. If you detect CrashPlan - installed, it is vulnerable. You can update easily to Code42 8.8.1 or newer. - references: - - '[https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/](https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/)' - last_updated: '2021-12-16T00:00:00' - - vendor: CodeBeamer - product: '' + - vendor: Cisco + product: Cisco Web Security Appliance (WSA) cves: cve-2021-4104: investigated: false @@ -15947,13 +15884,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://codebeamer.com/cb/wiki/19872365 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Codesys - product: '' + - vendor: Cisco + product: Cisco Webex Cloud-Connected UC (CCUC) cves: cve-2021-4104: investigated: false @@ -15976,13 +15913,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.codesys.com/news-events/news/article/log4j-not-used-in-codesys.html + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cohesity - product: '' + - vendor: Cisco + product: Cisco Webex Meetings Server cves: cve-2021-4104: investigated: false @@ -16005,13 +15942,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.cohesity.com/s/article/Security-Advisory-Apache-Log4j-Remote-Code-Execution-RCE-CVE-2021-44228 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CommVault - product: '' + - vendor: Cisco + product: Cisco Webex Teams cves: cve-2021-4104: investigated: false @@ -16034,13 +15971,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://documentation.commvault.com/v11/essential/146231_security_vulnerability_and_reporting.html + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Concourse - product: Concourse + - vendor: Cisco + product: Cisco Wide Area Application Services (WAAS) cves: cve-2021-4104: investigated: false @@ -16063,13 +16000,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/concourse/concourse/discussions/7887 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ConcreteCMS.com - product: '' + - vendor: Cisco + product: Duo cves: cve-2021-4104: investigated: false @@ -16092,13 +16029,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.concretecms.com/about/blog/security/concrete-log4j-zero-day-exploit + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Confluent - product: Confluent Cloud + - vendor: Cisco + product: DUO network gateway (on-prem/self-hosted) cves: cve-2021-4104: investigated: false @@ -16106,10 +16043,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - N/A + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -16121,14 +16057,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent ElasticSearch Sink Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: duo network gateway (on-prem/self-hosted) cves: cve-2021-4104: investigated: false @@ -16136,9 +16071,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <11.1.7 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16151,14 +16085,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent for Kubernetes + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Exony Virtualized Interaction Manager (VIM) cves: cve-2021-4104: investigated: false @@ -16166,11 +16099,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -16182,13 +16114,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent Google DataProc Sink Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Managed Services Accelerator (MSX) Network Access Control Service cves: cve-2021-4104: investigated: false @@ -16196,9 +16128,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <1.1.5 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16212,13 +16143,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent HDFS 2 Sink Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Citrix + product: Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) cves: cve-2021-4104: investigated: false @@ -16227,10 +16158,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <10.1.3 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: investigated: false affected_versions: [] @@ -16242,13 +16173,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent HDFS 3 Sink Connector + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Application Delivery Management (NetScaler MAS) cves: cve-2021-4104: investigated: false @@ -16257,10 +16192,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <1.1.8 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: investigated: false affected_versions: [] @@ -16272,13 +16207,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent Kafka Connectors + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Cloud Connector cves: cve-2021-4104: investigated: false @@ -16286,11 +16225,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -16302,13 +16240,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent Platform + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Connector Appliance for Cloud Services cves: cve-2021-4104: investigated: false @@ -16316,9 +16258,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <7.0.1 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16332,13 +16273,18 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent Splunk Sink Connector + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Content Collaboration (ShareFile Integration) – Citrix Files for + Windows, Citrix Files for Mac, Citrix Files for Outlook cves: cve-2021-4104: investigated: false @@ -16346,9 +16292,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <2.05 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16362,13 +16307,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent VMWare Tanzu GemFire Sink Connector + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Endpoint Management (Citrix XenMobile Server) cves: cve-2021-4104: investigated: false @@ -16376,9 +16325,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <1.0.8 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16392,13 +16340,21 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: 'For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised + to apply the latest CEM rolling patch updates listed below as soon as possible + to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); + [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); + and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). + Note: Customers who have upgraded their XenMobile Server to the updated versions + are recommended not to apply the responder policy mentioned in the blog listed + below to the Citrix ADC vserver in front of the XenMobile Server as it may impact + the enrollment of Android devices. For CVE-2021-45105: Investigation in progress.' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Connect2id - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Hypervisor (XenServer) cves: cve-2021-4104: investigated: false @@ -16421,13 +16377,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://connect2id.com/blog/connect2id-server-12-5-1 - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ConnectWise - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix License Server cves: cve-2021-4104: investigated: false @@ -16450,13 +16410,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.connectwise.com/company/trust/advisories - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ContrastSecurity - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix SD-WAN cves: cve-2021-4104: investigated: false @@ -16464,10 +16428,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: investigated: false affected_versions: [] @@ -16479,13 +16444,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.contrastsecurity.com/hc/en-us/articles/4412612486548 - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ControlUp - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Virtual Apps and Desktops (XenApp & XenDesktop) cves: cve-2021-4104: investigated: false @@ -16508,13 +16477,20 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.controlup.com/incidents/qqyvh7b1dz8k - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: + Customers are advised to apply the latest update as soon as possible to reduce + the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). + See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for + additional mitigations. For CVE-2021-45105: Investigation has shown that Linux + VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, + released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: + Linux VDA LTSR all versions; All other CVAD components.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: COPADATA - product: All + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Workspace App cves: cve-2021-4104: investigated: false @@ -16522,10 +16498,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: investigated: false affected_versions: [] @@ -16537,13 +16514,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.copadata.com/fileadmin/user_upload/faq/files/InformationReport_CVE_2021_44228.pdf - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: CouchBase - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: ShareFile Storage Zones Controller cves: cve-2021-4104: investigated: false @@ -16566,12 +16547,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402 - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CPanel + last_updated: '2021-12-21T00:00:00' + - vendor: Claris product: '' cves: cve-2021-4104: @@ -16595,13 +16580,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/ + - https://support.claris.com/s/article/CVE-2021-44228-Apache-Log4j-Vulnerability-and-Claris-products?language=en_US notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cradlepoint - product: '' + - vendor: Cloudera + product: AM2CM Tool cves: cve-2021-4104: investigated: false @@ -16624,13 +16609,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cradlepoint.com/vulnerability-alerts/cve-2021-44228-apache-log4j-security-vulnerabilities/ + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Crestron - product: '' + - vendor: Cloudera + product: Ambari cves: cve-2021-4104: investigated: false @@ -16638,8 +16623,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Only versions 2.x + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16653,13 +16640,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.crestron.com/Security/Security_Advisories/Apache-Log4j + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: CrushFTP - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Arcadia Enterprise cves: cve-2021-4104: investigated: false @@ -16667,8 +16654,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Only version 7.1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16682,13 +16670,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.crushftp.com/download.html + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CryptShare - product: '' + - vendor: Cloudera + product: CDH, HDP, and HDF cves: cve-2021-4104: investigated: false @@ -16696,8 +16684,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Only version 6.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16711,13 +16700,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.cryptshare.com/en/support/cryptshare-support/#c67572 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CyberArk - product: Privileged Threat Analytics (PTA) + - vendor: Cloudera + product: CDP Operational Database (COD) cves: cve-2021-4104: investigated: false @@ -16725,10 +16714,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - N/A + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -16741,14 +16729,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cyberark-customers.force.com/s/article/Critical-Vulnerability-CVE-2021-44228 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - - This advisory is available to customers only and has not been reviewed by - CISA. - last_updated: '2021-12-14T00:00:00' - - vendor: Cybereason - product: '' + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: CDP Private Cloud Base cves: cve-2021-4104: investigated: false @@ -16756,8 +16743,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Only version 7.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16771,13 +16759,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CyberRes - product: '' + - vendor: Cloudera + product: CDS 3 Powered by Apache Spark cves: cve-2021-4104: investigated: false @@ -16785,8 +16773,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16800,13 +16789,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44228 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Daktronics - product: All Sport Pro + - vendor: Cloudera + product: CDS 3.2 for GPUs cves: cve-2021-4104: investigated: false @@ -16814,8 +16803,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16829,13 +16819,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Dakronics Media Player + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Cybersecurity Platform cves: cve-2021-4104: investigated: false @@ -16844,10 +16834,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions fixed_versions: [] - unaffected_versions: - - DMP (any series) + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -16859,13 +16849,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Dakronics Web Player + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Data Engineering (CDE) cves: cve-2021-4104: investigated: false @@ -16874,8 +16864,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - DWP-1000 + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16889,14 +16878,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 - notes: 'DWP-1000: Not present in our codebase, but awaiting confirmation from - LG re: webOS platform.' + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Data Vision Software (DVS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Data Engineering (CDE) cves: cve-2021-4104: investigated: false @@ -16904,8 +16892,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16919,14 +16908,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 - notes: DVS has one microservice that uses Log4j, but it uses a version that is - not impacted. + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Dynamic Messaging System (DMS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Data Flow (CFM) cves: cve-2021-4104: investigated: false @@ -16949,13 +16937,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Dynamic Messaging System - DMS Core Player + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Data Science Workbench (CDSW) cves: cve-2021-4104: investigated: false @@ -16964,10 +16952,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Only versions 2.x + - 3.x fixed_versions: [] - unaffected_versions: - - P10 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -16979,13 +16968,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Dynamic Messaging System - DMS Player hardware + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Data Visualization (CDV) cves: cve-2021-4104: investigated: false @@ -16993,17 +16982,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - AMP-R200 - - AMP-R400 - - AMP-R800 - - AMP-SM100 - - AMP-SE100 - - AMP-SM200 - - AMP-SM400 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17015,13 +16997,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Dynamic Messaging System - DMS Web Player + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Data Warehouse (CDW) cves: cve-2021-4104: investigated: false @@ -17044,14 +17026,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 - notes: 'DMS Web Player: Not present in our codebase, but awaiting confirmation - from LG re: webOS platform.' + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: IBoot - Dataprobe IBoot Devices + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Data Warehouse (CDW) cves: cve-2021-4104: investigated: false @@ -17060,14 +17041,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions fixed_versions: [] - unaffected_versions: - - A-3257 - - '3256' - - '2270' - - '2269' - - '1978' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17079,13 +17056,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Outdoor Smartlink Devices + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera DataFlow (CDF) cves: cve-2021-4104: investigated: false @@ -17093,17 +17070,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - A-3189335 - - '3128' - - '3416' - - '3418' - - '3707' - - '3708' - - '3709' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17115,13 +17085,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Routers - Cisco Meraki Z3/Z3c Routers + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Edge Management (CEM) cves: cve-2021-4104: investigated: false @@ -17130,10 +17100,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions fixed_versions: [] - unaffected_versions: - - A-4036028 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17145,13 +17115,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Routers - Cisco Z1 Routers + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Enterprise cves: cve-2021-4104: investigated: false @@ -17160,10 +17130,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Only version 6.x fixed_versions: [] - unaffected_versions: - - A-3665 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17175,13 +17145,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Routers - Sierra Wireless RV50x/RV50 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Flow Management (CFM) cves: cve-2021-4104: investigated: false @@ -17189,9 +17159,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - A-3350704 + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17205,13 +17175,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Show Control System (SCS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Machine Learning (CML) cves: cve-2021-4104: investigated: false @@ -17234,13 +17204,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Vanguard + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Machine Learning (CML) cves: cve-2021-4104: investigated: false @@ -17248,8 +17218,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17263,13 +17234,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Venus 1500 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication + Manager) cves: cve-2021-4104: investigated: false @@ -17277,8 +17249,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17292,13 +17265,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Venus Control Suite (VCS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication + Manager) cves: cve-2021-4104: investigated: false @@ -17306,8 +17280,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Only versions 7.0.x + - 7.1.x + - 7.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17321,13 +17298,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Video Image Processors + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Manager (Including Backup Disaster Recovery (BDR)) cves: cve-2021-4104: investigated: false @@ -17335,11 +17312,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - VIP-5060/VIP-5160/VIP-4060 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17351,13 +17327,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Webcam - Mobotix + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Runtime (including Cloudera Data Hub and all Data Hub templates) cves: cve-2021-4104: investigated: false @@ -17366,12 +17342,12 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Only versions 7.0.x + - 7.1.x + - 7.2.x fixed_versions: [] - unaffected_versions: - - A-2242 - - A-3127 - - A-3719 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17383,13 +17359,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: DarkTrace - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Stream Processing (CSP) cves: cve-2021-4104: investigated: false @@ -17397,8 +17373,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17412,13 +17389,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://customerportal.darktrace.com/inside-the-soc/get-article/201 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Dassault Systèmes - product: '' + - vendor: Cloudera + product: Cloudera Streaming Analytics (CSA) cves: cve-2021-4104: investigated: false @@ -17441,13 +17418,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Databricks - product: '' + - vendor: Cloudera + product: Cloudera Streaming Analytics (CSA) cves: cve-2021-4104: investigated: false @@ -17470,13 +17447,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.google.com/document/d/e/2PACX-1vREjwZk17BAHGwj5Phizi4DPFS9EIUbAMX-CswlgbFwqwKXNKZC8MrT-L6wUgfIChsSHtvd_QD3-659/pub + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Datadog - product: Datadog Agent + - vendor: Cloudera + product: Data Analytics Studio (DAS) cves: cve-2021-4104: investigated: false @@ -17484,13 +17461,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '>=6.17.0' - - <=6.32.2 - - '>=7.17.0' - - <=7.32.2 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -17503,13 +17476,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.datadoghq.com/log4j-vulnerability/ + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Dataminer - product: '' + - vendor: Cloudera + product: Data Catalog cves: cve-2021-4104: investigated: false @@ -17532,13 +17505,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.dataminer.services/responding-to-log4shell-vulnerability/ + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Datev - product: '' + - vendor: Cloudera + product: Data Lifecycle Manager (DLM) cves: cve-2021-4104: investigated: false @@ -17561,13 +17534,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.datev-community.de/t5/Freie-Themen/Log4-J-Schwachstelle/m-p/258185/highlight/true#M14308 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Datto - product: '' + - vendor: Cloudera + product: Data Steward Studio (DSS) cves: cve-2021-4104: investigated: false @@ -17575,8 +17548,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17590,13 +17564,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.datto.com/blog/dattos-response-to-log4shell + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: dCache.org - product: '' + - vendor: Cloudera + product: Hortonworks Data Flow (HDF) cves: cve-2021-4104: investigated: false @@ -17619,13 +17593,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dcache.org/post/log4j-vulnerability/ + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Debian - product: '' + - vendor: Cloudera + product: Hortonworks Data Platform (HDP) cves: cve-2021-4104: investigated: false @@ -17633,8 +17607,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Only versions 7.1.x + - 2.7.x + - 2.6.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17648,13 +17625,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security-tracker.debian.org/tracker/CVE-2021-44228 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Deepinstinct - product: '' + - vendor: Cloudera + product: Hortonworks DataPlane Platform cves: cve-2021-4104: investigated: false @@ -17677,13 +17654,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-what-you-need-to-know + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Dell - product: '"Dell EMC PowerMax VMAX VMAX3 and VMAX AFA"' + - vendor: Cloudera + product: Management Console cves: cve-2021-4104: investigated: false @@ -17692,10 +17669,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17707,13 +17684,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: '"Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC"' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Management Console for CDP Public Cloud cves: cve-2021-4104: investigated: false @@ -17721,11 +17698,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17737,13 +17713,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware Command Center + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Replication Manager cves: cve-2021-4104: investigated: false @@ -17751,11 +17727,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17767,13 +17742,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware OC Controls + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: SmartSense cves: cve-2021-4104: investigated: false @@ -17781,11 +17756,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17797,13 +17771,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware On Screen Display + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Workload Manager cves: cve-2021-4104: investigated: false @@ -17811,11 +17785,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17827,13 +17800,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware Update + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Workload XM cves: cve-2021-4104: investigated: false @@ -17842,10 +17815,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17857,13 +17830,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: APEX Console + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Workload XM (SaaS) cves: cve-2021-4104: investigated: false @@ -17871,10 +17844,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - N/A + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -17887,13 +17859,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: APEX Data Storage Services + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CloudFlare + product: '' cves: cve-2021-4104: investigated: false @@ -17916,13 +17888,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patch in progress + - https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/ + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Atmos + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudian HyperStore + product: '' cves: cve-2021-4104: investigated: false @@ -17930,11 +17902,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17946,13 +17917,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://cloudian-support.force.com/s/article/SECURITY-Cloudian-HyperStore-Log4j-vulnerability-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Azure Stack HCI + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudogu + product: Ecosystem cves: cve-2021-4104: investigated: false @@ -17961,10 +17932,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17976,13 +17947,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://community.cloudogu.com/t/security-vulnerability-log4shell-cve-2021-44228/417 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: CalMAN Powered Calibration Firmware + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudogu + product: SCM-Manager cves: cve-2021-4104: investigated: false @@ -17990,11 +17961,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18006,13 +17976,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://scm-manager.org/blog/posts/2021-12-13-log4shell/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: CalMAN Ready for Dell + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudron + product: '' cves: cve-2021-4104: investigated: false @@ -18020,11 +17990,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18036,13 +18005,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://forum.cloudron.io/topic/6153/log4j-and-log4j2-library-vulnerability?lang=en-US notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Centera + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Clover + product: '' cves: cve-2021-4104: investigated: false @@ -18050,11 +18019,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18066,13 +18034,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://community.clover.com/articles/35868/apache-log4j-vulnerability-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Chameleon Linux Based Diagnostics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Code42 + product: Code42 App cves: cve-2021-4104: investigated: false @@ -18082,9 +18050,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - 8.8.1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18096,13 +18064,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Chassis Management Controller (CMC) + last_updated: '2021-12-22T00:00:00' + - vendor: Code42 + product: Crashplan cves: cve-2021-4104: investigated: false @@ -18112,9 +18080,39 @@ software: cve-2021-44228: investigated: true affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates + notes: The CrashPlan app is EOL and is now called Code42. If you detect CrashPlan + installed, it is vulnerable. You can update easily to Code42 8.8.1 or newer. + references: + - '[https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/](https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/)' + last_updated: '2021-12-16T00:00:00' + - vendor: CodeBeamer + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18126,13 +18124,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://codebeamer.com/cb/wiki/19872365 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: China HDD Deluxe + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Codesys + product: '' cves: cve-2021-4104: investigated: false @@ -18140,11 +18138,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18156,13 +18153,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.codesys.com/news-events/news/article/log4j-not-used-in-codesys.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Cloud IQ + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cohesity + product: '' cves: cve-2021-4104: investigated: false @@ -18185,13 +18182,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + - https://support.cohesity.com/s/article/Security-Advisory-Apache-Log4j-Remote-Code-Execution-RCE-CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Cloud Mobility for Dell EMC Storage + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CommVault + product: '' cves: cve-2021-4104: investigated: false @@ -18199,11 +18196,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18215,13 +18211,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://documentation.commvault.com/v11/essential/146231_security_vulnerability_and_reporting.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Cloud Tiering Appliance + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Concourse + product: Concourse cves: cve-2021-4104: investigated: false @@ -18229,11 +18225,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18245,13 +18240,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://github.com/concourse/concourse/discussions/7887 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Connectrix (Cisco MDS 9000 switches) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ConcreteCMS.com + product: '' cves: cve-2021-4104: investigated: false @@ -18259,11 +18254,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18275,13 +18269,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.concretecms.com/about/blog/security/concrete-log4j-zero-day-exploit notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Connectrix (Cisco MDS DCNM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Confluent + product: Confluent Cloud cves: cve-2021-4104: investigated: false @@ -18289,9 +18283,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - N/A unaffected_versions: [] cve-2021-45046: investigated: false @@ -18304,13 +18299,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Connectrix B-Series SANnav + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent ElasticSearch Sink Connector cves: cve-2021-4104: investigated: false @@ -18320,7 +18315,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2.1.1 + - <11.1.7 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -18334,13 +18329,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 3/31/2022 + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Connextrix B Series + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent for Kubernetes cves: cve-2021-4104: investigated: false @@ -18364,13 +18359,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: CyberSecIQ Application + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent Google DataProc Sink Connector cves: cve-2021-4104: investigated: false @@ -18379,10 +18374,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <1.1.5 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18394,13 +18389,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: CyberSense for PowerProtect Cyber Recovery + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent HDFS 2 Sink Connector cves: cve-2021-4104: investigated: false @@ -18409,10 +18404,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <10.1.3 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18424,13 +18419,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Data Domain OS + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent HDFS 3 Sink Connector cves: cve-2021-4104: investigated: false @@ -18440,7 +18435,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Versions between 7.3.0.5 and 7.7.0.6;Versions before 7.6.0.30 + - <1.1.8 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -18454,13 +18449,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-274 + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell BSAFE Crypto-C Micro Edition + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent Kafka Connectors cves: cve-2021-4104: investigated: false @@ -18484,13 +18479,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell BSAFE Crypto-J + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent Platform cves: cve-2021-4104: investigated: false @@ -18499,10 +18494,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <7.0.1 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18514,13 +18509,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell BSAFE Micro Edition Suite + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent Splunk Sink Connector cves: cve-2021-4104: investigated: false @@ -18529,10 +18524,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <2.05 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18544,13 +18539,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Calibration Assistant + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent VMWare Tanzu GemFire Sink Connector cves: cve-2021-4104: investigated: false @@ -18559,10 +18554,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <1.0.8 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18574,13 +18569,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Cinema Color + last_updated: '2021-12-17T00:00:00' + - vendor: Connect2id + product: '' cves: cve-2021-4104: investigated: false @@ -18588,11 +18583,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18604,13 +18598,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://connect2id.com/blog/connect2id-server-12-5-1 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Cloud Command Repository Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ConnectWise + product: '' cves: cve-2021-4104: investigated: false @@ -18618,11 +18612,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18634,13 +18627,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.connectwise.com/company/trust/advisories notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Cloud Management Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ContrastSecurity + product: '' cves: cve-2021-4104: investigated: false @@ -18648,11 +18641,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18664,13 +18656,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.contrastsecurity.com/hc/en-us/articles/4412612486548 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Color Management + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ControlUp + product: '' cves: cve-2021-4104: investigated: false @@ -18678,11 +18670,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18694,13 +18685,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://status.controlup.com/incidents/qqyvh7b1dz8k notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Command Configure + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: COPADATA + product: All cves: cve-2021-4104: investigated: false @@ -18708,11 +18699,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18724,13 +18714,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.copadata.com/fileadmin/user_upload/faq/files/InformationReport_CVE_2021_44228.pdf notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Command Integration Suite for System Center + last_updated: '2022-01-06T00:00:00' + - vendor: CouchBase + product: '' cves: cve-2021-4104: investigated: false @@ -18738,11 +18728,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18754,13 +18743,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Command Intel vPro Out of Band + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CPanel + product: '' cves: cve-2021-4104: investigated: false @@ -18768,11 +18757,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18784,13 +18772,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Command Monitor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cradlepoint + product: '' cves: cve-2021-4104: investigated: false @@ -18798,11 +18786,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18814,13 +18801,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://cradlepoint.com/vulnerability-alerts/cve-2021-44228-apache-log4j-security-vulnerabilities/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Command Power Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Crestron + product: '' cves: cve-2021-4104: investigated: false @@ -18828,11 +18815,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18844,13 +18830,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.crestron.com/Security/Security_Advisories/Apache-Log4j notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Command PowerShell Provider + last_updated: '2021-12-20T00:00:00' + - vendor: CrushFTP + product: '' cves: cve-2021-4104: investigated: false @@ -18858,11 +18844,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18874,13 +18859,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.crushftp.com/download.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Command Update + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CryptShare + product: '' cves: cve-2021-4104: investigated: false @@ -18888,11 +18873,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18904,13 +18888,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.cryptshare.com/en/support/cryptshare-support/#c67572 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Customer Connect + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CyberArk + product: Privileged Threat Analytics (PTA) cves: cve-2021-4104: investigated: false @@ -18920,9 +18904,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18934,13 +18918,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://cyberark-customers.force.com/s/article/Critical-Vulnerability-CVE-2021-44228 notes: '' references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Data Guardian* + - This advisory is available to customers only and has not been reviewed by + CISA. + last_updated: '2021-12-14T00:00:00' + - vendor: Cybereason + product: '' cves: cve-2021-4104: investigated: false @@ -18948,11 +18933,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18964,13 +18948,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Data Protection* + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CyberRes + product: '' cves: cve-2021-4104: investigated: false @@ -18978,11 +18962,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18994,13 +18977,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Data Recovery Environment + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Daktronics + product: All Sport Pro cves: cve-2021-4104: investigated: false @@ -19008,11 +18991,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19024,13 +19006,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Data Vault + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Dakronics Media Player cves: cve-2021-4104: investigated: false @@ -19042,7 +19024,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - DMP (any series) cve-2021-45046: investigated: false affected_versions: [] @@ -19054,13 +19036,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Data Vault for Chrome OS + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Dakronics Web Player cves: cve-2021-4104: investigated: false @@ -19068,11 +19050,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] + investigated: false + affected_versions: + - DWP-1000 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19084,13 +19066,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: DWP-1000 is not present in our codebase, but awaiting confirmation from + LG re webOS platform. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Deployment Agent + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Data Vision Software (DVS) cves: cve-2021-4104: investigated: false @@ -19098,11 +19081,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19114,13 +19096,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: DVS has one microservice that uses Log4j, but it uses a version that is + not impacted. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Digital Delivery + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Dynamic Messaging System (DMS) cves: cve-2021-4104: investigated: false @@ -19128,11 +19111,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19144,13 +19126,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Direct USB Key + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Dynamic Messaging System - DMS Core Player cves: cve-2021-4104: investigated: false @@ -19162,7 +19144,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - P10 cve-2021-45046: investigated: false affected_versions: [] @@ -19174,13 +19156,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Display Manager 1.5 for Windows / macOS + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Dynamic Messaging System - DMS Player hardware cves: cve-2021-4104: investigated: false @@ -19192,7 +19174,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - AMP-R200 + - AMP-R400 + - AMP-R800 + - AMP-SM100 + - AMP-SE100 + - AMP-SM200 + - AMP-SM400 cve-2021-45046: investigated: false affected_versions: [] @@ -19204,13 +19192,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Display Manager 2.0 for Windows / macOS + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Dynamic Messaging System - DMS Web Player cves: cve-2021-4104: investigated: false @@ -19218,11 +19206,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19234,13 +19221,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: DMS Web Player not present in our codebase, but awaiting confirmation from + LG re webOS platform. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC AppSync + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: IBoot - Dataprobe IBoot Devices cves: cve-2021-4104: investigated: false @@ -19252,7 +19240,11 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - A-3257 + - '3256' + - '2270' + - '2269' + - '1978' cve-2021-45046: investigated: false affected_versions: [] @@ -19264,13 +19256,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Avamar + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Outdoor Smartlink Devices cves: cve-2021-4104: investigated: false @@ -19279,39 +19271,16 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"18.2 19.1 19.2 19.3 19.4"' - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC BSN Controller Node - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - A-3189335 + - '3128' + - '3416' + - '3418' + - '3707' + - '3708' + - '3709' cve-2021-45046: investigated: false affected_versions: [] @@ -19323,13 +19292,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-305 + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Cloud Disaster Recovery + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Routers - Cisco Meraki Z3/Z3c Routers cves: cve-2021-4104: investigated: false @@ -19338,10 +19307,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - A-4036028 cve-2021-45046: investigated: false affected_versions: [] @@ -19353,13 +19322,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Cloudboost + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Routers - Cisco Z1 Routers cves: cve-2021-4104: investigated: false @@ -19371,7 +19340,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - A-3665 cve-2021-45046: investigated: false affected_versions: [] @@ -19383,13 +19352,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC CloudLink + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Routers - Sierra Wireless RV50x/RV50 cves: cve-2021-4104: investigated: false @@ -19397,11 +19366,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] + investigated: false + affected_versions: + - A-3350704 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19413,13 +19382,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Container Storage Modules + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Show Control System (SCS) cves: cve-2021-4104: investigated: false @@ -19427,11 +19396,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19443,13 +19411,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Data Computing Appliance (DCA) + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Vanguard cves: cve-2021-4104: investigated: false @@ -19457,11 +19425,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19473,13 +19440,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Data Protection Advisor + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Venus 1500 cves: cve-2021-4104: investigated: false @@ -19487,11 +19454,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19503,13 +19469,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Data Protection Central + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Venus Control Suite (VCS) cves: cve-2021-4104: investigated: false @@ -19532,13 +19498,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021- 269 + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Data Protection Search + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Video Image Processors cves: cve-2021-4104: investigated: false @@ -19547,10 +19513,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions before 19.5.0.7 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - VIP-5060/VIP-5160/VIP-4060 cve-2021-45046: investigated: false affected_versions: [] @@ -19562,13 +19528,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-279 + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC DataIQ + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Webcam - Mobotix cves: cve-2021-4104: investigated: false @@ -19580,7 +19546,9 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - A-2242 + - A-3127 + - A-3719 cve-2021-45046: investigated: false affected_versions: [] @@ -19592,13 +19560,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Disk Library for Mainframe + last_updated: '2022-01-06T00:00:00' + - vendor: DarkTrace + product: All cves: cve-2021-4104: investigated: false @@ -19606,11 +19574,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19622,13 +19589,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + - https://customerportal.darktrace.com/inside-the-soc/get-article/201 + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC ECS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Dassault Systèmes + product: All cves: cve-2021-4104: investigated: false @@ -19651,13 +19619,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + - https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Enterprise Storage Analytics for vRealize Operations + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Databricks + product: All cves: cve-2021-4104: investigated: false @@ -19665,9 +19634,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"<6.0.0 6.1.0 6.2.x"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -19681,25 +19649,29 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-278 + - https://docs.google.com/document/d/e/2PACX-1vREjwZk17BAHGwj5Phizi4DPFS9EIUbAMX-CswlgbFwqwKXNKZC8MrT-L6wUgfIChsSHtvd_QD3-659/pub + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC GeoDrive + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datadog + product: Datadog Agent cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '>=6.17.0' + - <=6.32.2 + - '>=7.17.0' + - <=7.32.2 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19711,24 +19683,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + - https://www.datadoghq.com/log4j-vulnerability/ + notes: JMX monitoring component leverages an impacted version of log4j. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Integrated System for Azure Stack HCI + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datadog + product: datadog-kafka-connect-logs cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true - affected_versions: - - N/A - fixed_versions: [] + affected_versions: [] + fixed_versions: + - < 1.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -19741,28 +19714,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Dell EMC Integrated System for Azure Stack HCI is not impacted by this - advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect - Gateway (SCG) were optionally installed with Dell EMC Integrated System for - Azure Stack HCI monitor the following advisories. Apply workaround guidance - and remediations as they become [available:](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + - https://www.datadoghq.com/log4j-vulnerability/ + notes: Version 1.0.2 of the library uses version 2.16.0 of Log4j. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Integrated System for Microsoft Azure Stack Hub + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datadog + product: datadog-lambda-java cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true - affected_versions: - - N/A - fixed_versions: [] + affected_versions: [] + fixed_versions: + - < 1.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -19775,13 +19745,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + - https://www.datadoghq.com/log4j-vulnerability/ + notes: Following AWS recommendation, library updated using the latest version + of amazon-lambda-java-log4j2 (1.4.0). references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Isilon InsightIQ + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Dataminer + product: All cves: cve-2021-4104: investigated: false @@ -19789,11 +19760,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19805,13 +19775,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://community.dataminer.services/responding-to-log4shell-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC License Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datev + product: '' cves: cve-2021-4104: investigated: false @@ -19819,11 +19789,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19835,13 +19804,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.datev-community.de/t5/Freie-Themen/Log4-J-Schwachstelle/m-p/258185/highlight/true#M14308 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Metro Node + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datto + product: All cves: cve-2021-4104: investigated: false @@ -19849,9 +19818,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 7.0.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -19865,43 +19833,46 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-308 + - https://www.datto.com/blog/dattos-response-to-log4shell + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC NetWorker Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: DBeaver + product: All cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true - affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + - https://www.dcache.org/post/log4j-vulnerability/ + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC NetWorker Virtual Edition + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: dCache.org + product: All cves: cve-2021-4104: investigated: false @@ -19909,9 +19880,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -19925,25 +19895,26 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + - https://www.dcache.org/post/log4j-vulnerability/ + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Networking Onie + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Debian + product: Apache-log4j.1.2 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - stretch, buster, bullseye cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - stretch, buster, bullseye cve-2021-45046: investigated: false affected_versions: [] @@ -19955,25 +19926,26 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://security-tracker.debian.org/tracker/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Networking Virtual Edge Platform with VersaOS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Debian + product: Apache-log4j2 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - stretch, buster, bullseye cve-2021-44228: - investigated: true - affected_versions: - - '"with Versa Concerto with Versa Analytics with Versa Concero Director"' + investigated: false + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - stretch, buster, bullseye cve-2021-45046: investigated: false affected_versions: [] @@ -19985,176 +19957,190 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-304 + - https://security-tracker.debian.org/tracker/CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC OpenManage Ansible Modules + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Decos + product: Cloud cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC OpenManage integration for Splunk + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: EvenementenAssistent + InkomensAssistent + Leerlingenvervoer + AIM online cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC OpenManage Integration for VMware vCenter + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: Fixi cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC OpenManage Management pack for vRealize Operations + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: Integrations (StUF/ZGW/Doclogic-DataIntegrator) cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge - Manager + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: JOIN Klant Contact cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC PowerFlex Appliance + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: JOIN Zaak &I Document (on-premise) cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true - affected_versions: - - '"All versions up to Intelligent Catalog 38_356_00_r10.zip All versions - up to Intelligent Catalog 38_362_00_r7.zip"' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -20167,24 +20153,26 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: The solution contains Elasticsearch (vulnerable). Mitigating actions available + on our WIKI. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC PowerFlex Rack + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: JOIN Zaak &I Document (on-premise) cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true - affected_versions: - - N/A - fixed_versions: [] + affected_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -20197,13 +20185,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: The SaaS hosted solution contains Logstash + Elasticsearch (vulnerable). + Mitigating actions taken. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC PowerFlex Software (SDS) + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Deepinstinct + product: All cves: cve-2021-4104: investigated: false @@ -20211,9 +20200,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"3.5 3.5.1 3.5.1.1 3.5.1.2 3.5.1.3 3.5.1.4 3.6 3.6.0.1 3.6.0.2"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -20227,35 +20215,38 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + - https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-what-you-need-to-know + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dell - product: Dell EMC PowerPath + product: Alienware Command Center cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -20263,29 +20254,32 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerPath Management Appliance + product: Alienware OC Controls cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -20293,29 +20287,32 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect Cyber Recovery + product: Alienware On Screen Display cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -20323,119 +20320,131 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect Data Manager + product: Alienware Update cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true - affected_versions: - - All versions 19.9 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect DP Series Appliance (iDPA) + product: APEX Console cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true - affected_versions: - - 2.7.0 and earlier - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: Cloud environment patched. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerScale OneFS + product: APEX Data Storage Services cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Cloud environment patch in progress. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for PowerMax + product: Atmos cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -20443,29 +20452,32 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for Powerstore + product: Avamar vproxy cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -20473,29 +20485,32 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for Unity + product: CalMAN Powered Calibration Firmware cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -20503,58 +20518,65 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerStore + product: CalMAN Ready for Dell cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerVault MD3 Series Storage Arrays + product: Centera cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -20562,29 +20584,32 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerVault ME4 Series Storage Arrays + product: Chameleon Linux Based Diagnostics cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -20592,67 +20617,74 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC RecoverPoint Classic + product: Chassis Management Controller (CMC) cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true - affected_versions: - - All 5.1.x and later versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC RecoverPoint for Virtual Machine + product: China HDD Deluxe cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true - affected_versions: - - All 5.0.x and later versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Repository Manager (DRM) + product: Client Platforms (Latitude, OptiPlex, Alienware, Inspiron, Precision, + XPS, Vostro, ChengMing) BIOS cves: cve-2021-4104: investigated: false @@ -20664,7 +20696,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20682,116 +20714,131 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus SmartZone 100 Controller + product: Cloud IQ cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: Cloud environment patched. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus SmartZone 300 Controller + product: Cloud Mobility for Dell EMC Storage cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus Virtual Software + product: Cloud Tiering Appliance cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC SourceOne + product: CloudIQ Collector cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -20799,155 +20846,164 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC SRM vApp + product: Common Event Enabler cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true - affected_versions: - - Versions before 4.6.0.2 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/25/2022 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Streaming Data Platform + product: Connectrix (Cisco MDS 9000 switches) cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Systems Update (DSU) + product: Connectrix (Cisco MDS DCNM) cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: Versions prior to 11.5(1x) fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/23/21. references: - - '' + - '[DSA-2021-302](https://www.dell.com/support/kbdoc/en-us/000194797/dsa-2021-302-dell-connectrix-mds-dcnm-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Unisphere 360 + product: Connectrix B-Series SANnav cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.1.1 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 2/28/2022. references: - - '' + - '[DSA-2021-266](https://www.dell.com/support/kbdoc/en-us/000194461/dsa-2021-266-dell-emc-connectrix-b-series-sannav-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Unity + product: Connextrix B Series cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/29/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Virtual Storage Integrator + product: CyberSecIQ Application cves: cve-2021-4104: investigated: false @@ -20959,7 +21015,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20977,7 +21033,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC VPLEX + product: CyberSense for PowerProtect Cyber Recovery cves: cve-2021-4104: investigated: false @@ -20989,7 +21045,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21007,7 +21063,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC VxRail + product: Data Domain OS cves: cve-2021-4104: investigated: false @@ -21017,7 +21073,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"4.5.x 4.7.x 7.0.x"' + - Versions from 7.3.0.5 to 7.7.0.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -21032,12 +21088,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-274 references: - - '' + - '[DSA-2021-274](https://www.dell.com/support/kbdoc/en-us/000194503/dsa-2021-274-dell-emc-data-domain-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC XtremIO + product: Dell BSAFE Crypto-C Micro Edition cves: cve-2021-4104: investigated: false @@ -21049,7 +21105,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21067,7 +21123,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Encryption Enterprise* + product: Dell BSAFE Crypto-J cves: cve-2021-4104: investigated: false @@ -21079,7 +21135,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21097,7 +21153,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Encryption Personal* + product: Dell BSAFE Micro Edition Suite cves: cve-2021-4104: investigated: false @@ -21109,7 +21165,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21127,7 +21183,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Endpoint Security Suite Enterprise* + product: Dell Calibration Assistant cves: cve-2021-4104: investigated: false @@ -21139,7 +21195,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21157,7 +21213,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Hybrid Client + product: Dell Cinema Color cves: cve-2021-4104: investigated: false @@ -21169,7 +21225,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21187,7 +21243,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell ImageAssist + product: Dell Cloud Command Repository Manager cves: cve-2021-4104: investigated: false @@ -21199,7 +21255,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21217,7 +21273,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Insights Client + product: Dell Cloud Management Agent cves: cve-2021-4104: investigated: false @@ -21229,7 +21285,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21247,7 +21303,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Linux Assistant + product: Dell Color Management cves: cve-2021-4104: investigated: false @@ -21259,7 +21315,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21277,7 +21333,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Mobile Connect + product: Dell Command Configure cves: cve-2021-4104: investigated: false @@ -21289,7 +21345,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21307,7 +21363,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Monitor ISP (Windows/Mac/Linux) + product: Dell Command Integration Suite for System Center cves: cve-2021-4104: investigated: false @@ -21319,7 +21375,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21337,7 +21393,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Monitor SDK + product: Dell Command Intel vPro Out of Band cves: cve-2021-4104: investigated: false @@ -21349,7 +21405,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21367,7 +21423,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Networking X-Series + product: Dell Command Monitor cves: cve-2021-4104: investigated: false @@ -21379,7 +21435,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21397,7 +21453,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Mobile + product: Dell Command Power Manager cves: cve-2021-4104: investigated: false @@ -21409,7 +21465,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21427,7 +21483,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Server Administrator + product: Dell Command PowerShell Provider cves: cve-2021-4104: investigated: false @@ -21439,7 +21495,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21457,7 +21513,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Management Enterprise - Modular + product: Dell Command Update cves: cve-2021-4104: investigated: false @@ -21466,10 +21522,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <1.40.10 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21482,12 +21538,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-268 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Change Management + product: Dell Customer Connect cves: cve-2021-4104: investigated: false @@ -21499,7 +21555,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21517,7 +21573,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Enterprise Power Manager Plugin + product: Dell Data Guardian* cves: cve-2021-4104: investigated: false @@ -21529,7 +21585,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21547,7 +21603,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Optimizer + product: Dell Data Protection* cves: cve-2021-4104: investigated: false @@ -21559,7 +21615,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21577,7 +21633,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OS Recovery Tool + product: Dell Data Recovery Environment cves: cve-2021-4104: investigated: false @@ -21589,7 +21645,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21607,7 +21663,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Peripheral Manager 1.4 / 1.5 for Windows + product: Dell Data Vault cves: cve-2021-4104: investigated: false @@ -21619,7 +21675,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21637,7 +21693,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Platform Service + product: Dell Data Vault for Chrome OS cves: cve-2021-4104: investigated: false @@ -21649,7 +21705,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21667,7 +21723,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Power Manager + product: Dell Deployment Agent cves: cve-2021-4104: investigated: false @@ -21679,7 +21735,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21697,7 +21753,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Power Manager Lite + product: Dell Digital Delivery cves: cve-2021-4104: investigated: false @@ -21709,7 +21765,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21727,7 +21783,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Precision Optimizer + product: Dell Direct USB Key cves: cve-2021-4104: investigated: false @@ -21739,7 +21795,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21757,7 +21813,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Precision Optimizer for Linux + product: Dell Display Manager 1.5 for Windows / macOS cves: cve-2021-4104: investigated: false @@ -21769,7 +21825,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21787,7 +21843,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Premier Color + product: Dell Display Manager 2.0 for Windows / macOS cves: cve-2021-4104: investigated: false @@ -21799,7 +21855,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21817,7 +21873,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Recovery (Linux) + product: Dell EMC AppSync cves: cve-2021-4104: investigated: false @@ -21829,7 +21885,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21847,7 +21903,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Remediation Platform + product: Dell EMC Avamar cves: cve-2021-4104: investigated: false @@ -21856,10 +21912,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '18.2' + - '19.1' + - '19.2' + - '19.3' + - '19.4' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21872,12 +21932,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21. references: - - '' + - '[DSA-2021-277](https://www.dell.com/support/kbdoc/en-us/000194480/dsa-2021-277-dell-emc-avamar-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Remote Execution Engine (DRONE) + product: Dell EMC BSN Controller Node cves: cve-2021-4104: investigated: false @@ -21887,9 +21947,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21902,12 +21962,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-305 references: - - '' + - '[DSA-2021-305](https://www.dell.com/support/kbdoc/en-us/000194631/dsa-2021-305-dell-emc-bsn-controller-node-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Security Advisory Update - DSA-2021-088 + product: Dell EMC Cloud Disaster Recovery cves: cve-2021-4104: investigated: false @@ -21916,10 +21976,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions from 19.6 and later fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21932,12 +21992,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - - '' + - '[DSA-2021-289](https://www.dell.com/support/kbdoc/en-us/000194663/dsa-2021-289-dell-emc-cloud-disaster-recovery-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Security Management Server & Dell Security Management Server Virtual* + product: Dell EMC Cloudboost cves: cve-2021-4104: investigated: false @@ -21949,7 +22009,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21967,7 +22027,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell SupportAssist SOS + product: Dell EMC CloudLink cves: cve-2021-4104: investigated: false @@ -21979,7 +22039,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21997,7 +22057,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Thin OS + product: Dell EMC Container Storage Modules cves: cve-2021-4104: investigated: false @@ -22009,7 +22069,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22027,7 +22087,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Threat Defense + product: Dell EMC Data Computing Appliance (DCA) cves: cve-2021-4104: investigated: false @@ -22039,7 +22099,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22057,7 +22117,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell True Color + product: Dell EMC Data Protection Advisor cves: cve-2021-4104: investigated: false @@ -22067,9 +22127,16 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - 18.x (or earlier) -standalone DPA is EOSL + - 18.2.x (IDPA) + - 19.1.x + - 19.2.x + - 19.3.x + - 19.4.x + - 19.5.x + - 19.6.0 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22084,10 +22151,10 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - - '' + - '[DSA-2021-309](https://www.dell.com/support/kbdoc/en-us/000194651/dsa-2021-309-dell-emc-dpa-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Trusted Device + product: Dell EMC Data Protection Central cves: cve-2021-4104: investigated: false @@ -22097,9 +22164,10 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - 18.2.x-19.4.x + - 19.5.0-19.5.0.7 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22112,12 +22180,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-269 references: - - '' + - '[DSA-2021-269](https://www.dell.com/support/kbdoc/en-us/000194557/dsa-2021-269-dell-emc-data-protection-central-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Update + product: Dell EMC Data Protection Search cves: cve-2021-4104: investigated: false @@ -22126,10 +22194,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions before 19.6 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22142,12 +22210,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-279 references: - - '' + - '[DSA-2021-279](https://www.dell.com/support/kbdoc/en-us/000194629/dsa-2021-279-dell-emc-data-protection-search-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DellEMC OpenManage Enterprise Services + product: Dell EMC DataIQ cves: cve-2021-4104: investigated: false @@ -22155,10 +22223,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22171,12 +22240,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dream Catcher + product: Dell EMC Disk Library for Mainframe cves: cve-2021-4104: investigated: false @@ -22188,7 +22257,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22206,7 +22275,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DUP Creation Service + product: Dell EMC Enterprise Storage Analytics for vRealize Operations cves: cve-2021-4104: investigated: false @@ -22215,10 +22284,12 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <6.0.0 + - 6.1.0 + - 6.2.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22231,12 +22302,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-278 references: - - '' + - '[DSA-2021-278](https://www.dell.com/support/kbdoc/en-us/000194488/dsa-2021-278)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DUP Framework (ISG) + product: Dell EMC GeoDrive cves: cve-2021-4104: investigated: false @@ -22248,7 +22319,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22266,7 +22337,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Embedded NAS + product: Dell EMC Integrated System for Azure Stack HCI cves: cve-2021-4104: investigated: false @@ -22275,10 +22346,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22291,12 +22362,15 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Dell EMC Integrated System for Azure Stack HCI is not impacted by this + advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect + Gateway (SCG) were optionally installed with Dell EMC Integrated System for + Azure Stack HCI monitor the following advisories. See DSA-2021-307. references: - - '' + - '[DSA-2021-307](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Embedded Service Enabler + product: Dell EMC Integrated System for Microsoft Azure Stack Hub cves: cve-2021-4104: investigated: false @@ -22305,10 +22379,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22321,12 +22395,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 2022-01-31. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Enterprise Hybrid Cloud + product: Dell EMC Isilon InsightIQ cves: cve-2021-4104: investigated: false @@ -22334,10 +22408,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22350,12 +22425,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '[link](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Equallogic PS + product: Dell EMC License Manager cves: cve-2021-4104: investigated: false @@ -22367,7 +22442,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22385,7 +22460,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Fluid FS + product: Dell EMC Metro Node cves: cve-2021-4104: investigated: false @@ -22394,10 +22469,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions before 7.0.1 P2 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22410,12 +22485,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-308 references: - - '' + - '[DSA-2021-308](https://www.dell.com/support/kbdoc/en-us/000194630/dsa-2021)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: iDRAC Service Module (iSM) + product: Dell EMC NetWorker cves: cve-2021-4104: investigated: false @@ -22424,10 +22499,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 19.4.x + - 19.5.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22440,12 +22516,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - - '' + - '[DSA-2021-280](https://www.dell.com/support/kbdoc/en-us/000194541/dsa-2021-280-dell-emc-networker-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Infinity MLK (firmware) + product: Dell EMC NetWorker VE cves: cve-2021-4104: investigated: false @@ -22454,10 +22530,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 19.4.x + - 19.5.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22470,12 +22547,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - - '' + - '[DSA-2021-280](https://www.dell.com/support/kbdoc/en-us/000194541/dsa-2021-280-dell-emc-networker-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Integrated Dell Remote Access Controller (iDRAC) + product: Dell EMC Networking Onie cves: cve-2021-4104: investigated: false @@ -22487,7 +22564,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22505,7 +22582,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ISG Accelerators + product: Dell EMC Networking Virtual Edge Platform with VersaOS cves: cve-2021-4104: investigated: false @@ -22517,7 +22594,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22535,7 +22612,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ISG Board & Electrical + product: Dell EMC OpenManage Ansible Modules cves: cve-2021-4104: investigated: false @@ -22547,7 +22624,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22565,7 +22642,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: IsilonSD Management Server + product: Dell EMC OpenManage Enterprise Services cves: cve-2021-4104: investigated: false @@ -22574,10 +22651,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Version 1.2 and earlier fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22590,12 +22667,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - - '' + - '[DSA-2021-276](https://www.dell.com/support/kbdoc/en-us/000194652/dsa-2021-276-dell-emc-openmanage-enterprise-services-security-update-for-apache-log4j-remote-code-execution-vulnerabilities-cve-2021-44228-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: IVE-WinDiag + product: Dell EMC OpenManage integration for Splunk cves: cve-2021-4104: investigated: false @@ -22607,7 +22684,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22625,7 +22702,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Mainframe Enablers + product: Dell EMC OpenManage Integration for VMware vCenter cves: cve-2021-4104: investigated: false @@ -22637,7 +22714,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22655,7 +22732,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: My Dell + product: Dell EMC OpenManage Management pack for vRealize Operations cves: cve-2021-4104: investigated: false @@ -22667,7 +22744,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22685,7 +22762,8 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: MyDell Mobile + product: Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge + Manager cves: cve-2021-4104: investigated: false @@ -22697,7 +22775,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22715,7 +22793,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: NetWorker Management Console + product: Dell EMC PowerFlex Appliance cves: cve-2021-4104: investigated: false @@ -22724,10 +22802,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22740,12 +22818,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-293. references: - - '' + - '[DSA-2021-293](https://www.dell.com/support/kbdoc/en-us/000194579/dsa-2021-293-dell-powerflex-appliance-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking BIOS + product: Dell EMC PowerFlex Rack cves: cve-2021-4104: investigated: false @@ -22754,10 +22832,13 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - RCM 3.3 train - all versions up to 3.3.11.0 + - RCM 3.4 train - all versions up to 3.4.6.0 + - RCM 3.5 train - all versions up to 3.5.6.0 + - RCM 3.6 train - all versions up to 3.6.2.0 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22770,12 +22851,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-292. references: - - '' + - '[DSA-2021-292](https://www.dell.com/support/kbdoc/en-us/000194578/dsa-2021-292-dell-powerflex-rack-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking DIAG + product: Dell EMC PowerFlex Software (SDS) cves: cve-2021-4104: investigated: false @@ -22784,10 +22865,18 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '3.5' + - 3.5.1 + - 3.5.1.1 + - 3.5.1.2 + - 3.5.1.3 + - 3.5.1.4 + - '3.6' + - 3.6.0.1 + - 3.6.0.2 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22800,12 +22889,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-272. references: - - '' + - '[DSA-2021-272](https://www.dell.com/support/kbdoc/en-us/000194548/dsa-2021-272-dell-powerflex-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking N-Series + product: Dell EMC PowerPath cves: cve-2021-4104: investigated: false @@ -22817,7 +22906,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22835,7 +22924,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS 10 + product: Dell EMC PowerPath Management Appliance cves: cve-2021-4104: investigated: false @@ -22847,7 +22936,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22865,7 +22954,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS9 + product: Dell EMC PowerProtect Cyber Recovery cves: cve-2021-4104: investigated: false @@ -22877,7 +22966,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22895,7 +22984,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking SD-WAN Edge SD-WAN + product: Dell EMC PowerProtect Data Manager cves: cve-2021-4104: investigated: false @@ -22904,10 +22993,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true + affected_versions: + - All versions 19.9 and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-286. + references: + - '[DSA-2021-286](https://www.dell.com/support/kbdoc/en-us/000194549/dsa-2021-286-dell-emc-power-protect-data-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC PowerProtect DP Series Appliance (iDPA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.7.0 and earlier + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22920,12 +23039,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA 2021-285. references: - - '' + - '[DSA-2021-285](https://www.dell.com/support/kbdoc/en-us/000194532/dsa-2021-285-dell-emc-integrated-data-protection-appliance-powerprotect-dp-series-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking W-Series + product: Dell EMC PowerScale OneFS cves: cve-2021-4104: investigated: false @@ -22937,7 +23056,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22955,7 +23074,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking X-Series + product: Dell EMC PowerShell for PowerMax cves: cve-2021-4104: investigated: false @@ -22967,7 +23086,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22985,7 +23104,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OMIMSSC (OpenManage Integration for Microsoft System Center) + product: Dell EMC PowerShell for Powerstore cves: cve-2021-4104: investigated: false @@ -22997,7 +23116,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23015,7 +23134,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OMNIA + product: Dell EMC PowerShell for Unity cves: cve-2021-4104: investigated: false @@ -23027,7 +23146,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23045,7 +23164,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Connections - Nagios + product: Dell EMC PowerStore cves: cve-2021-4104: investigated: false @@ -23054,10 +23173,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions before 2.0.1.3-1538564 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23070,12 +23189,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-295. references: - - '' + - '[DSA-2021-295](https://www.dell.com/support/kbdoc/en-us/000194739/dsa-2021-295-dell-emc-powerstore-family-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Connections - ServiceNow + product: Dell EMC PowerSwitch Z9264F-ON BMC cves: cve-2021-4104: investigated: false @@ -23087,7 +23206,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23105,37 +23224,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Enterprise - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: OpenManage Integration for Microsoft System Center for System Center - Operations Manager + product: Dell EMC PowerSwitch Z9432F-ON BMC cves: cve-2021-4104: investigated: false @@ -23147,7 +23236,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23165,7 +23254,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Integration with Microsoft Windows Admin Center + product: Dell EMC PowerVault ME4 Series Storage Arrays cves: cve-2021-4104: investigated: false @@ -23177,7 +23266,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23195,7 +23284,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Network Integration + product: Dell EMC RecoverPoint cves: cve-2021-4104: investigated: false @@ -23204,40 +23293,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: PowerConnect N3200 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -23250,12 +23309,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA 2021-284. references: - - '' + - '[DSA 2021-284](https://www.dell.com/support/kbdoc/en-us/000194531/dsa-2021-284-dell-emc-recoverpoint-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect PC2800 + product: Dell EMC Repository Manager (DRM) cves: cve-2021-4104: investigated: false @@ -23267,7 +23326,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23285,7 +23344,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect PC8100 + product: Dell EMC Ruckus SmartZone 100 Controller cves: cve-2021-4104: investigated: false @@ -23295,39 +23354,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: PowerEdge BIOS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -23340,12 +23369,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - - '' + - '[DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerEdge Operating Systems + product: Dell EMC Ruckus SmartZone 300 Controller cves: cve-2021-4104: investigated: false @@ -23355,9 +23384,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23370,12 +23399,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - - '' + - '[DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerTools Agent + product: Dell EMC Ruckus Virtual Software cves: cve-2021-4104: investigated: false @@ -23385,9 +23414,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23400,12 +23429,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - - '' + - '[DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PPDM Kubernetes cProxy + product: Dell EMC SourceOne cves: cve-2021-4104: investigated: false @@ -23417,7 +23446,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23435,7 +23464,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PPDM VMware vProxy + product: Dell EMC SRM cves: cve-2021-4104: investigated: false @@ -23445,9 +23474,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - Versions before 4.6.0.2 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23460,12 +23489,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-301. references: - - '' + - '[DSA-2021-301](https://www.dell.com/support/kbdoc/en-us/000194613/dsa-2021-301)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Redtail + product: Dell EMC Streaming Data Platform cves: cve-2021-4104: investigated: false @@ -23474,10 +23503,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '1.1' + - '1.2' + - 1.2 HF1 + - '1.3' + - 1.3.1 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23490,12 +23523,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-297. references: - - '' + - '[DSA-2021-297](https://www.dell.com/support/kbdoc/en-us/000194627/dsa-2021-297-dell-emc-streaming-data-platform-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Remotely Anywhere + product: Dell EMC Systems Update (DSU) cves: cve-2021-4104: investigated: false @@ -23507,7 +23540,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23525,7 +23558,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Riptide (firmware) + product: Dell EMC Unisphere 360 cves: cve-2021-4104: investigated: false @@ -23537,7 +23570,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23555,7 +23588,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Rugged Control Center (RCC) + product: Dell EMC Unity cves: cve-2021-4104: investigated: false @@ -23565,9 +23598,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23580,12 +23613,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-294. references: - - '' + - '[DSA-2021-294](https://www.dell.com/support/kbdoc/en-us/000194826/dsa-2021-294-dell-emc-unity-dell-emc-unityvsa-and-dell-emc-unity-xt-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SD ROM Utility + product: Dell EMC Virtual Storage Integrator cves: cve-2021-4104: investigated: false @@ -23597,7 +23630,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23615,7 +23648,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SDNAS + product: Dell EMC VPLEX cves: cve-2021-4104: investigated: false @@ -23627,7 +23660,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23645,7 +23678,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Secure Connect Gateway (SCG) Appliance + product: Dell EMC vProtect cves: cve-2021-4104: investigated: false @@ -23655,7 +23688,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)"' + - 19.5-19.9 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -23670,12 +23703,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-282 + notes: See DSA-2022-007. references: - - '' + - '[DSA-2022-007](https://www.dell.com/support/kbdoc/en-us/000195003/title-dsa-2022-007-dell-emc-vprotect-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Secure Connect Gateway (SCG) Policy Manager + product: Dell EMC VxRail cves: cve-2021-4104: investigated: false @@ -23685,39 +23718,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"5.00.00.10 5.00.05.10"' - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-281 - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Server Storage - cves: - cve-2021-4104: - investigated: false - affected_versions: [] + - 4.5.x + - 4.7.x + - 7.0.x fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -23730,12 +23735,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-265. references: - - '' + - '[DSA-2021-265](https://www.dell.com/support/kbdoc/en-us/000194466/dsa-2021-265-dell-emc-vxrail-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Smart Fabric Storage Software + product: Dell EMC XC cves: cve-2021-4104: investigated: false @@ -23744,40 +23749,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: SmartByte - cves: - cve-2021-4104: - investigated: false - affected_versions: [] + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -23790,12 +23765,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-311. references: - - '' + - '[DSA-2021-311](https://www.dell.com/support/kbdoc/en-us/000194822/dsa-2021-311-dell-emc-xc-series-and-core-appliance-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SMI-S + product: Dell EMC XtremIO cves: cve-2021-4104: investigated: false @@ -23807,7 +23782,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23825,7 +23800,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Software RAID + product: Dell Encryption Enterprise* cves: cve-2021-4104: investigated: false @@ -23837,7 +23812,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23855,7 +23830,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Solutions Enabler + product: Dell Encryption Personal* cves: cve-2021-4104: investigated: false @@ -23867,7 +23842,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23885,7 +23860,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Solutions Enabler vApp + product: Dell Endpoint Security Suite Enterprise* cves: cve-2021-4104: investigated: false @@ -23897,7 +23872,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23915,7 +23890,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Sonic + product: Dell Hybrid Client cves: cve-2021-4104: investigated: false @@ -23927,7 +23902,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23945,37 +23920,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SRS Policy Manager - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - '7' - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: SRS VE + product: Dell ImageAssist cves: cve-2021-4104: investigated: false @@ -23987,7 +23932,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24005,36 +23950,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Storage Center - Dell Storage Manager - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Storage Center OS and additional SC applications unless otherwise noted + product: Dell Insights Client cves: cve-2021-4104: investigated: false @@ -24046,7 +23962,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24064,7 +23980,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SupportAssist Client Commercial + product: Dell Linux Assistant cves: cve-2021-4104: investigated: false @@ -24076,7 +23992,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24094,7 +24010,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SupportAssist Client Consumer + product: Dell Memory Solutions cves: cve-2021-4104: investigated: false @@ -24106,7 +24022,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24124,36 +24040,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SupportAssist Enterprise - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: UCC Edge + product: Dell Mobile Connect cves: cve-2021-4104: investigated: false @@ -24165,7 +24052,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24183,36 +24070,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere Central - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/10/2022 - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Unisphere for PowerMax + product: Dell Monitor ISP (Windows/Mac/Linux) cves: cve-2021-4104: investigated: false @@ -24224,7 +24082,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24242,7 +24100,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for PowerMax vApp + product: Dell Monitor SDK cves: cve-2021-4104: investigated: false @@ -24254,7 +24112,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24272,7 +24130,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for VMAX + product: Dell Networking X-Series cves: cve-2021-4104: investigated: false @@ -24284,7 +24142,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24302,7 +24160,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for VNX + product: Dell OpenManage Change Management cves: cve-2021-4104: investigated: false @@ -24314,7 +24172,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24332,7 +24190,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Update Manager Plugin + product: Dell OpenManage Enterprise cves: cve-2021-4104: investigated: false @@ -24341,37 +24199,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Vblock - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] + affected_versions: + - Versions before 3.8.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -24386,12 +24215,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending See vce6771 (requires customer login) + notes: See DSA-2021-275 references: - - '' + - '[DSA-2021-275](https://www.dell.com/support/kbdoc/en-us/000194638/dsa-2021-275-dell-emc-openmanage-enterprise-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ViPR Controller + product: Dell OpenManage Enterprise CloudIQ plugin cves: cve-2021-4104: investigated: false @@ -24403,7 +24232,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24421,7 +24250,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VMware vRealize Automation 8.x + product: Dell OpenManage Enterprise Modular cves: cve-2021-4104: investigated: false @@ -24431,7 +24260,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + - Versions before 1.40.10 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -24446,12 +24275,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: See DSA-2021-268 references: - - '' + - '[DSA-2021-268](https://www.dell.com/support/kbdoc/en-us/000194625/dsa-2021-268-dell-emc-openmanage-enterprise-modular-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VMware vRealize Orchestrator 8.x + product: Dell OpenManage Enterprise Power Manager plugin cves: cve-2021-4104: investigated: false @@ -24460,10 +24289,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24476,12 +24305,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNX1 + product: Dell OpenManage Mobile cves: cve-2021-4104: investigated: false @@ -24493,7 +24322,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24511,7 +24340,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNX2 + product: Dell OpenManage Server Administrator cves: cve-2021-4104: investigated: false @@ -24523,7 +24352,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24541,7 +24370,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNXe 1600 + product: Dell Optimizer cves: cve-2021-4104: investigated: false @@ -24550,10 +24379,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions 3.1.16.10220572 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24566,12 +24395,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNXe 3200 + product: Dell OS Recovery Tool cves: cve-2021-4104: investigated: false @@ -24580,10 +24409,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 3.1.15.10216415 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24596,12 +24425,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VPLEX VS2/VS6 / VPLEX Witness + product: Dell Peripheral Manager 1.4 / 1.5 for Windows cves: cve-2021-4104: investigated: false @@ -24613,7 +24442,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24631,7 +24460,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Data Protection Extension Data Management + product: Dell Platform Service cves: cve-2021-4104: investigated: false @@ -24639,10 +24468,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24655,12 +24485,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Data Protection Extension for vRealize Automation (vRA) 8.x + product: Dell Power Manager cves: cve-2021-4104: investigated: false @@ -24669,10 +24499,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"version 19.6 version 19.7 version 19.8 and version 19.9"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24685,12 +24515,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage + product: Dell Power Manager Lite cves: cve-2021-4104: investigated: false @@ -24699,10 +24529,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Various + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24715,12 +24545,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRO Plugin for Dell EMC PowerMax + product: Dell Precision Optimizer cves: cve-2021-4104: investigated: false @@ -24729,10 +24559,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 1.2.3 or earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24745,12 +24575,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRO Plugin for Dell EMC PowerScale + product: Dell Precision Optimizer for Linux cves: cve-2021-4104: investigated: false @@ -24759,10 +24589,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 1.1.0 or earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24775,12 +24605,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRO Plugin for Dell EMC PowerStore + product: Dell Premier Color cves: cve-2021-4104: investigated: false @@ -24789,10 +24619,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 1.1.4 or earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24805,12 +24635,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRO Plugin for Dell EMC Unity + product: Dell Recovery (Linux) cves: cve-2021-4104: investigated: false @@ -24819,10 +24649,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 1.0.6 or earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24835,12 +24665,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRO Plugin for Dell EMC XtremIO + product: Dell Remediation Platform cves: cve-2021-4104: investigated: false @@ -24849,10 +24679,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 4.1.2 or earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24865,12 +24695,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Vsan Ready Nodes + product: Dell Remote Execution Engine (DRONE) cves: cve-2021-4104: investigated: false @@ -24882,7 +24712,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24900,7 +24730,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VxBlock + product: Dell Security Advisory Update - DSA-2021-088 cves: cve-2021-4104: investigated: false @@ -24908,10 +24738,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24924,12 +24755,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Patch pending See vce6771 (requires customer login) "' + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Warnado MLK (firmware) + product: Dell Security Management Server & Dell Security Management Server Virtual* cves: cve-2021-4104: investigated: false @@ -24941,7 +24772,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24959,7 +24790,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Wyse Management Suite + product: Dell SupportAssist SOS cves: cve-2021-4104: investigated: false @@ -24968,10 +24799,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <3.5 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24984,12 +24815,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-267 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Wyse Proprietary OS (ThinOS) + product: Dell Thin OS cves: cve-2021-4104: investigated: false @@ -25001,7 +24832,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25019,7 +24850,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Wyse Windows Embedded Suite + product: Dell Threat Defense cves: cve-2021-4104: investigated: false @@ -25031,7 +24862,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25048,8 +24879,8 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Deltares - product: Delft-FEWS + - vendor: Dell + product: Dell True Color cves: cve-2021-4104: investigated: false @@ -25059,9 +24890,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '>2018.02' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25073,13 +24904,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://publicwiki.deltares.nl/display/FEWSDOC/Delft-FEWS+and+Log4J+vulnerability - notes: Mitigations Only + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Denequa - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Trusted Device cves: cve-2021-4104: investigated: false @@ -25087,10 +24918,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25102,13 +24934,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://denequa.de/log4j-information.html + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Device42 - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Update cves: cve-2021-4104: investigated: false @@ -25116,10 +24948,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25131,13 +24964,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.device42.com/2021/12/13/log4j-zero-day/ + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Devolutions - product: All products + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dream Catcher cves: cve-2021-4104: investigated: false @@ -25145,10 +24978,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25160,13 +24994,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/ + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Diebold Nixdorf - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: DUP Creation Service cves: cve-2021-4104: investigated: false @@ -25174,10 +25008,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25189,13 +25024,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dieboldnixdorf.com/en-us/apache + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Digi International - product: AnywhereUSB Manager + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: DUP Framework (ISG) cves: cve-2021-4104: investigated: false @@ -25203,10 +25038,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25218,13 +25054,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: ARMT + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: ECS cves: cve-2021-4104: investigated: false @@ -25232,9 +25068,15 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.3.x + - 3.4.x + - 3.5.x + - 3.6.0.x + - 3.6.1.x + - 3.6.2.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -25247,13 +25089,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-273. references: - - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Aview + - '[DSA-2021-273](https://www.dell.com/support/kbdoc/en-us/000194612/dsa-2021-273-dell-emc-ecs-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Embedded NAS cves: cve-2021-4104: investigated: false @@ -25261,10 +25103,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25276,13 +25119,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: AVWOB + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Embedded Service Enabler cves: cve-2021-4104: investigated: false @@ -25290,10 +25133,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25305,13 +25149,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: CTEK G6200 family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Enterprise Hybrid Cloud cves: cve-2021-4104: investigated: false @@ -25319,10 +25163,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25334,13 +25179,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-270. references: - - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: CTEK SkyCloud + - '[DSA-2021-270](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Equallogic PS cves: cve-2021-4104: investigated: false @@ -25348,10 +25193,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25363,13 +25209,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: CTEK Z45 family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Fluid FS cves: cve-2021-4104: investigated: false @@ -25377,10 +25223,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25392,13 +25239,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi 54xx family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: iDRAC Service Module (iSM) cves: cve-2021-4104: investigated: false @@ -25406,10 +25253,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25421,13 +25269,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi 63xx family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Infinity MLK (firmware) cves: cve-2021-4104: investigated: false @@ -25435,10 +25283,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25450,13 +25299,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi AnywhereUSB (G2) family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Integrated Dell Remote Access Controller (iDRAC) cves: cve-2021-4104: investigated: false @@ -25464,10 +25313,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25479,13 +25329,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi AnywhereUSB Plus family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: ISG Accelerators cves: cve-2021-4104: investigated: false @@ -25493,10 +25343,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25508,13 +25359,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Connect EZ family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: ISG Board & Electrical cves: cve-2021-4104: investigated: false @@ -25522,10 +25373,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25537,13 +25389,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Connect family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: ISG Drive & Storage Media cves: cve-2021-4104: investigated: false @@ -25551,10 +25403,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25566,13 +25419,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Connect IT family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: IsilonSD Management Server cves: cve-2021-4104: investigated: false @@ -25580,10 +25433,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25595,13 +25449,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Connect Sensor family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: IVE-WinDiag cves: cve-2021-4104: investigated: false @@ -25609,10 +25463,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25624,13 +25479,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Connect WS family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Mainframe Enablers cves: cve-2021-4104: investigated: false @@ -25638,10 +25493,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25653,13 +25509,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi ConnectPort family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: MDS cves: cve-2021-4104: investigated: false @@ -25667,10 +25523,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25682,13 +25539,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi ConnectPort LTS family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: My Dell cves: cve-2021-4104: investigated: false @@ -25696,10 +25553,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25711,13 +25569,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Embedded Android + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: MyDell Mobile cves: cve-2021-4104: investigated: false @@ -25725,10 +25583,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25740,13 +25599,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Embedded Yocto + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: NetWorker Management Console cves: cve-2021-4104: investigated: false @@ -25754,10 +25613,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25769,13 +25629,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi EX routers + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Networking BIOS cves: cve-2021-4104: investigated: false @@ -25783,10 +25643,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25798,13 +25659,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi IX routers + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Networking DIAG cves: cve-2021-4104: investigated: false @@ -25812,10 +25673,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25827,13 +25689,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi LR54 + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Networking N-Series cves: cve-2021-4104: investigated: false @@ -25841,10 +25703,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25856,13 +25719,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Navigator + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Networking OS 10 cves: cve-2021-4104: investigated: false @@ -25870,10 +25733,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25885,13 +25749,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi One family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Networking OS 9 cves: cve-2021-4104: investigated: false @@ -25899,10 +25763,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25914,13 +25779,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Passport family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Networking SD-WAN Edge SD-WAN cves: cve-2021-4104: investigated: false @@ -25928,10 +25793,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25943,13 +25809,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi PortServer TS family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Networking W-Series cves: cve-2021-4104: investigated: false @@ -25957,10 +25823,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25972,13 +25839,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Remote Manager + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Networking X-Series cves: cve-2021-4104: investigated: false @@ -25986,10 +25853,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26001,13 +25869,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi TX routers + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: OMIMSSC (OpenManage Integration for Microsoft System Center) cves: cve-2021-4104: investigated: false @@ -26015,10 +25883,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26030,13 +25899,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi WR11 + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: OMNIA cves: cve-2021-4104: investigated: false @@ -26044,10 +25913,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26059,13 +25929,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi WR21 + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: OpenManage Connections - Nagios cves: cve-2021-4104: investigated: false @@ -26073,10 +25943,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26088,13 +25959,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi WR31 + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: OpenManage Connections - ServiceNow cves: cve-2021-4104: investigated: false @@ -26102,10 +25973,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26117,13 +25989,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi WR44R/RR + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: OpenManage Integration for Microsoft System Center for System Center + Operations Manager cves: cve-2021-4104: investigated: false @@ -26131,10 +26004,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26146,13 +26020,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi WR54 + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: OpenManage Integration with Microsoft Windows Admin Center cves: cve-2021-4104: investigated: false @@ -26160,10 +26034,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26175,13 +26050,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi WR64 + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: OpenManage Network Integration cves: cve-2021-4104: investigated: false @@ -26189,10 +26064,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26204,13 +26080,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Xbee mobile app + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: OpenManage Power Center cves: cve-2021-4104: investigated: false @@ -26218,10 +26094,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26233,13 +26110,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Lighthouse + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerConnect N3200 cves: cve-2021-4104: investigated: false @@ -26247,10 +26124,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26262,13 +26140,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Realport + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerConnect PC2800 cves: cve-2021-4104: investigated: false @@ -26276,10 +26154,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26291,13 +26170,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Remote Hub Config Utility + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerConnect PC8100 cves: cve-2021-4104: investigated: false @@ -26305,10 +26184,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26320,13 +26200,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digicert - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerEdge Accelerator Solutions cves: cve-2021-4104: investigated: false @@ -26334,10 +26214,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26349,13 +26230,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.digicert.com/alerts/digicert-log4j-response.html + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Digital AI - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerEdge BIOS cves: cve-2021-4104: investigated: false @@ -26363,10 +26244,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26378,13 +26260,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1 + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Digital Alert Systems - product: All + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerEdge Networking Solutions cves: cve-2021-4104: investigated: false @@ -26392,10 +26274,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26407,13 +26290,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digitalalertsystems.com/default-2.htm - notes: Formerly Monroe Electronics, Inc. + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: DNSFilter - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerEdge Operating Systems cves: cve-2021-4104: investigated: false @@ -26421,10 +26304,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26436,13 +26320,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Docker - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerEdge RAID Controller Solutions cves: cve-2021-4104: investigated: false @@ -26450,10 +26334,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26465,13 +26350,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Docusign - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerTools Agent cves: cve-2021-4104: investigated: false @@ -26479,10 +26364,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26494,14 +26380,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: DrayTek - product: Vigor Routers, Access Points, Switches, VigorACS Central Management Software, - MyVigor Platform + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PPDM Kubernetes cProxy cves: cve-2021-4104: investigated: false @@ -26509,10 +26394,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26524,13 +26410,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/ + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: DSpace - product: '' + - vendor: Dell + product: PPDM VMware vProxy cves: cve-2021-4104: investigated: false @@ -26538,10 +26424,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26553,13 +26440,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://groups.google.com/g/dspace-community/c/Fa4VdjiiNyE + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Dynatrace - product: ActiveGate + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Redtail cves: cve-2021-4104: investigated: false @@ -26567,10 +26454,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26582,13 +26470,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: Dynatrace Extensions + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Remotely Anywhere cves: cve-2021-4104: investigated: false @@ -26596,10 +26484,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26611,13 +26500,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: FedRamp SAAS + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Riptide (firmware) cves: cve-2021-4104: investigated: false @@ -26625,10 +26514,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26640,13 +26530,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: Managed cluster nodes + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Rugged Control Center (RCC) cves: cve-2021-4104: investigated: false @@ -26654,10 +26544,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26669,13 +26560,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: OneAgent + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SD ROM Utility cves: cve-2021-4104: investigated: false @@ -26683,10 +26574,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26698,13 +26590,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: SAAS + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SDNAS cves: cve-2021-4104: investigated: false @@ -26712,10 +26604,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26727,13 +26620,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: Synthetic Private ActiveGate + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Secure Connect Gateway (SCG) Appliance cves: cve-2021-4104: investigated: false @@ -26741,8 +26634,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '"5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26756,13 +26650,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-282 references: - - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: Synthetic public locations + - '[]' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Secure Connect Gateway (SCG) Appliance cves: cve-2021-4104: investigated: false @@ -26770,9 +26664,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 5.00.00, 5.00.05, and 4.0.06 and earlier versions (OVF and VHD) unaffected_versions: [] cve-2021-45046: investigated: false @@ -26785,13 +26680,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-282 references: - - '' - last_updated: '2021-12-21T00:00:00' - - vendor: EasyRedmine - product: '' + - '[DSA-2021-282](https://www.dell.com/support/kbdoc/en-us/000194624/dsa-2021-282-dell-emc-secure-connect-gateway-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Secure Connect Gateway (SCG) Policy Manager cves: cve-2021-4104: investigated: false @@ -26799,9 +26694,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 5.00.00.10 + - 5.00.05.10 unaffected_versions: [] cve-2021-45046: investigated: false @@ -26814,13 +26711,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.easyredmine.com/news/easy-redmine-application-is-not-affected-by-the-vulnerability-cve-2021-44228 - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-281 references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Eaton - product: Undisclosed + - '[DSA-2021-281](https://www.dell.com/support/kbdoc/en-us/000194539/dsa-2021-281-dell-emc-policy-manager-for-secure-connect-gateway-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Server Storage cves: cve-2021-4104: investigated: false @@ -26829,10 +26726,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Undisclosed + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26844,15 +26741,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf - notes: Doesn't openly disclose what products are affected or not for quote 'security - purposes'. Needs email registration. No workaround provided due to registration - wall. + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: EclecticIQ - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Smart Fabric Storage Software cves: cve-2021-4104: investigated: false @@ -26860,10 +26755,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26875,13 +26771,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2 + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Eclipse Foundation - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SmartByte cves: cve-2021-4104: investigated: false @@ -26889,10 +26785,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26904,13 +26801,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://wiki.eclipse.org/Eclipse_and_log4j2_vulnerability_(CVE-2021-44228) + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Edwards - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SMI-S cves: cve-2021-4104: investigated: false @@ -26918,10 +26815,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26933,13 +26831,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.edwards.com/devices/support/product-security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: EFI - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Software RAID cves: cve-2021-4104: investigated: false @@ -26947,10 +26845,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26962,13 +26861,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://communities.efi.com/s/article/Are-Fiery-Servers-vulnerable-to-CVE-2021-44228-Apache-Log4j2?language=en_US + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: EGroupware - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Solutions Enabler cves: cve-2021-4104: investigated: false @@ -26976,10 +26875,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26991,13 +26891,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.egroupware.org/t/uk-de-statement-log4j-log4shell/76430 + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Elastic - product: APM Java Agent + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Solutions Enabler vApp cves: cve-2021-4104: investigated: false @@ -27005,10 +26905,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27020,13 +26921,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: APM Server + - vendor: Dell + product: Sonic cves: cve-2021-4104: investigated: false @@ -27034,10 +26935,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27049,13 +26951,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Beats + - vendor: Dell + product: SRS Policy Manager cves: cve-2021-4104: investigated: false @@ -27063,9 +26965,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '7.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -27078,13 +26981,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-287. references: - - '' + - '[DSA-2021-287](https://www.dell.com/support/kbdoc/en-us/000194544/dsa-2021-287-dell-emc-srs-policy-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Cmd + - vendor: Dell + product: SRS VE cves: cve-2021-4104: investigated: false @@ -27092,10 +26995,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27107,13 +27011,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Agent + - vendor: Dell + product: Storage Center - Dell Storage Manager cves: cve-2021-4104: investigated: false @@ -27121,8 +27025,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 16.x + - 17.x + - 18.x + - 19.x + - 20.1.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -27136,13 +27045,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-310. references: - - '' + - '[DSA-2021-310](https://www.dell.com/support/kbdoc/en-us/000194790/dsa-2021-310-storage-center-dell-storage-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Cloud + - vendor: Dell + product: Storage Center OS and additional SC applications unless otherwise noted cves: cve-2021-4104: investigated: false @@ -27150,10 +27059,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27165,13 +27075,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Cloud Enterprise + - vendor: Dell + product: SupportAssist Client Commercial cves: cve-2021-4104: investigated: false @@ -27179,10 +27089,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27194,13 +27105,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Cloud Enterprise + - vendor: Dell + product: SupportAssist Client Consumer cves: cve-2021-4104: investigated: false @@ -27208,10 +27119,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27223,13 +27135,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Cloud on Kubernetes + - vendor: Dell + product: SupportAssist Enterprise cves: cve-2021-4104: investigated: false @@ -27237,8 +27149,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.0.70 and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -27252,13 +27165,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-283. references: - - '' + - '[DSA-2021-283](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability)' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Endgame + - vendor: Dell + product: UCC Edge cves: cve-2021-4104: investigated: false @@ -27266,10 +27179,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27281,13 +27195,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Maps Service + - vendor: Dell + product: Unisphere Central cves: cve-2021-4104: investigated: false @@ -27295,9 +27209,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Versions before 4.0 SP 9.2 (4.0.9.1541235) unaffected_versions: [] cve-2021-45046: investigated: false @@ -27310,13 +27225,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-296. references: - - '' + - '[DSA-2021-296](https://www.dell.com/support/kbdoc/en-us/000194874/dsa-2021-296-dell-emc-unisphere-central-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105)' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elasticsearch + - vendor: Dell + product: Unisphere for PowerMax cves: cve-2021-4104: investigated: false @@ -27325,12 +27240,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '5' - - '6' - - '8' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27342,13 +27255,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Endpoint Security + - vendor: Dell + product: Unisphere for PowerMax vApp cves: cve-2021-4104: investigated: false @@ -27356,10 +27269,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27371,13 +27285,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Enterprise Search + - vendor: Dell + product: Unisphere for VMAX cves: cve-2021-4104: investigated: false @@ -27385,10 +27299,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27400,13 +27315,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Fleet Server + - vendor: Dell + product: Unisphere for VNX cves: cve-2021-4104: investigated: false @@ -27414,10 +27329,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27429,13 +27345,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Kibana + - vendor: Dell + product: Update Manager Plugin cves: cve-2021-4104: investigated: false @@ -27443,10 +27359,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27458,13 +27375,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Logstash + - vendor: Dell + product: Vblock cves: cve-2021-4104: investigated: false @@ -27474,8 +27391,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <6.8.21 - - <7.16.1 + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -27489,13 +27405,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch pending See vce6771 (requires customer login). This advisory is available + to customer only and has not been reviewed by CISA. references: - - '' + - '[vce6771](https://support-dellemc-com.secure.force.com/)' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Machine Learning + - vendor: Dell + product: ViPR Controller cves: cve-2021-4104: investigated: false @@ -27503,10 +27420,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27518,13 +27436,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Swiftype + - vendor: Dell + product: VMware vRealize Automation 8.x cves: cve-2021-4104: investigated: false @@ -27532,8 +27450,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.2 8.3 8.4 8.5 and 8.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -27547,13 +27466,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: ElasticSearch - product: all products + - vendor: Dell + product: VMware vRealize Orchestrator 8.x cves: cve-2021-4104: investigated: false @@ -27561,8 +27480,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.2 8.3 8.4 8.5 and 8.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -27575,13 +27495,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/19/21 references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ellucian - product: Admin + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VNX Control Station cves: cve-2021-4104: investigated: false @@ -27589,10 +27510,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27604,13 +27526,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Analytics + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VNX1 cves: cve-2021-4104: investigated: false @@ -27618,10 +27540,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27633,13 +27556,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Document Management (includes Banner Document Retention) + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VNX2 cves: cve-2021-4104: investigated: false @@ -27647,10 +27570,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27662,13 +27586,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Event Publisher + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VNXe 1600 cves: cve-2021-4104: investigated: false @@ -27676,9 +27600,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Versions 3.1.16.10220572 and earlier unaffected_versions: [] cve-2021-45046: investigated: false @@ -27691,13 +27616,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-299 references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Integration for eLearning + - '[DSA-2021-299](https://www.dell.com/support/kbdoc/en-us/000194605/dsa-2021-299-dell-emc-vnxe1600-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228?lang=en)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VNXe 3200 cves: cve-2021-4104: investigated: false @@ -27705,9 +27630,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Version 3.1.15.10216415 and earlier unaffected_versions: [] cve-2021-45046: investigated: false @@ -27720,13 +27646,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-298 references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Integration for eProcurement + - '[DSA-2021-298](https://www.dell.com/support/kbdoc/en-us/000194606/dsa-2021-298-dell-emc-vnxe3200-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228?lang=en)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VPLEX VS2/VS6 / VPLEX Witness cves: cve-2021-4104: investigated: false @@ -27734,10 +27660,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27749,13 +27676,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Self Service + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRealize Data Protection Extension Data Management cves: cve-2021-4104: investigated: false @@ -27763,9 +27690,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -27778,13 +27706,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-290. references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Workflow + - '[DSA-2021-290](https://www.dell.com/support/kbdoc/en-us/000194614/dsa-2021-290-dell-emc-vrealize-data-protection-extension-for-vrealize-automation-vra-8-x-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage cves: cve-2021-4104: investigated: false @@ -27792,9 +27720,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -27807,13 +27736,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300. references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Colleague + - '[DSA-2021-300](https://www.dell.com/support/kbdoc/en-us/000194610/dsa-2021-300)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRO Plugin for Dell EMC PowerMax cves: cve-2021-4104: investigated: false @@ -27821,9 +27750,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Version 1.2.3 or earlier unaffected_versions: [] cve-2021-45046: investigated: false @@ -27836,13 +27766,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: On-prem and cloud deployements expect fixed 12/18/2021 + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300 references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Colleague Analytics + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRO Plugin for Dell EMC PowerScale cves: cve-2021-4104: investigated: false @@ -27850,9 +27780,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Version 1.1.0 or earlier unaffected_versions: [] cve-2021-45046: investigated: false @@ -27865,13 +27796,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300 references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: CRM Advance + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRO Plugin for Dell EMC PowerStore cves: cve-2021-4104: investigated: false @@ -27879,8 +27810,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Version 1.1.4 or earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -27894,13 +27826,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300 references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: CRM Advise + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRO Plugin for Dell EMC Unity cves: cve-2021-4104: investigated: false @@ -27908,8 +27840,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Version 1.0.6 or earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -27923,13 +27856,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300 references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: CRM Recruit + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRO Plugin for Dell EMC XtremIO cves: cve-2021-4104: investigated: false @@ -27937,8 +27870,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Version 4.1.2 or earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -27952,13 +27886,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300 references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Advance Web Connector + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Vsan Ready Nodes cves: cve-2021-4104: investigated: false @@ -27966,10 +27900,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27981,13 +27916,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Data Access + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VxBlock cves: cve-2021-4104: investigated: false @@ -27995,7 +27930,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -28010,13 +27945,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch pending See vce6771 (requires customer login). This advisory is available + to customer only and has not been reviewed by CISA. references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Design Path + - '[vce6771](https://support-dellemc-com.secure.force.com/)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Warnado MLK (firmware) cves: cve-2021-4104: investigated: false @@ -28024,10 +27960,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28039,13 +27976,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Ellucian Portal + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Wyse Management Suite cves: cve-2021-4104: investigated: false @@ -28053,9 +27990,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 3.5 unaffected_versions: [] cve-2021-45046: investigated: false @@ -28068,13 +28006,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-267 references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian ePrint + - '[DSA-2021-267](https://www.dell.com/support/kbdoc/en-us/000194459/dsa-2021-267-dell-wyse-management-suite-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Wyse Proprietary OS (ThinOS) cves: cve-2021-4104: investigated: false @@ -28082,10 +28020,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28097,13 +28036,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Ethos API & API Management Center + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Wyse Windows Embedded Suite cves: cve-2021-4104: investigated: false @@ -28111,10 +28050,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28126,13 +28066,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Ethos Extend + last_updated: '2021-12-15T00:00:00' + - vendor: Deltares + product: Delft-FEWS cves: cve-2021-4104: investigated: false @@ -28140,9 +28080,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>2018.02' unaffected_versions: [] cve-2021-45046: investigated: false @@ -28155,13 +28096,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: '' + - https://publicwiki.deltares.nl/display/FEWSDOC/Delft-FEWS+and+Log4J+vulnerability + notes: Mitigations Only references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Ethos Integration + last_updated: '2021-12-22T00:00:00' + - vendor: Denequa + product: All cves: cve-2021-4104: investigated: false @@ -28184,13 +28125,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://denequa.de/log4j-information.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian eTranscripts + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Device42 + product: All cves: cve-2021-4104: investigated: false @@ -28198,10 +28139,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28213,13 +28155,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://blog.device42.com/2021/12/13/log4j-zero-day/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Experience + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Devolutions + product: All cves: cve-2021-4104: investigated: false @@ -28227,10 +28169,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28242,13 +28185,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Intelligent Platform (ILP) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Diebold Nixdorf + product: All cves: cve-2021-4104: investigated: false @@ -28271,13 +28214,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.dieboldnixdorf.com/en-us/apache notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian International Student and Scholar Management (ISSM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Digi International + product: AnywhereUSB Manager cves: cve-2021-4104: investigated: false @@ -28285,10 +28228,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28300,13 +28244,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Message Service (EMS) + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: ARMT cves: cve-2021-4104: investigated: false @@ -28314,10 +28258,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28329,13 +28274,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Messaging Adapter (EMA) + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Aview cves: cve-2021-4104: investigated: false @@ -28343,10 +28288,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28358,13 +28304,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Mobile + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: AVWOB cves: cve-2021-4104: investigated: false @@ -28372,10 +28318,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28387,13 +28334,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Payment Gateway + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: CTEK G6200 family cves: cve-2021-4104: investigated: false @@ -28401,10 +28348,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28416,13 +28364,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian PowerCampus + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: CTEK SkyCloud cves: cve-2021-4104: investigated: false @@ -28430,10 +28378,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28445,13 +28394,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Solution Manager + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: CTEK Z45 family cves: cve-2021-4104: investigated: false @@ -28459,10 +28408,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28474,13 +28424,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Workflow + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi 54xx family cves: cve-2021-4104: investigated: false @@ -28488,10 +28438,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28503,13 +28454,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Enterprise Identity Services(BEIS) + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi 63xx family cves: cve-2021-4104: investigated: false @@ -28517,10 +28468,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28532,13 +28484,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 148 Temperature Transmitter + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi AnywhereUSB (G2) family cves: cve-2021-4104: investigated: false @@ -28546,10 +28498,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28561,13 +28514,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 2051 Pressure Transmitter Family + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi AnywhereUSB Plus family cves: cve-2021-4104: investigated: false @@ -28575,10 +28528,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28590,13 +28544,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 2088 Pressure Transmitter Family + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Connect EZ family cves: cve-2021-4104: investigated: false @@ -28604,10 +28558,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28619,13 +28574,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 2090F/2090P Pressure Transmitters + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Connect family cves: cve-2021-4104: investigated: false @@ -28633,10 +28588,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28648,13 +28604,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 215 Pressure Sensor Module + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Connect IT family cves: cve-2021-4104: investigated: false @@ -28662,10 +28618,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28677,13 +28634,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 248 Configuration Application + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Connect Sensor family cves: cve-2021-4104: investigated: false @@ -28691,10 +28648,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28706,13 +28664,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 248 Temperature Transmitter + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Connect WS family cves: cve-2021-4104: investigated: false @@ -28720,10 +28678,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28735,13 +28694,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 3051 & 3051S Pressure transmitter families + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi ConnectPort family cves: cve-2021-4104: investigated: false @@ -28749,10 +28708,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28764,13 +28724,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 3144P Temperature Transmitter + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi ConnectPort LTS family cves: cve-2021-4104: investigated: false @@ -28778,10 +28738,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28793,13 +28754,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 326P Pressure Transmitter + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Embedded Android cves: cve-2021-4104: investigated: false @@ -28807,10 +28768,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28822,13 +28784,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 326T Temperature Transmitter + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Embedded Yocto cves: cve-2021-4104: investigated: false @@ -28836,10 +28798,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28851,13 +28814,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 327T Temperature Transmitter + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi EX routers cves: cve-2021-4104: investigated: false @@ -28865,10 +28828,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28880,13 +28844,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 4088 Pressure Transmitter + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi IX routers cves: cve-2021-4104: investigated: false @@ -28894,10 +28858,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28909,13 +28874,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 4088 Upgrade Utility + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi LR54 cves: cve-2021-4104: investigated: false @@ -28923,10 +28888,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28938,13 +28904,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 4600 Pressure Transmitter + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Navigator cves: cve-2021-4104: investigated: false @@ -28952,10 +28918,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28967,13 +28934,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 4732 Endeavor + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi One family cves: cve-2021-4104: investigated: false @@ -28981,10 +28948,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28996,13 +28964,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 4732 Endeavor + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Passport family cves: cve-2021-4104: investigated: false @@ -29010,10 +28978,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -29025,13 +28994,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 550 PT Pressure Transmitter + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi PortServer TS family cves: cve-2021-4104: investigated: false @@ -29039,10 +29008,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -29054,13 +29024,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 5726 Transmitter + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Remote Manager cves: cve-2021-4104: investigated: false @@ -29068,10 +29038,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -29083,13 +29054,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 5726 Transmitter + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi TX routers cves: cve-2021-4104: investigated: false @@ -29097,10 +29068,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -29112,13 +29084,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 644 Temperature Transmitter + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi WR11 cves: cve-2021-4104: investigated: false @@ -29126,10 +29098,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -29141,13 +29114,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 648 Temperature Transmitter + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi WR21 cves: cve-2021-4104: investigated: false @@ -29155,10 +29128,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -29170,13 +29144,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 848T Temperature Transmitter + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi WR31 cves: cve-2021-4104: investigated: false @@ -29184,10 +29158,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -29199,13 +29174,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Combustion: OCX OXT 6888 CX1100 6888Xi' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi WR44R/RR cves: cve-2021-4104: investigated: false @@ -29213,10 +29188,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -29228,13 +29204,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT2211 QCL Aerosol Microleak Detection System + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi WR54 cves: cve-2021-4104: investigated: false @@ -29242,10 +29218,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -29257,13 +29234,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT3000 QCL Automotive OEM Gas Analyzer + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi WR64 cves: cve-2021-4104: investigated: false @@ -29271,10 +29248,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -29286,13 +29264,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT4000 QCL Marine OEM Gas Analyzer + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Xbee mobile app cves: cve-2021-4104: investigated: false @@ -29300,10 +29278,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -29315,13 +29294,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT4215 QCL Packaging Leak Detection System + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Lighthouse cves: cve-2021-4104: investigated: false @@ -29329,10 +29308,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -29344,13 +29324,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT4400 QCL General Purpose Continuous Gas Analyzer + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Realport cves: cve-2021-4104: investigated: false @@ -29358,10 +29338,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -29373,13 +29354,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT4404 QCL pMDI Leak Detection Analyzer + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Remote Hub Config Utility cves: cve-2021-4104: investigated: false @@ -29387,10 +29368,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -29402,13 +29384,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT5100 QCL Field Housing Continuous Gas Analyzer + last_updated: '2021-12-21T00:00:00' + - vendor: Digicert + product: All cves: cve-2021-4104: investigated: false @@ -29431,13 +29413,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://knowledge.digicert.com/alerts/digicert-log4j-response.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT5400 QCL General Purpose Continuous Gas Analyzer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Digital AI + product: All cves: cve-2021-4104: investigated: false @@ -29460,13 +29442,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT5800 QCL Flameproof Housing Continuous Gas Analyzer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Digital Alert Systems + product: All cves: cve-2021-4104: investigated: false @@ -29489,13 +29471,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' + - https://www.digitalalertsystems.com/default-2.htm + notes: Formerly Monroe Electronics, Inc. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: DHNC1 DHNC2 + last_updated: '2022-01-05T00:00:00' + - vendor: DirectAdmin + product: All cves: cve-2021-4104: investigated: false @@ -29503,10 +29485,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -29518,13 +29501,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' + - https://forum.directadmin.com/threads/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare.65173/#post-339723 + notes: Invidivual plugins not developed as part of DirectAdmin core may be vulnerable. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: DHNC1 DHNC2 + last_updated: '2022-01-05T00:00:00' + - vendor: DNSFilter + product: All cves: cve-2021-4104: investigated: false @@ -29547,13 +29530,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Emerson Aperio software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Docker + product: Infrastructure cves: cve-2021-4104: investigated: false @@ -29561,10 +29544,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -29576,13 +29560,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' + - https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ + notes: Docker infrastructure not vulnerable, Docker images could be vulnerable. + For more info see source. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Engineering Assistant 5.x & 6.x + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Docusign + product: All cves: cve-2021-4104: investigated: false @@ -29605,13 +29590,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Fieldwatch and Service consoles + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: DotCMS + product: Hybrid Content Management System cves: cve-2021-4104: investigated: false @@ -29619,9 +29604,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -29634,13 +29620,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://github.com/dotCMS/core/issues/21393 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Fieldwatch and Service consoles + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: DrayTek + product: All cves: cve-2021-4104: investigated: false @@ -29648,10 +29634,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -29663,14 +29650,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared - Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector' + last_updated: '2021-12-15T00:00:00' + - vendor: Dropwizard + product: All cves: cve-2021-4104: investigated: false @@ -29678,10 +29664,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -29693,13 +29680,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' + - https://twitter.com/dropwizardio/status/1469285337524580359 + notes: Only vulnerable if you manually added Log4j. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Flarecheck FlowCheck Flowel & PWAM software + last_updated: '2021-12-15T00:00:00' + - vendor: Dräger + product: All cves: cve-2021-4104: investigated: false @@ -29707,10 +29694,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -29722,13 +29710,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://static.draeger.com/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Flarecheck FlowCheck Flowel & PWAM software + last_updated: '2021-12-15T00:00:00' + - vendor: DSpace + product: All cves: cve-2021-4104: investigated: false @@ -29751,13 +29739,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://groups.google.com/g/dspace-community/c/Fa4VdjiiNyE notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Dynatrace + product: ActiveGate cves: cve-2021-4104: investigated: false @@ -29765,9 +29753,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -29780,13 +29769,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: Cloud Services cves: cve-2021-4104: investigated: false @@ -29794,9 +29783,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -29809,13 +29799,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + notes: Please see Dynatrace Communication for details references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: Extensions cves: cve-2021-4104: investigated: false @@ -29823,9 +29813,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -29838,13 +29829,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + notes: Please see Dynatrace Communication for details references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: FedRamp SAAS cves: cve-2021-4104: investigated: false @@ -29852,9 +29843,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -29867,15 +29859,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless - Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle - Monitor' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: Managed cluster nodes cves: cve-2021-4104: investigated: false @@ -29883,10 +29873,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + notes: Please see Dynatrace Communication for details + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: OneAgent + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -29898,15 +29919,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless - Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle - Monitor' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: SAAS cves: cve-2021-4104: investigated: false @@ -29914,9 +29933,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -29929,13 +29949,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Incus Ultrasonic gas leak detector + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: Synthetic Private ActiveGate cves: cve-2021-4104: investigated: false @@ -29943,10 +29963,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + notes: Please see Dynatrace Communication for details + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: Synthetic public locations + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -29958,13 +30009,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: K-Series Coriolis Transmitters + last_updated: '2021-12-21T00:00:00' + - vendor: EasyRedmine + product: '' cves: cve-2021-4104: investigated: false @@ -29987,13 +30038,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.easyredmine.com/news/easy-redmine-application-is-not-affected-by-the-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: K-Series Coriolis Transmitters + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Eaton + product: Undisclosed cves: cve-2021-4104: investigated: false @@ -30001,8 +30052,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Undisclosed fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -30016,13 +30068,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' + - https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf + notes: Doesn't openly disclose what products are affected or not for quote 'security + purposes'. Needs email registration. No workaround provided due to registration + wall. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Liquid Transmitters: 5081 1066 1056 1057 56' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: EclecticIQ + product: '' cves: cve-2021-4104: investigated: false @@ -30045,13 +30099,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Mark III Gas and Liquid USM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Eclipse Foundation + product: '' cves: cve-2021-4104: investigated: false @@ -30074,13 +30128,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://wiki.eclipse.org/Eclipse_and_log4j2_vulnerability_(CVE-2021-44228) notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Mark III Gas and Liquid USM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Edwards + product: '' cves: cve-2021-4104: investigated: false @@ -30103,13 +30157,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.edwards.com/devices/support/product-security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: MPFM2600 & MPFM5726 + last_updated: '2022-01-06T00:00:00' + - vendor: EFI + product: '' cves: cve-2021-4104: investigated: false @@ -30132,13 +30186,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://communities.efi.com/s/article/Are-Fiery-Servers-vulnerable-to-CVE-2021-44228-Apache-Log4j2?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: MPFM2600 & MPFM5726 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: EGroupware + product: '' cves: cve-2021-4104: investigated: false @@ -30161,13 +30215,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://help.egroupware.org/t/uk-de-statement-log4j-log4shell/76430 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Plantweb Advisor for Metrology and Metering Suite SDK + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Elastic + product: APM Java Agent cves: cve-2021-4104: investigated: false @@ -30190,13 +30244,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Plantweb Advisor for Metrology and Metering Suite SDK + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: APM Server cves: cve-2021-4104: investigated: false @@ -30219,13 +30273,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Prolink Configuration Software + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Beats cves: cve-2021-4104: investigated: false @@ -30248,13 +30302,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Prolink Configuration Software + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Cmd cves: cve-2021-4104: investigated: false @@ -30277,13 +30331,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Prolink Mobile Application & ProcessViz Software + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elastic Agent cves: cve-2021-4104: investigated: false @@ -30306,13 +30360,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Prolink Mobile Application & ProcessViz Software + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elastic Cloud cves: cve-2021-4104: investigated: false @@ -30335,13 +30389,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount 2230 Graphical Field Display + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elastic Cloud Enterprise cves: cve-2021-4104: investigated: false @@ -30364,13 +30418,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount 2240S Multi-input Temperature Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elastic Cloud Enterprise cves: cve-2021-4104: investigated: false @@ -30393,13 +30447,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount 2410 Tank Hub + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elastic Cloud on Kubernetes cves: cve-2021-4104: investigated: false @@ -30422,13 +30476,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount 2460 System Hub + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elastic Endgame cves: cve-2021-4104: investigated: false @@ -30451,13 +30505,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount 3490 Controller + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elastic Maps Service cves: cve-2021-4104: investigated: false @@ -30480,13 +30534,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount CMS/IOU 61 + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elasticsearch cves: cve-2021-4104: investigated: false @@ -30494,8 +30548,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '5' + - '6' + - '8' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -30509,13 +30566,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount CMS/SCU 51/SCC + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Endpoint Security cves: cve-2021-4104: investigated: false @@ -30538,13 +30595,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount CMS/WSU 51/SWF 51 + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Enterprise Search cves: cve-2021-4104: investigated: false @@ -30567,13 +30624,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount IO-Link Assistant + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Fleet Server cves: cve-2021-4104: investigated: false @@ -30596,13 +30653,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount Level Detectors (21xx) + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Kibana cves: cve-2021-4104: investigated: false @@ -30625,13 +30682,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Logstash cves: cve-2021-4104: investigated: false @@ -30639,8 +30696,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <6.8.21 + - <7.16.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -30654,13 +30713,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount Radar Configuration Tool + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Machine Learning cves: cve-2021-4104: investigated: false @@ -30683,13 +30742,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount Radar Level Gauges (Pro 39xx 59xx) + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Swiftype cves: cve-2021-4104: investigated: false @@ -30712,13 +30771,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount RadarMaster and RadarMaster Plus + last_updated: '2021-12-15T00:00:00' + - vendor: ElasticSearch + product: all products cves: cve-2021-4104: investigated: false @@ -30740,14 +30799,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount Tank Radar Gauges (TGUxx) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ellucian + product: Admin cves: cve-2021-4104: investigated: false @@ -30770,13 +30828,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount TankMaster and TankMaster Mobile + - vendor: Ellucian + product: Banner Analytics cves: cve-2021-4104: investigated: false @@ -30799,13 +30857,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Spectrex family Flame Detectors and Rosemount 975 flame detector + - vendor: Ellucian + product: Banner Document Management (includes Banner Document Retention) cves: cve-2021-4104: investigated: false @@ -30828,13 +30886,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: USM 3410 and 3810 Series Ultrasonic Transmitters + - vendor: Ellucian + product: Banner Event Publisher cves: cve-2021-4104: investigated: false @@ -30857,13 +30915,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: USM 3410 and 3810 Series Ultrasonic Transmitters + - vendor: Ellucian + product: Banner Integration for eLearning cves: cve-2021-4104: investigated: false @@ -30886,13 +30944,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Vortex and Magmeter Transmitters + - vendor: Ellucian + product: Banner Integration for eProcurement cves: cve-2021-4104: investigated: false @@ -30915,13 +30973,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Vortex and Magmeter Transmitters + - vendor: Ellucian + product: Banner Self Service cves: cve-2021-4104: investigated: false @@ -30944,13 +31002,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: WCM SWGM + - vendor: Ellucian + product: Banner Workflow cves: cve-2021-4104: investigated: false @@ -30973,13 +31031,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: WCM SWGM + - vendor: Ellucian + product: Colleague cves: cve-2021-4104: investigated: false @@ -31002,13 +31060,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: On-prem and cloud deployements expect fixed 12/18/2021 + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Colleague Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: EnterpriseDT - product: '' + - vendor: Ellucian + product: CRM Advance cves: cve-2021-4104: investigated: false @@ -31031,13 +31118,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/ + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ESET - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: CRM Advise cves: cve-2021-4104: investigated: false @@ -31060,13 +31147,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ESRI - product: ArcGIS Data Store + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: CRM Recruit cves: cve-2021-4104: investigated: false @@ -31074,10 +31161,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -31090,14 +31176,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS Enterprise + - vendor: Ellucian + product: Ellucian Advance Web Connector cves: cve-2021-4104: investigated: false @@ -31105,10 +31190,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -31121,14 +31205,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS GeoEvent Server + - vendor: Ellucian + product: Ellucian Data Access cves: cve-2021-4104: investigated: false @@ -31136,10 +31219,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -31152,14 +31234,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS Server + - vendor: Ellucian + product: Ellucian Design Path cves: cve-2021-4104: investigated: false @@ -31167,10 +31248,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -31183,14 +31263,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS Workflow Manager Server + - vendor: Ellucian + product: Ellucian Ellucian Portal cves: cve-2021-4104: investigated: false @@ -31198,10 +31277,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -31214,14 +31292,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: Portal for ArcGIS + - vendor: Ellucian + product: Ellucian ePrint cves: cve-2021-4104: investigated: false @@ -31229,10 +31306,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -31245,14 +31321,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Estos - product: '' + - vendor: Ellucian + product: Ellucian Ethos API & API Management Center cves: cve-2021-4104: investigated: false @@ -31275,13 +31350,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.estos.de/de/sicherheitshinweise/estos-von-kritischer-schwachstelle-in-log4j-cve-2021-44228-nicht-betroffen + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Evolveum Midpoint - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Ethos Extend cves: cve-2021-4104: investigated: false @@ -31304,13 +31379,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://evolveum.com/midpoint-not-vulnerable-to-log4shell/ + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ewon - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Ethos Integration cves: cve-2021-4104: investigated: false @@ -31333,13 +31408,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42 + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Exabeam - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian eTranscripts cves: cve-2021-4104: investigated: false @@ -31362,14 +31437,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.exabeam.com/s/discussions?t=1639379479381 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Exact - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Experience cves: cve-2021-4104: investigated: false @@ -31392,13 +31466,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.exact.com/news/general-statement-apache-leak + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Exivity - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Intelligent Platform (ILP) cves: cve-2021-4104: investigated: false @@ -31421,13 +31495,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.exivity.com/getting-started/releases/announcements#announcement-regarding-cve-2021-44228 + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ExtraHop - product: Reveal(x) + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian International Student and Scholar Management (ISSM) cves: cve-2021-4104: investigated: false @@ -31435,11 +31509,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <=8.4.6 - - <=8.5.3 - - <=8.6.4 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -31453,13 +31524,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.extrahop.com/t/extrahop-update-on-log4shell/8148 - notes: Versions >8.4.7, >8.5.4, >8.6.5 and >=8.7 are fixed. + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: eXtreme Hosting - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Message Service (EMS) cves: cve-2021-4104: investigated: false @@ -31482,13 +31553,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://extremehosting.nl/log4shell-log4j/ + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Extreme Networks - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Messaging Adapter (EMA) cves: cve-2021-4104: investigated: false @@ -31511,13 +31582,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Extron - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Mobile cves: cve-2021-4104: investigated: false @@ -31540,13 +31611,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.extron.com/featured/Security-at-Extron/extron-security + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F-Secure - product: Elements Connector + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Payment Gateway cves: cve-2021-4104: investigated: false @@ -31569,13 +31640,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F-Secure - product: Endpoint Proxy + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian PowerCampus cves: cve-2021-4104: investigated: false @@ -31583,9 +31654,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 13-15 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -31599,13 +31669,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.f-secure.com/incidents/sk8vmr0h34pd + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F-Secure - product: Messaging Security Gateway + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Solution Manager cves: cve-2021-4104: investigated: false @@ -31628,13 +31698,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F-Secure - product: Policy Manager + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Ellucian Workflow cves: cve-2021-4104: investigated: false @@ -31642,9 +31712,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 13-15 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -31658,13 +31727,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.f-secure.com/incidents/sk8vmr0h34pd + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F-Secure - product: Policy Manager Proxy + last_updated: '2021-12-17T00:00:00' + - vendor: Ellucian + product: Enterprise Identity Services(BEIS) cves: cve-2021-4104: investigated: false @@ -31672,9 +31741,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 13-15 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -31688,13 +31756,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.f-secure.com/incidents/sk8vmr0h34pd + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: BIG-IP (all modules) + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 148 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -31702,11 +31770,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 11.x - 16.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31718,13 +31785,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: BIG-IQ Centralized Management + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 2051 Pressure Transmitter Family cves: cve-2021-4104: investigated: false @@ -31732,11 +31799,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 7.x-8.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31748,13 +31814,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: F5OS + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 2088 Pressure Transmitter Family cves: cve-2021-4104: investigated: false @@ -31762,11 +31828,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 1.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31778,13 +31843,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: NGINX App Protect + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 2090F/2090P Pressure Transmitters cves: cve-2021-4104: investigated: false @@ -31792,11 +31857,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 3.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31808,13 +31872,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: NGINX Controller + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 215 Pressure Sensor Module cves: cve-2021-4104: investigated: false @@ -31822,11 +31886,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 3.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31838,13 +31901,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: NGINX Ingress Controller + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 248 Configuration Application cves: cve-2021-4104: investigated: false @@ -31852,11 +31915,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 1.x - 2.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31868,13 +31930,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: NGINX Instance Manager + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 248 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -31882,11 +31944,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 1.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31898,13 +31959,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: NGINX Open Source + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 3051 & 3051S Pressure transmitter families cves: cve-2021-4104: investigated: false @@ -31912,11 +31973,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 1.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31928,13 +31988,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: NGINX Plus + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 3144P Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -31942,11 +32002,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - R19 - R25 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31958,13 +32017,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: NGINX Service Mesh + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 326P Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -31972,11 +32031,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 1.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31988,13 +32046,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: NGINX Unit + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 326T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -32002,11 +32060,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 1.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -32018,13 +32075,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: Traffix SDC + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 327T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -32032,10 +32089,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 5.x (5.2.0 CF1 - - 5.1.0 CF-30 - 5.1.0 CF-33) + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -32049,14 +32104,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 - notes: 'Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + - Kibana), Element Management System' + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FAST LTA - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 4088 Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -32079,13 +32133,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.fast-lta.de/en/log4j2-vulnerability + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fastly - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 4088 Upgrade Utility cves: cve-2021-4104: investigated: false @@ -32108,13 +32162,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FedEx - product: Ship Manager Software + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 4600 Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -32123,8 +32177,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - Unknown + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -32138,20 +32191,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4 - notes: 'Note: FedEx is aware of the issue related to the Log4j Remote Code Execution - vulnerability affecting various Apache products. We are actively assessing the - situation and taking necessary action as appropriate. As a result, we are temporarily - unable to provide a link to download the FedEx Ship Manager software or generate - product keys needed for registration of FedEx Ship Manager software. We are - working to have this resolved as quickly as possible and apologize for the inconvenience. - For related questions or the most updated information, customers should check - FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative.' + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Fiix - product: Fiix CMMS Core + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 4732 Endeavor cves: cve-2021-4104: investigated: false @@ -32159,10 +32205,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - v5 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -32175,14 +32220,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: The product has been updated to Log4j version 2.15. An additional patch - is being developed to update to 2.16. No user interaction is required. + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: FileCap - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 4732 Endeavor cves: cve-2021-4104: investigated: false @@ -32205,13 +32249,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://mailchi.mp/3f82266e0717/filecap-update-version-511 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FileCatalyst - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 550 PT Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -32234,13 +32278,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.filecatalyst.com/index.php/Knowledgebase/Article/View/advisory-log4j-zero-day-security-vulnerability + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FileCloud - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 5726 Transmitter cves: cve-2021-4104: investigated: false @@ -32263,13 +32307,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.getfilecloud.com/supportdocs/display/cloud/Advisory+2021-12-2+Impact+of+Apache+Log4j2+Vulnerability+on+FileCloud+Customers + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FileWave - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 5726 Transmitter cves: cve-2021-4104: investigated: false @@ -32292,13 +32336,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.filewave.com/display/KB/Security+Notice:+Apache+log4j+Vulnerability+CVE-2021-44228 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FINVI - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 644 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -32321,13 +32365,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://finvi.com/support/ + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FireDaemon - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 648 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -32350,13 +32394,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.firedaemon.com/support/solutions/articles/4000178630 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fisher & Paykel Healthcare - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 848T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -32379,13 +32423,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fphcare.com/us/our-company/contact-us/product-security/ + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Flexagon - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 'Combustion: OCX OXT 6888 CX1100 6888Xi' cves: cve-2021-4104: investigated: false @@ -32408,13 +32452,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://flexagon.com/what-is-the-impact-of-log4j-vulnerability-cve-2021-44228-on-flexdeploy/ + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Flexera - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: CT2211 QCL Aerosol Microleak Detection System cves: cve-2021-4104: investigated: false @@ -32437,13 +32481,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-2-remote-code-execution/ba-p/216934 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forcepoint - product: DLP Manager + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: CT3000 QCL Automotive OEM Gas Analyzer cves: cve-2021-4104: investigated: false @@ -32466,13 +32510,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forcepoint - product: Forcepoint Cloud Security Gateway (CSG) + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: CT4000 QCL Marine OEM Gas Analyzer cves: cve-2021-4104: investigated: false @@ -32495,13 +32539,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forcepoint - product: Next Generation Firewall (NGFW) + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: CT4215 QCL Packaging Leak Detection System cves: cve-2021-4104: investigated: false @@ -32524,14 +32568,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forcepoint - product: Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service - and Sidewinder + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: CT4400 QCL General Purpose Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -32554,13 +32597,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forcepoint - product: One Endpoint + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: CT4404 QCL pMDI Leak Detection Analyzer cves: cve-2021-4104: investigated: false @@ -32583,13 +32626,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forcepoint - product: Security Manager (Web, Email and DLP) + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: CT5100 QCL Field Housing Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -32612,13 +32655,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forescout - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: CT5400 QCL General Purpose Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -32641,42 +32684,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ForgeRock - product: Autonomous Identity - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa - notes: all other ForgeRock products Not vulnerable - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAIOps + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: CT5800 QCL Flameproof Housing Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -32699,13 +32713,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAnalyzer + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: DHNC1 DHNC2 cves: cve-2021-4104: investigated: false @@ -32728,13 +32742,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAnalyzer Cloud + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: DHNC1 DHNC2 cves: cve-2021-4104: investigated: false @@ -32757,13 +32771,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAP + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Emerson Aperio software cves: cve-2021-4104: investigated: false @@ -32786,13 +32800,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAuthenticator + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Engineering Assistant 5.x & 6.x cves: cve-2021-4104: investigated: false @@ -32815,13 +32829,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiCASB + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Fieldwatch and Service consoles cves: cve-2021-4104: investigated: false @@ -32844,13 +32858,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiConvertor + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Fieldwatch and Service consoles cves: cve-2021-4104: investigated: false @@ -32873,13 +32887,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiDeceptor + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 'Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared + Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector' cves: cve-2021-4104: investigated: false @@ -32902,13 +32917,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiEDR Agent + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Flarecheck FlowCheck Flowel & PWAM software cves: cve-2021-4104: investigated: false @@ -32931,13 +32946,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiEDR Cloud + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Flarecheck FlowCheck Flowel & PWAM software cves: cve-2021-4104: investigated: false @@ -32960,13 +32975,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiGate Cloud + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' cves: cve-2021-4104: investigated: false @@ -32989,13 +33004,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiGSLB Cloud + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' cves: cve-2021-4104: investigated: false @@ -33018,13 +33033,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiMail + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' cves: cve-2021-4104: investigated: false @@ -33047,13 +33062,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiManager + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' cves: cve-2021-4104: investigated: false @@ -33076,13 +33091,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiManager Cloud + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless + Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle + Monitor' cves: cve-2021-4104: investigated: false @@ -33105,13 +33122,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiNAC + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless + Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle + Monitor' cves: cve-2021-4104: investigated: false @@ -33134,13 +33153,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiNAC + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Incus Ultrasonic gas leak detector cves: cve-2021-4104: investigated: false @@ -33163,13 +33182,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiOS (includes FortiGate & FortiWiFi) + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: K-Series Coriolis Transmitters cves: cve-2021-4104: investigated: false @@ -33192,13 +33211,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiPhish Cloud + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: K-Series Coriolis Transmitters cves: cve-2021-4104: investigated: false @@ -33221,13 +33240,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiPolicy + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 'Liquid Transmitters: 5081 1066 1056 1057 56' cves: cve-2021-4104: investigated: false @@ -33250,13 +33269,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiPortal + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Mark III Gas and Liquid USM cves: cve-2021-4104: investigated: false @@ -33279,13 +33298,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiRecorder + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Mark III Gas and Liquid USM cves: cve-2021-4104: investigated: false @@ -33308,13 +33327,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiSIEM + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: MPFM2600 & MPFM5726 cves: cve-2021-4104: investigated: false @@ -33337,13 +33356,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiSOAR + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: MPFM2600 & MPFM5726 cves: cve-2021-4104: investigated: false @@ -33366,13 +33385,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiSwicth Cloud in FortiLANCloud + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Plantweb Advisor for Metrology and Metering Suite SDK cves: cve-2021-4104: investigated: false @@ -33395,13 +33414,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiSwitch & FortiSwitchManager + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Plantweb Advisor for Metrology and Metering Suite SDK cves: cve-2021-4104: investigated: false @@ -33424,13 +33443,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiToken Cloud + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Prolink Configuration Software cves: cve-2021-4104: investigated: false @@ -33453,13 +33472,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiVoice + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Prolink Configuration Software cves: cve-2021-4104: investigated: false @@ -33482,13 +33501,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiWeb Cloud + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Prolink Mobile Application & ProcessViz Software cves: cve-2021-4104: investigated: false @@ -33511,13 +33530,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: ShieldX + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Prolink Mobile Application & ProcessViz Software cves: cve-2021-4104: investigated: false @@ -33540,13 +33559,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FTAPI - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount 2230 Graphical Field Display cves: cve-2021-4104: investigated: false @@ -33569,13 +33588,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/# + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fujitsu - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount 2240S Multi-input Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -33598,13 +33617,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FusionAuth - product: FusionAuth + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount 2410 Tank Hub cves: cve-2021-4104: investigated: false @@ -33612,11 +33631,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '1.32' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -33628,13 +33646,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/ + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GE Digital - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount 2460 System Hub cves: cve-2021-4104: investigated: false @@ -33657,14 +33675,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories - notes: This advisory is available to customers only and has not been reviewed - by CISA. + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Digital Grid - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount 3490 Controller cves: cve-2021-4104: investigated: false @@ -33687,14 +33704,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585 - notes: This advisory is available to customers only and has not been reviewed - by CISA. + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Asset Performance Management (APM) + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount CMS/IOU 61 cves: cve-2021-4104: investigated: false @@ -33717,13 +33733,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: GE verifying workaround. + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Baseline Security Center (BSC) + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount CMS/SCU 51/SCC cves: cve-2021-4104: investigated: false @@ -33746,14 +33762,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details. + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Baseline Security Center (BSC) 2.0 + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount CMS/WSU 51/SWF 51 cves: cve-2021-4104: investigated: false @@ -33776,14 +33791,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Control Server + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount IO-Link Assistant cves: cve-2021-4104: investigated: false @@ -33806,14 +33820,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: The Control Server is Affected via vCenter. There is a fix for vCenter. - Please see below. GE verifying the vCenter fix as proposed by the vendor. + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Tag Mapping Service + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount Level Detectors (21xx) cves: cve-2021-4104: investigated: false @@ -33836,13 +33849,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Healthcare - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) cves: cve-2021-4104: investigated: false @@ -33865,14 +33878,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://securityupdate.gehealthcare.com - notes: This advisory is not available at the time of this review, due to maintence - on the GE Healthcare website. + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Gearset - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount Radar Configuration Tool cves: cve-2021-4104: investigated: false @@ -33895,13 +33907,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Genesys - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount Radar Level Gauges (Pro 39xx 59xx) cves: cve-2021-4104: investigated: false @@ -33924,13 +33936,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GeoServer - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount RadarMaster and RadarMaster Plus cves: cve-2021-4104: investigated: false @@ -33953,13 +33965,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gerrit code review - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount Tank Radar Gauges (TGUxx) cves: cve-2021-4104: investigated: false @@ -33982,13 +33994,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gerritcodereview.com/2021-12-13-log4j-statement.html + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GFI - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount TankMaster and TankMaster Mobile cves: cve-2021-4104: investigated: false @@ -34011,13 +34023,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ghidra - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Spectrex family Flame Detectors and Rosemount 975 flame detector cves: cve-2021-4104: investigated: false @@ -34040,13 +34052,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gigamon - product: Fabric Manager + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: USM 3410 and 3810 Series Ultrasonic Transmitters cves: cve-2021-4104: investigated: false @@ -34054,9 +34066,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <5.13.01.02 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -34070,14 +34081,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.gigamon.com/gigamoncp/s/my-gigamon - notes: Updates available via the Gigamon Support Portal. This advisory available - to customers only and has not been reviewed by CISA. + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: GitHub - product: GitHub + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: USM 3410 and 3810 Series Ultrasonic Transmitters cves: cve-2021-4104: investigated: false @@ -34085,10 +34095,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - GitHub.com and GitHub Enterprise Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -34101,13 +34110,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: GitLab - product: '' + - vendor: Emerson + product: Vortex and Magmeter Transmitters cves: cve-2021-4104: investigated: false @@ -34130,13 +34139,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Globus - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Vortex and Magmeter Transmitters cves: cve-2021-4104: investigated: false @@ -34159,13 +34168,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GoAnywhere - product: Gateway + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: WCM SWGM cves: cve-2021-4104: investigated: false @@ -34173,9 +34182,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 2.8.4 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -34189,13 +34197,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' - - vendor: GoAnywhere - product: MFT + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: WCM SWGM cves: cve-2021-4104: investigated: false @@ -34203,9 +34211,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 6.8.6 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -34219,13 +34226,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' - - vendor: GoAnywhere - product: MFT Agents + last_updated: '2021-12-17T00:00:00' + - vendor: EnterpriseDT + product: '' cves: cve-2021-4104: investigated: false @@ -34233,9 +34240,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 1.6.5 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -34249,12 +34255,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + - https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/ notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' - - vendor: GoCD + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ESET product: '' cves: cve-2021-4104: @@ -34278,13 +34284,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gocd.org/2021/12/14/log4j-vulnerability.html + - https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Google - product: Chrome + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ESRI + product: ArcGIS Data Store cves: cve-2021-4104: investigated: false @@ -34294,10 +34300,11 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -34307,14 +34314,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html - notes: Chrome Browser releases, infrastructure and admin console are not using - versions of Log4j affected by the vulnerability. + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions references: - '' - last_updated: '2022-01-14' - - vendor: Google Cloud - product: Access Transparency + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: ArcGIS Enterprise cves: cve-2021-4104: investigated: false @@ -34322,9 +34329,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -34337,14 +34345,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Actifio + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: ArcGIS GeoEvent Server cves: cve-2021-4104: investigated: false @@ -34352,9 +34360,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -34367,16 +34376,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Actifio has identified limited exposure to the Log4j 2 vulnerability and - has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) - for the full statement and to obtain the hotfix (available to Actifio customers - only). + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AI Platform Data Labeling + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: ArcGIS Server cves: cve-2021-4104: investigated: false @@ -34384,9 +34391,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -34399,14 +34407,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AI Platform Neural Architecture Search (NAS) + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: ArcGIS Workflow Manager Server cves: cve-2021-4104: investigated: false @@ -34414,9 +34422,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -34429,14 +34438,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AI Platform Training and Prediction + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: Portal for ArcGIS cves: cve-2021-4104: investigated: false @@ -34444,9 +34453,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -34459,14 +34469,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos + last_updated: '2021-12-17T00:00:00' + - vendor: Estos + product: '' cves: cve-2021-4104: investigated: false @@ -34489,17 +34499,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Anthos environments to identify components dependent on Log4j 2 and update them - to the latest version. + - https://support.estos.de/de/sicherheitshinweise/estos-von-kritischer-schwachstelle-in-log4j-cve-2021-44228-nicht-betroffen + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Config Management + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Evolveum Midpoint + product: '' cves: cve-2021-4104: investigated: false @@ -34522,14 +34528,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://evolveum.com/midpoint-not-vulnerable-to-log4shell/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Connect + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ewon + product: All cves: cve-2021-4104: investigated: false @@ -34537,10 +34542,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34552,14 +34558,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Hub + last_updated: '2022-02-02T07:18:50+00:00' + - vendor: Exabeam + product: '' cves: cve-2021-4104: investigated: false @@ -34582,14 +34587,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://community.exabeam.com/s/discussions?t=1639379479381 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Identity Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: '' cves: cve-2021-4104: investigated: false @@ -34612,14 +34617,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.exact.com/news/general-statement-apache-leak + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos on VMWare + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exivity + product: '' cves: cve-2021-4104: investigated: false @@ -34642,18 +34646,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check - VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds - to their VMware products as they become available. We also recommend customers - review their respective applications and workloads affected by the same vulnerabilities - and apply appropriate patches. + - https://docs.exivity.com/getting-started/releases/announcements#announcement-regarding-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Premium Software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ExtraHop + product: Reveal(x) cves: cve-2021-4104: investigated: false @@ -34661,8 +34660,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <=8.4.6 + - <=8.5.3 + - <=8.6.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -34676,14 +34678,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://forums.extrahop.com/t/extrahop-update-on-log4shell/8148 + notes: Versions >8.4.7, >8.5.4, >8.6.5 and >=8.7 are fixed. references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Service Mesh + - vendor: eXtreme Hosting + product: '' cves: cve-2021-4104: investigated: false @@ -34706,14 +34707,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://extremehosting.nl/log4shell-log4j/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Apigee + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: '' cves: cve-2021-4104: investigated: false @@ -34736,19 +34736,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not - used and therefore the VMs were not impacted by the issues in CVE-2021-44228 - and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. - It is possible that customers may have introduced custom resources that are - using vulnerable versions of Log4j. We strongly encourage customers who manage - Apigee environments to identify components dependent on Log4j and update them - to the latest version. Visit the Apigee Incident Report for more information. + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Google Cloud - product: App Engine + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extron + product: '' cves: cve-2021-4104: investigated: false @@ -34771,17 +34765,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - App Engine environments to identify components dependent on Log4j 2 and update - them to the latest version. + - https://www.extron.com/featured/Security-at-Extron/extron-security + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AppSheet + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F-Secure + product: Elements Connector cves: cve-2021-4104: investigated: false @@ -34804,17 +34794,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At - this time, we have identified no impact to core AppSheet functionality. Additionally, - we have patched one Java-based auxiliary service in our platform. We will continue - to monitor for affected services and patch or remediate as required. If you - have any questions or require assistance, contact AppSheet Support. + - https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Artifact Registry + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F-Secure + product: Endpoint Proxy cves: cve-2021-4104: investigated: false @@ -34822,8 +34808,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 13-15 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -34837,14 +34824,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://status.f-secure.com/incidents/sk8vmr0h34pd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Assured Workloads + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F-Secure + product: Messaging Security Gateway cves: cve-2021-4104: investigated: false @@ -34867,14 +34853,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F-Secure + product: Policy Manager cves: cve-2021-4104: investigated: false @@ -34882,8 +34867,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 13-15 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -34897,14 +34883,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://status.f-secure.com/incidents/sk8vmr0h34pd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML Natural Language + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F-Secure + product: Policy Manager Proxy cves: cve-2021-4104: investigated: false @@ -34912,8 +34897,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 13-15 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -34927,14 +34913,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://status.f-secure.com/incidents/sk8vmr0h34pd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML Tables + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: BIG-IP (all modules) cves: cve-2021-4104: investigated: false @@ -34942,10 +34927,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 11.x - 16.x cve-2021-45046: investigated: false affected_versions: [] @@ -34957,14 +34943,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.f5.com/csp/article/K19026212 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML Translation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: BIG-IQ Centralized Management cves: cve-2021-4104: investigated: false @@ -34972,10 +34957,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 7.x-8.x cve-2021-45046: investigated: false affected_versions: [] @@ -34987,14 +34973,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.f5.com/csp/article/K19026212 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML Video + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: F5OS cves: cve-2021-4104: investigated: false @@ -35002,10 +34987,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -35017,14 +35003,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.f5.com/csp/article/K19026212 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML Vision + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX App Protect cves: cve-2021-4104: investigated: false @@ -35032,10 +35017,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.x cve-2021-45046: investigated: false affected_versions: [] @@ -35047,14 +35033,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.f5.com/csp/article/K19026212 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: BigQuery + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX Controller cves: cve-2021-4104: investigated: false @@ -35062,10 +35047,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.x cve-2021-45046: investigated: false affected_versions: [] @@ -35077,14 +35063,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.f5.com/csp/article/K19026212 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: BigQuery Data Transfer Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX Ingress Controller cves: cve-2021-4104: investigated: false @@ -35092,10 +35077,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.x - 2.x cve-2021-45046: investigated: false affected_versions: [] @@ -35107,14 +35093,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.f5.com/csp/article/K19026212 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: BigQuery Omni + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX Instance Manager cves: cve-2021-4104: investigated: false @@ -35122,10 +35107,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -35137,15 +35123,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: BigQuery Omni, which runs on AWS and Azure infrastructure, does not use - Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. - We continue to work with AWS and Azure to assess the situation. + - https://support.f5.com/csp/article/K19026212 + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Binary Authorization + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX Open Source cves: cve-2021-4104: investigated: false @@ -35153,10 +35137,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -35168,14 +35153,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.f5.com/csp/article/K19026212 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Certificate Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX Plus cves: cve-2021-4104: investigated: false @@ -35183,10 +35167,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - R19 - R25 cve-2021-45046: investigated: false affected_versions: [] @@ -35198,14 +35183,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.f5.com/csp/article/K19026212 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Chronicle + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX Service Mesh cves: cve-2021-4104: investigated: false @@ -35213,10 +35197,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -35228,14 +35213,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.f5.com/csp/article/K19026212 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Asset Inventory + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX Unit cves: cve-2021-4104: investigated: false @@ -35243,10 +35227,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -35258,14 +35243,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.f5.com/csp/article/K19026212 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Bigtable + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: Traffix SDC cves: cve-2021-4104: investigated: false @@ -35273,8 +35257,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 5.x (5.2.0 CF1 + - 5.1.0 CF-30 - 5.1.0 CF-33) fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -35288,14 +35274,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.f5.com/csp/article/K19026212 + notes: 'Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + + Kibana), Element Management System' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Cloud Build + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FAST LTA + product: '' cves: cve-2021-4104: investigated: false @@ -35318,17 +35304,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Build environments to identify components dependent on Log4j 2 and update - them to the latest version. + - https://blog.fast-lta.de/en/log4j2-vulnerability + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud CDN + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fastly + product: '' cves: cve-2021-4104: investigated: false @@ -35351,14 +35333,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Composer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FedEx + product: Ship Manager Software cves: cve-2021-4104: investigated: false @@ -35367,7 +35348,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - Unknown fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -35381,19 +35363,20 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and - is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible - that customers may have imported or introduced other dependencies via DAGs, - installed PyPI modules, plugins, or other services that are using vulnerable - versions of Log4j 2. We strongly encourage customers, who manage Composer environments - to identify components dependent on Log4j 2 and update them to the latest version. + - https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4 + notes: 'Note: FedEx is aware of the issue related to the Log4j Remote Code Execution + vulnerability affecting various Apache products. We are actively assessing the + situation and taking necessary action as appropriate. As a result, we are temporarily + unable to provide a link to download the FedEx Ship Manager software or generate + product keys needed for registration of FedEx Ship Manager software. We are + working to have this resolved as quickly as possible and apologize for the inconvenience. + For related questions or the most updated information, customers should check + FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative.' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Google Cloud - product: Cloud Console App + - vendor: Fiix + product: Fiix CMMS Core cves: cve-2021-4104: investigated: false @@ -35401,9 +35384,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v5 unaffected_versions: [] cve-2021-45046: investigated: false @@ -35416,14 +35400,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: The product has been updated to Log4j version 2.15. An additional patch + is being developed to update to 2.16. No user interaction is required. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Data Loss Prevention + last_updated: '2021-12-15T00:00:00' + - vendor: FileCap + product: '' cves: cve-2021-4104: investigated: false @@ -35446,14 +35430,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://mailchi.mp/3f82266e0717/filecap-update-version-511 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Debugger + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FileCatalyst + product: '' cves: cve-2021-4104: investigated: false @@ -35476,14 +35459,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.filecatalyst.com/index.php/Knowledgebase/Article/View/advisory-log4j-zero-day-security-vulnerability + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Deployment Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FileCloud + product: '' cves: cve-2021-4104: investigated: false @@ -35506,14 +35488,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.getfilecloud.com/supportdocs/display/cloud/Advisory+2021-12-2+Impact+of+Apache+Log4j2+Vulnerability+on+FileCloud+Customers + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud DNS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FileWave + product: '' cves: cve-2021-4104: investigated: false @@ -35536,14 +35517,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.filewave.com/display/KB/Security+Notice:+Apache+log4j+Vulnerability+CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Endpoints + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FINVI + product: '' cves: cve-2021-4104: investigated: false @@ -35566,14 +35546,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://finvi.com/support/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud External Key Manager (EKM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FireDaemon + product: '' cves: cve-2021-4104: investigated: false @@ -35596,14 +35575,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://kb.firedaemon.com/support/solutions/articles/4000178630 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Functions + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fisher & Paykel Healthcare + product: '' cves: cve-2021-4104: investigated: false @@ -35626,17 +35604,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Functions environments to identify components dependent on Log4j 2 and - update them to the latest version. + - https://www.fphcare.com/us/our-company/contact-us/product-security/ + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Hardware Security Module (HSM) + - vendor: Flexagon + product: '' cves: cve-2021-4104: investigated: false @@ -35659,14 +35633,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://flexagon.com/what-is-the-impact-of-log4j-vulnerability-cve-2021-44228-on-flexdeploy/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Interconnect + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Flexera + product: '' cves: cve-2021-4104: investigated: false @@ -35689,14 +35662,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-2-remote-code-execution/ba-p/216934 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Intrusion Detection System (IDS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: DLP Manager cves: cve-2021-4104: investigated: false @@ -35719,14 +35691,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Key Management Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Forcepoint Cloud Security Gateway (CSG) cves: cve-2021-4104: investigated: false @@ -35749,14 +35720,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Load Balancing + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Next Generation Firewall (NGFW) cves: cve-2021-4104: investigated: false @@ -35779,14 +35749,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Logging + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service + and Sidewinder cves: cve-2021-4104: investigated: false @@ -35809,14 +35779,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Natural Language API + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: One Endpoint cves: cve-2021-4104: investigated: false @@ -35839,14 +35808,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Network Address Translation (NAT) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Security Manager (Web, Email and DLP) cves: cve-2021-4104: investigated: false @@ -35869,14 +35837,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Profiler + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forescout + product: '' cves: cve-2021-4104: investigated: false @@ -35899,14 +35866,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Router + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ForgeRock + product: Autonomous Identity cves: cve-2021-4104: investigated: false @@ -35929,14 +35895,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa + notes: all other ForgeRock products Not vulnerable references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Run + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiAIOps cves: cve-2021-4104: investigated: false @@ -35959,17 +35924,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Run environments to identify components dependent on Log4j 2 and update - them to the latest version. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Run for Anthos + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiAnalyzer cves: cve-2021-4104: investigated: false @@ -35992,17 +35953,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Run for Anthos environments to identify components dependent on Log4j - 2 and update them to the latest version. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Scheduler + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiAnalyzer Cloud cves: cve-2021-4104: investigated: false @@ -36025,14 +35982,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud SDK + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiAP cves: cve-2021-4104: investigated: false @@ -36055,14 +36011,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Shell + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiAuthenticator cves: cve-2021-4104: investigated: false @@ -36085,17 +36040,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Shell environments to identify components dependent on Log4j 2 and update - them to the latest version. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Source Repositories + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiCASB cves: cve-2021-4104: investigated: false @@ -36118,14 +36069,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Spanner + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiConvertor cves: cve-2021-4104: investigated: false @@ -36148,14 +36098,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Cloud SQL + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiDeceptor cves: cve-2021-4104: investigated: false @@ -36178,14 +36127,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Cloud Storage + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiEDR Agent cves: cve-2021-4104: investigated: false @@ -36208,14 +36156,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Tasks + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiEDR Cloud cves: cve-2021-4104: investigated: false @@ -36238,14 +36185,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Trace + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiGate Cloud cves: cve-2021-4104: investigated: false @@ -36268,14 +36214,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Traffic Director + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiGSLB Cloud cves: cve-2021-4104: investigated: false @@ -36298,14 +36243,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Translation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiMail cves: cve-2021-4104: investigated: false @@ -36328,14 +36272,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Vision + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiManager cves: cve-2021-4104: investigated: false @@ -36358,14 +36301,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Vision OCR On-Prem + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiManager Cloud cves: cve-2021-4104: investigated: false @@ -36388,14 +36330,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud VPN + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiNAC cves: cve-2021-4104: investigated: false @@ -36418,14 +36359,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: CompilerWorks + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiNAC cves: cve-2021-4104: investigated: false @@ -36448,14 +36388,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Compute Engine + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiOS (includes FortiGate & FortiWiFi) cves: cve-2021-4104: investigated: false @@ -36478,16 +36417,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Compute Engine does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, - we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes - to Google Cloud VMware Engine as they become available. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Contact Center AI (CCAI) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPhish Cloud cves: cve-2021-4104: investigated: false @@ -36510,14 +36446,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Contact Center AI Insights + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPolicy cves: cve-2021-4104: investigated: false @@ -36540,14 +36475,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Container Registry + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPortal cves: cve-2021-4104: investigated: false @@ -36570,14 +36504,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Data Catalog + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiRecorder cves: cve-2021-4104: investigated: false @@ -36600,16 +36533,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 - and CVE-2021-45046. We strongly encourage customers who introduced their own - connectors to identify dependencies on Log4j 2 and update them to the latest - version. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Data Fusion + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSIEM cves: cve-2021-4104: investigated: false @@ -36632,17 +36562,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Data Fusion does not use Log4j 2, but uses Dataproc as one of the options - to execute pipelines. Dataproc released new images on December 18, 2021 to address - the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow - instructions in a notification sent on December 18, 2021 with the subject line - “Important information about Data Fusion.” + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Database Migration Service (DMS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSOAR cves: cve-2021-4104: investigated: false @@ -36665,14 +36591,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Dataflow + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSwicth Cloud in FortiLANCloud cves: cve-2021-4104: investigated: false @@ -36695,18 +36620,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: 'Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 - and CVE-2021-45046. If you have changed dependencies or default behavior, it - is strongly recommended you verify there is no dependency on vulnerable versions - Log4j 2. Customers have been provided details and instructions in a notification - sent on December 17, 2021 with the subject line “Update #1 to Important information - about Dataflow.”' + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Google Cloud - product: Dataproc + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSwitch & FortiSwitchManager cves: cve-2021-4104: investigated: false @@ -36729,16 +36649,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Dataproc released new images on December 18, 2021 to address the vulnerabilities - in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions - in notifications sent on December 18, 2021 with the subject line “Important - information about Dataproc” with Dataproc documentation. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Dataproc Metastore + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiToken Cloud cves: cve-2021-4104: investigated: false @@ -36761,17 +36678,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Dataproc Metastore has been updated to mitigate the issues identified in - CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent - two notifications with instructions on December 17, 2021 with the subject line - “Important information regarding Log4j 2 vulnerability in your gRPC-enabled - Dataproc Metastore.” + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Datastore + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiVoice cves: cve-2021-4104: investigated: false @@ -36794,14 +36707,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Datastream + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiWeb Cloud cves: cve-2021-4104: investigated: false @@ -36824,14 +36736,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Dialogflow Essentials (ES) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: ShieldX cves: cve-2021-4104: investigated: false @@ -36854,14 +36765,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Document AI + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FTAPI + product: '' cves: cve-2021-4104: investigated: false @@ -36884,256 +36794,255 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/# + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Event Threat Detection + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000 series cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Eventarc + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000S series cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Filestore + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS2000 series cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Log4j 2 is contained within the Filestore service; there is a technical - control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. - Log4j 2 will be updated to the latest version as part of the scheduled rollout - in January 2022. + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Firebase + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V8 series cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Firestore + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V9 series cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Game Servers + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH X1 series cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Google Cloud Armor + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: TELLUS and V-Server cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Version 3 + - Version 4 cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Google Cloud Armor Managed Protection Plus + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: V-SFT cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Version 5 + - Version 6 cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Google Cloud VMware Engine + last_updated: '2022-02-02T00:00:00' + - vendor: Fujitsu + product: '' cves: cve-2021-4104: investigated: false @@ -37156,14 +37065,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: We are working with VMware and tracking VMSA-2021-0028.1. We will deploy - fixes as they become available. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-11T00:00:00' - - vendor: Google Cloud - product: Google Kubernetes Engine + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FusionAuth + product: FusionAuth cves: cve-2021-4104: investigated: false @@ -37171,10 +37079,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '1.32' cve-2021-45046: investigated: false affected_versions: [] @@ -37186,17 +37095,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Google Kubernetes Engine does not use Log4j 2 and is not impacted by the - issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have - introduced a separate logging solution that uses Log4j 2. We strongly encourage - customers who manage Google Kubernetes Engine environments to identify components - dependent on Log4j 2 and update them to the latest version. + - https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Healthcare Data Engine (HDE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GE Digital + product: All cves: cve-2021-4104: investigated: false @@ -37219,14 +37124,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories + notes: This advisory is available to customers only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Human-in-the-Loop AI + last_updated: '2021-12-22T00:00:00' + - vendor: GE Digital Grid + product: All cves: cve-2021-4104: investigated: false @@ -37249,14 +37154,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585 + notes: This advisory is available to customers only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: IoT Core + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Asset Performance Management (APM) cves: cve-2021-4104: investigated: false @@ -37264,9 +37169,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -37279,14 +37185,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed + in development environment and the team is currently deploying the fixes in + the production environment. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Key Access Justifications (KAJ) + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Baseline Security Center (BSC) cves: cve-2021-4104: investigated: false @@ -37294,8 +37201,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -37309,14 +37217,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power is still validating the workaround provided by FoxGuard in + Technical Information Notice – M1221-S01. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Looker + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Baseline Security Center (BSC) 2.0 cves: cve-2021-4104: investigated: false @@ -37324,10 +37232,44 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the component of the BSC 2.0 that + is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded + from link in reference section. This update is available to customer only and + has not been reviewed by CISA. + references: + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Control Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -37339,21 +37281,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. - Looker is currently working with third-party driver vendors to evaluate the - impact of the Log4j vulnerability. As Looker does not enable logging for these - drivers in Looker-hosted instances, no messages are logged. We conclude that - the vulnerability is mitigated. We continue to actively work with the vendors - to deploy a fix for these drivers. Looker customers who self-manage their Looker - instances have received instructions through their technical contacts on how - to take the necessary steps to address the vulnerability. Looker customers who - have questions or require assistance, please visit Looker Support. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Please see vCenter. Control Server is not directly impacted. It is impacted + through vCenter. references: - '' - last_updated: '2021-12-18T00:00:00' - - vendor: Google Cloud - product: Media Translation API + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: MyFleet cves: cve-2021-4104: investigated: false @@ -37361,9 +37296,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -37376,14 +37312,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Memorystore + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: OPM Performance Intelligence cves: cve-2021-4104: investigated: false @@ -37391,9 +37326,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -37406,14 +37342,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Migrate for Anthos + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: OPM Performance Planning cves: cve-2021-4104: investigated: false @@ -37421,9 +37356,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -37436,14 +37372,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Migrate for Compute Engine (M4CE) + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Tag Mapping Service cves: cve-2021-4104: investigated: false @@ -37451,9 +37386,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -37466,17 +37402,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: M4CE has been updated to mitigate the issues identified in CVE-2021-44228 - and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. - A notification was sent to customers on December 17, 2021 with subject line - “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 - or below. If you are on M4CE v5.0 or above, no action is needed. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Network Connectivity Center + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: vCenter cves: cve-2021-4104: investigated: false @@ -37484,9 +37416,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -37499,14 +37432,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the update provided by Vmware. The + update and instructions can be downloaded from link in reference section. This + update is available to customer only and has not been reviewed by CISA. references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Network Intelligence Center + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Healthcare + product: '' cves: cve-2021-4104: investigated: false @@ -37529,14 +37463,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://securityupdate.gehealthcare.com + notes: This advisory is not available at the time of this review, due to maintence + on the GE Healthcare website. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Network Service Tiers + last_updated: '2021-12-22T00:00:00' + - vendor: Gearset + product: All cves: cve-2021-4104: investigated: false @@ -37559,14 +37493,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Persistent Disk + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Genesys + product: All cves: cve-2021-4104: investigated: false @@ -37589,14 +37522,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Pub/Sub + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GeoServer + product: All cves: cve-2021-4104: investigated: false @@ -37619,14 +37551,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Google Cloud - product: Pub/Sub Lite + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GeoSolutions + product: GeoNetwork cves: cve-2021-4104: investigated: false @@ -37634,9 +37565,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: All unaffected_versions: [] cve-2021-45046: investigated: false @@ -37649,17 +37580,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Pub/Sub Lite environments to identify components dependent on Log4j 2 and update - them to the latest version. + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Google Cloud - product: reCAPTCHA Enterprise + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: GeoSolutions + product: GeoServer cves: cve-2021-4104: investigated: false @@ -37667,10 +37594,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -37682,14 +37610,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Recommendations AI + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: Gerrit Code Review + product: All cves: cve-2021-4104: investigated: false @@ -37712,14 +37639,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.gerritcodereview.com/2021-12-13-log4j-statement.html + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Retail Search + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GFI Software + product: All cves: cve-2021-4104: investigated: false @@ -37742,14 +37668,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Risk Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GFI Software + product: Kerio Connect cves: cve-2021-4104: investigated: false @@ -37757,9 +37682,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -37772,14 +37698,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Secret Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ghidra + product: All cves: cve-2021-4104: investigated: false @@ -37802,14 +37727,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Security Command Center + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ghisler + product: Total Commander cves: cve-2021-4104: investigated: false @@ -37817,10 +37741,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37832,14 +37757,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ghisler.com/whatsnew.htm + notes: Third Party plugins might contain log4j. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Service Directory + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gigamon + product: Fabric Manager cves: cve-2021-4104: investigated: false @@ -37847,9 +37771,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - <5.13.01.02 unaffected_versions: [] cve-2021-45046: investigated: false @@ -37862,14 +37787,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://community.gigamon.com/gigamoncp/s/my-gigamon + notes: Updates available via the Gigamon Support Portal. This advisory available + to customers only and has not been reviewed by CISA. references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Service Infrastructure + - vendor: GitHub + product: GitHub cves: cve-2021-4104: investigated: false @@ -37877,9 +37802,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - GitHub.com and GitHub Enterprise Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -37892,14 +37818,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Speaker ID + last_updated: '2021-12-17T00:00:00' + - vendor: GitHub + product: GitHub Enterprise Server cves: cve-2021-4104: investigated: false @@ -37907,9 +37832,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.0.22 + - 3.1.14 + - 3.2.6 + - 3.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -37922,14 +37851,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Speech-to-Text + last_updated: '2021-12-17T00:00:00' + - vendor: GitLab + product: All cves: cve-2021-4104: investigated: false @@ -37937,10 +37865,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37952,14 +37881,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Speech-to-Text On-Prem + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: DAST Analyzer cves: cve-2021-4104: investigated: false @@ -37967,10 +37895,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37982,14 +37911,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Storage Transfer Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Dependency Scanning cves: cve-2021-4104: investigated: false @@ -37997,9 +37925,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -38012,14 +37941,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Talent Solution + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Gemnasium-Maven cves: cve-2021-4104: investigated: false @@ -38027,9 +37955,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -38042,14 +37971,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Text-to-Speech + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: PMD OSS cves: cve-2021-4104: investigated: false @@ -38057,9 +37985,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -38072,14 +38001,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Transcoder API + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: SAST cves: cve-2021-4104: investigated: false @@ -38087,9 +38015,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -38102,14 +38031,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Transfer Appliance + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Spotbugs cves: cve-2021-4104: investigated: false @@ -38117,9 +38045,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -38132,14 +38061,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Video Intelligence API + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Globus + product: All cves: cve-2021-4104: investigated: false @@ -38162,14 +38090,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Virtual Private Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GoAnywhere + product: Agents cves: cve-2021-4104: investigated: false @@ -38177,9 +38104,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -38192,14 +38120,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Web Security Scanner + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Gateway cves: cve-2021-4104: investigated: false @@ -38207,9 +38134,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Version 2.7.0 or later unaffected_versions: [] cve-2021-45046: investigated: false @@ -38222,14 +38150,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Workflows + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: MFT cves: cve-2021-4104: investigated: false @@ -38237,9 +38164,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Version 5.3.0 or later unaffected_versions: [] cve-2021-45046: investigated: false @@ -38252,14 +38180,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Gradle - product: Gradle + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: MFT Agents cves: cve-2021-4104: investigated: false @@ -38267,8 +38194,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.4.2 or later fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -38282,13 +38210,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.gradle.org/log4j-vulnerability - notes: Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: Versions less than GoAnywhere Agent version 1.4.2 are not affected. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gradle - product: Gradle Enterprise + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Open PGP Studio cves: cve-2021-4104: investigated: false @@ -38297,9 +38225,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2021.3.6 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -38312,13 +38240,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.gradle.com/advisory/2021-11 + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gradle - product: Gradle Enterprise Build Cache Node + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Suveyor/400 cves: cve-2021-4104: investigated: false @@ -38327,10 +38255,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 10.1 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38342,13 +38270,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.gradle.com/advisory/2021-11 + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gradle - product: Gradle Enterprise Test Distribution Agent + last_updated: '2021-12-18T00:00:00' + - vendor: GoCD + product: All cves: cve-2021-4104: investigated: false @@ -38356,9 +38284,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 1.6.2 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -38372,13 +38299,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.gradle.com/advisory/2021-11 + - https://www.gocd.org/2021/12/14/log4j-vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Grafana - product: '' + last_updated: '2022-01-12T07:18:52+00:00' + - vendor: Google + product: Chrome cves: cve-2021-4104: investigated: false @@ -38386,12 +38313,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -38401,13 +38329,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/ - notes: '' + - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html + notes: Chrome Browser releases, infrastructure and admin console are not using + versions of Log4j affected by the vulnerability. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Grandstream - product: '' + last_updated: '2022-01-14' + - vendor: Google Cloud + product: Access Transparency cves: cve-2021-4104: investigated: false @@ -38415,10 +38344,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38430,13 +38360,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee - product: Access Management + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Actifio cves: cve-2021-4104: investigated: false @@ -38448,7 +38379,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38460,13 +38391,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Actifio has identified limited exposure to the Log4j 2 vulnerability and + has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) + for the full statement and to obtain the hotfix (available to Actifio customers + only). references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee - product: Access Management + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: AI Platform Data Labeling cves: cve-2021-4104: investigated: false @@ -38478,7 +38412,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38490,13 +38424,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee - product: Alert Engine + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: AI Platform Neural Architecture Search (NAS) cves: cve-2021-4104: investigated: false @@ -38508,7 +38443,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.5.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38520,13 +38455,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee - product: Alert Engine + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: AI Platform Training and Prediction cves: cve-2021-4104: investigated: false @@ -38538,7 +38474,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.4.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38550,13 +38486,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee - product: API Management + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Anthos cves: cve-2021-4104: investigated: false @@ -38568,7 +38505,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38580,13 +38517,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Anthos environments to identify components dependent on Log4j 2 and update them + to the latest version. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee - product: API Management + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Anthos Config Management cves: cve-2021-4104: investigated: false @@ -38598,7 +38539,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38610,13 +38551,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee - product: Cockpit + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Anthos Connect cves: cve-2021-4104: investigated: false @@ -38628,7 +38570,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.4.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38640,13 +38582,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee.io - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Anthos Hub cves: cve-2021-4104: investigated: false @@ -38654,10 +38597,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38669,13 +38613,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravwell - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Anthos Identity Service cves: cve-2021-4104: investigated: false @@ -38683,10 +38628,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38698,13 +38644,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Graylog - product: Graylog Server + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Anthos on VMWare cves: cve-2021-4104: investigated: false @@ -38713,10 +38660,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All versions >= 1.2.0 and <= 4.2.2 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38728,13 +38675,18 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.graylog.org/post/graylog-update-for-log4j - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check + VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds + to their VMware products as they become available. We also recommend customers + review their respective applications and workloads affected by the same vulnerabilities + and apply appropriate patches. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GreenShot - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Anthos Premium Software cves: cve-2021-4104: investigated: false @@ -38742,10 +38694,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38757,13 +38710,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://greenshot.atlassian.net/browse/BUG-2871 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GSA - product: Cloud.gov + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Anthos Service Mesh cves: cve-2021-4104: investigated: false @@ -38771,10 +38725,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38786,13 +38741,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.gov/2021/12/14/log4j-buildpack-updates/ - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Guidewire - product: '' + - vendor: Google Cloud + product: Apigee cves: cve-2021-4104: investigated: false @@ -38800,10 +38756,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38815,13 +38772,19 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not + used and therefore the VMs were not impacted by the issues in CVE-2021-44228 + and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. + It is possible that customers may have introduced custom resources that are + using vulnerable versions of Log4j. We strongly encourage customers who manage + Apigee environments to identify components dependent on Log4j and update them + to the latest version. Visit the Apigee Incident Report for more information. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HAProxy - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Google Cloud + product: App Engine cves: cve-2021-4104: investigated: false @@ -38829,10 +38792,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38844,13 +38808,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.haproxy.com/blog/december-2021-log4shell-mitigation/ - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + App Engine environments to identify components dependent on Log4j 2 and update + them to the latest version. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HarmanPro AMX - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: AppSheet cves: cve-2021-4104: investigated: false @@ -38858,10 +38826,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38873,13 +38842,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.harmanpro.com/apache-log4j-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At + this time, we have identified no impact to core AppSheet functionality. Additionally, + we have patched one Java-based auxiliary service in our platform. We will continue + to monitor for affected services and patch or remediate as required. If you + have any questions or require assistance, contact AppSheet Support. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Boundary + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Artifact Registry cves: cve-2021-4104: investigated: false @@ -38887,10 +38860,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38902,13 +38876,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Consul + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Assured Workloads cves: cve-2021-4104: investigated: false @@ -38916,10 +38891,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38931,13 +38907,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Consul Enterprise + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: AutoML cves: cve-2021-4104: investigated: false @@ -38945,10 +38922,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38960,13 +38938,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Nomad + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: AutoML Natural Language cves: cve-2021-4104: investigated: false @@ -38974,10 +38953,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38989,13 +38969,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Nomad Enterprise + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: AutoML Tables cves: cve-2021-4104: investigated: false @@ -39003,10 +38984,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39018,13 +39000,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Packer + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: AutoML Translation cves: cve-2021-4104: investigated: false @@ -39032,10 +39015,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39047,13 +39031,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Terraform + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: AutoML Video cves: cve-2021-4104: investigated: false @@ -39061,10 +39046,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39076,13 +39062,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Terraform Enterprise + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: AutoML Vision cves: cve-2021-4104: investigated: false @@ -39090,10 +39077,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39105,13 +39093,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Vagrant + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: BigQuery cves: cve-2021-4104: investigated: false @@ -39119,10 +39108,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39134,13 +39124,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Vault + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: BigQuery Data Transfer Service cves: cve-2021-4104: investigated: false @@ -39148,10 +39139,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39163,13 +39155,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Vault Enterprise + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: BigQuery Omni cves: cve-2021-4104: investigated: false @@ -39177,10 +39170,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39192,13 +39186,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: BigQuery Omni, which runs on AWS and Azure infrastructure, does not use + Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. + We continue to work with AWS and Azure to assess the situation. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Waypoint + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Binary Authorization cves: cve-2021-4104: investigated: false @@ -39206,10 +39202,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39221,13 +39218,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HCL Software - product: BigFix Compliance + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Certificate Manager cves: cve-2021-4104: investigated: false @@ -39239,7 +39237,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39251,13 +39249,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Insights + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Chronicle cves: cve-2021-4104: investigated: false @@ -39269,7 +39268,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39281,13 +39280,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Insights for Vulnerability Remediation + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Asset Inventory cves: cve-2021-4104: investigated: false @@ -39299,7 +39299,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39311,13 +39311,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Inventory + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Bigtable cves: cve-2021-4104: investigated: false @@ -39327,9 +39328,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < 10.0.7 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39341,13 +39342,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Lifecycle + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Cloud Build cves: cve-2021-4104: investigated: false @@ -39359,7 +39361,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39371,13 +39373,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Build environments to identify components dependent on Log4j 2 and update + them to the latest version. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Mobile + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud CDN cves: cve-2021-4104: investigated: false @@ -39389,7 +39395,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39401,13 +39407,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Patch + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Composer cves: cve-2021-4104: investigated: false @@ -39419,7 +39426,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39431,13 +39438,19 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and + is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible + that customers may have imported or introduced other dependencies via DAGs, + installed PyPI modules, plugins, or other services that are using vulnerable + versions of Log4j 2. We strongly encourage customers, who manage Composer environments + to identify components dependent on Log4j 2 and update them to the latest version. references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: HelpSystems Clearswift - product: '' + - vendor: Google Cloud + product: Cloud Console App cves: cve-2021-4104: investigated: false @@ -39445,10 +39458,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39460,13 +39474,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.helpsystems.com/kb-nav/kb-article/?id=37becc1c-255c-ec11-8f8f-6045bd006687 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HENIX - product: Squash TM + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Data Loss Prevention cves: cve-2021-4104: investigated: false @@ -39476,11 +39491,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 1.21.7-1.22.9 - - 2.0.3-2.1.5 - - 2.2.0-3.0.2 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39492,13 +39505,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tm-en.doc.squashtest.com/v3/downloads.html#download-previous-versions - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Hexagon - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Debugger cves: cve-2021-4104: investigated: false @@ -39506,10 +39520,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39521,13 +39536,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2?language=en_US - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Hikvision - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Deployment Manager cves: cve-2021-4104: investigated: false @@ -39535,10 +39551,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39550,13 +39567,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://video.xortec.de/media/pdf/87/e8/03/kw50_Update-for-Apache-Log4j2-Issue-Hikvision_official.pdf - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Hitachi Energy - product: 3rd party - Elastic Search, Kibana + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud DNS cves: cve-2021-4104: investigated: false @@ -39566,9 +39584,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Elasticsearch 5.0.0+ - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39580,14 +39598,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: Set the JVM option -Dlog4j2.formatMsgNoLookups=true and restart each node - of the cluster. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: 3rd party - Oracle Database Components + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Endpoints cves: cve-2021-4104: investigated: false @@ -39597,11 +39615,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '12.1' - - '12.2' - - 19c - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39613,15 +39629,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: As this is a third-party component, a separate patch management report - will be provided to customers with the steps to apply the Oracle provided patches - for these components. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Axis + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud External Key Manager (EKM) cves: cve-2021-4104: investigated: false @@ -39631,9 +39646,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '3.6' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39645,14 +39660,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: No action is required by customers. Axis is a fully SaaS hosted solution - and the environment has been patched per the recommendations + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Counterparty Settlement and Billing (CSB) + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Functions cves: cve-2021-4104: investigated: false @@ -39662,9 +39677,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - v6 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39676,13 +39691,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Functions environments to identify components dependent on Log4j 2 and + update them to the latest version. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: e-Mesh Monitor + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Hardware Security Module (HSM) cves: cve-2021-4104: investigated: false @@ -39690,10 +39709,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39705,16 +39725,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: No end-user action needed. The affected e-Mesh Monitor part is at the cloud - offering side of which the remediation is handled by Hitachi Energy team. Remediation - is currently ongoing, and during this time period, e-Mesh Monitor edge device - is not able to upload data to cloud. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: eSOMS + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Interconnect cves: cve-2021-4104: investigated: false @@ -39722,10 +39740,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39737,13 +39756,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hitachienergy.com/offering/solutions/cybersecurity/alerts-and-notifications - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Hitachi Energy - product: FOXMAN-UN + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Intrusion Detection System (IDS) cves: cve-2021-4104: investigated: false @@ -39753,12 +39773,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - R15A - - R14B - - R14A - - R11B SP1 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39770,16 +39787,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. . For - details on how to apply such patch, please refer to the technical bulletin “FOXMAN-UN - - Installation of Log4j Patch”, version A (1KHW029176) available in the Hitachi - Energy Customer Connect Portal. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: FOXMAN-UN + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Key Management Service cves: cve-2021-4104: investigated: false @@ -39789,9 +39804,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - R11A and R10 series - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39803,14 +39818,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: Apply General Mitigations and upgrade to latest version. For upgrades, - please get in touch with your Hitachi Energy contacts. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Lumada APM On-premises + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Load Balancing cves: cve-2021-4104: investigated: false @@ -39818,10 +39833,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39833,13 +39849,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See vendor advisory for instructions for various versions. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Lumada APM SaaS offering + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Logging cves: cve-2021-4104: investigated: false @@ -39847,10 +39864,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39862,14 +39880,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: No action is required by customers. The SaaS offering has been patched - per the recommendations. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Lumada EAM / FSM + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Natural Language API cves: cve-2021-4104: investigated: false @@ -39879,11 +39897,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - v1.7.x - - v1.8.x - - v1.9.x - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39895,13 +39911,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See Section Mitigation Strategy in vendor advisory. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: MMS Internal facing subcomponent. + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Network Address Translation (NAT) cves: cve-2021-4104: investigated: false @@ -39909,10 +39926,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39924,13 +39942,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Network Manager ADMS Network Model Server + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Profiler cves: cve-2021-4104: investigated: false @@ -39940,9 +39959,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 9.1.0.32-9.1.0.44 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39954,13 +39973,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See vendor advisory for instructions on mitigation steps. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Network Manager Outage Management Interface (CMI) + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Router cves: cve-2021-4104: investigated: false @@ -39970,11 +39990,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 9.0-9.10.44 - - 9.1.1 - - 10.3.4 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39986,13 +40004,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See vendor advisory for instructions on mitigation steps. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: nMarket Global I-SEM + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Run cves: cve-2021-4104: investigated: false @@ -40002,10 +40021,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 3.7.15 - - 3.7.16 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40017,13 +40035,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Run environments to identify components dependent on Log4j 2 and update + them to the latest version. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: RelCare + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Run for Anthos cves: cve-2021-4104: investigated: false @@ -40033,9 +40055,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 2.0.0 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40047,14 +40069,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: No action is required by customers. The RelCare SaaS hosted solution and - the on-premises have been patched per the recommendations. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Run for Anthos environments to identify components dependent on Log4j + 2 and update them to the latest version. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: UNEM + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Scheduler cves: cve-2021-4104: investigated: false @@ -40064,12 +40089,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - R15A - - R14B - - R14A - - R11B SP1 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40081,16 +40103,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. For details - on how to apply such patch, please refer to the technical bulletin “UNEM - Installation - of Log4j Patch”, version A (1KHW029176) available in the Hitachi Energy Customer - Connect Portal. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: UNEM + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud SDK cves: cve-2021-4104: investigated: false @@ -40100,9 +40120,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - R11A and R10 series - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40114,14 +40134,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: Apply General Mitigations and upgrade to latest version. For upgrades, - please get in touch with your Hitachi Energy contacts. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Vantara - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Shell cves: cve-2021-4104: investigated: false @@ -40129,10 +40149,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40144,13 +40165,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Shell environments to identify components dependent on Log4j 2 and update + them to the latest version. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HMS Industrial Networks AB - product: Cosy, Flexy and Ewon CD + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Source Repositories cves: cve-2021-4104: investigated: false @@ -40158,10 +40183,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40173,13 +40199,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: HMS Industrial Networks AB - product: eCatcher Mobile applications + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Spanner cves: cve-2021-4104: investigated: false @@ -40187,10 +40214,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40202,13 +40230,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: HMS Industrial Networks AB - product: eCatcher Windows software + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Cloud SQL cves: cve-2021-4104: investigated: false @@ -40216,10 +40245,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40231,13 +40261,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: HMS Industrial Networks AB - product: Netbiter Hardware including EC, WS, and LC + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Cloud Storage cves: cve-2021-4104: investigated: false @@ -40245,10 +40276,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40260,13 +40292,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: HMS Industrial Networks AB - product: Talk2M including M2Web + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Tasks cves: cve-2021-4104: investigated: false @@ -40274,10 +40307,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40289,13 +40323,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: HOLOGIC - product: Advanced Workflow Manager (AWM) + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Trace cves: cve-2021-4104: investigated: false @@ -40303,10 +40338,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40318,15 +40354,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, the installed - APC PowerChute UPS with Business Edition v9.5 software installed may. APC is - still assessing its PowerChute software to determine if it is vulnerable. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Affirm Prone Biopsy System + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Traffic Director cves: cve-2021-4104: investigated: false @@ -40334,10 +40369,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40349,13 +40385,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Brevera Breast Biopsy System + - vendor: Google Cloud + product: Cloud Translation cves: cve-2021-4104: investigated: false @@ -40363,10 +40400,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40378,13 +40416,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Cenova Image Analytics Server + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Vision cves: cve-2021-4104: investigated: false @@ -40392,10 +40431,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40407,13 +40447,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Dimensions / 3Dimensions Mammography System + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Vision OCR On-Prem cves: cve-2021-4104: investigated: false @@ -40421,10 +40462,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40436,13 +40478,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Discovery Bone Densitometer + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud VPN cves: cve-2021-4104: investigated: false @@ -40450,10 +40493,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40465,13 +40509,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Faxitron CT Specimen Radiography System + - vendor: Google Cloud + product: CompilerWorks cves: cve-2021-4104: investigated: false @@ -40479,10 +40524,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40494,16 +40540,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, there is - a utility program installed that may utilize Java and Log4J. This utility program - does not run on startup and is not required for system operation. Please contact - Hologic Service for assistance in removing this program. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Faxitron Specimen Radiography Systems + - vendor: Google Cloud + product: Compute Engine cves: cve-2021-4104: investigated: false @@ -40511,10 +40555,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40526,13 +40571,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Compute Engine does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, + we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes + to Google Cloud VMware Engine as they become available. references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Fluoroscan Insight Mini C-Arm + - vendor: Google Cloud + product: Contact Center AI (CCAI) cves: cve-2021-4104: investigated: false @@ -40540,10 +40588,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40555,13 +40604,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Horizon DXA Bone Densitometer + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Contact Center AI Insights cves: cve-2021-4104: investigated: false @@ -40569,10 +40619,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40584,13 +40635,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Rosetta DC Tomosynthesis Data Converter + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Container Registry cves: cve-2021-4104: investigated: false @@ -40598,10 +40650,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40613,13 +40666,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SecurView DX Workstation + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Data Catalog cves: cve-2021-4104: investigated: false @@ -40627,10 +40681,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40642,13 +40697,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 + and CVE-2021-45046. We strongly encourage customers who introduced their own + connectors to identify dependencies on Log4j 2 and update them to the latest + version. references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SecurXChange Router + - vendor: Google Cloud + product: Data Fusion cves: cve-2021-4104: investigated: false @@ -40656,10 +40714,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40671,13 +40730,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Data Fusion does not use Log4j 2, but uses Dataproc as one of the options + to execute pipelines. Dataproc released new images on December 18, 2021 to address + the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow + instructions in a notification sent on December 18, 2021 with the subject line + “Important information about Data Fusion.” references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SuperSonic Imagine Ultrasound Products (Aixplorer & Aixplorer Mach) + - vendor: Google Cloud + product: Database Migration Service (DMS) cves: cve-2021-4104: investigated: false @@ -40685,10 +40748,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40700,13 +40764,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Trident HD Specimen Radiography System + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Dataflow cves: cve-2021-4104: investigated: false @@ -40714,10 +40779,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40729,13 +40795,18 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: 'Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 + and CVE-2021-45046. If you have changed dependencies or default behavior, it + is strongly recommended you verify there is no dependency on vulnerable versions + Log4j 2. Customers have been provided details and instructions in a notification + sent on December 17, 2021 with the subject line “Update #1 to Important information + about Dataflow.”' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Unifi Workspace + last_updated: '2021-12-17T00:00:00' + - vendor: Google Cloud + product: Dataproc cves: cve-2021-4104: investigated: false @@ -40743,10 +40814,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40758,15 +40830,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, the installed - APC PowerChute UPS with Business Edition v9.5 software installed may. APC is - still assessing its PowerChute software to determine if it is vulnerable. + - https://cloud.google.com/log4j2-security-advisory + notes: Dataproc released new images on December 18, 2021 to address the vulnerabilities + in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions + in notifications sent on December 18, 2021 with the subject line “Important + information about Dataproc” with Dataproc documentation. references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Windows Selenia Mammography System + - vendor: Google Cloud + product: Dataproc Metastore cves: cve-2021-4104: investigated: false @@ -40774,10 +40847,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40789,13 +40863,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Dataproc Metastore has been updated to mitigate the issues identified in + CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent + two notifications with instructions on December 17, 2021 with the subject line + “Important information regarding Log4j 2 vulnerability in your gRPC-enabled + Dataproc Metastore.” references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Honeywell - product: '' + - vendor: Google Cloud + product: Datastore cves: cve-2021-4104: investigated: false @@ -40803,10 +40881,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40818,13 +40897,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HP - product: Teradici Cloud Access Controller + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Datastream cves: cve-2021-4104: investigated: false @@ -40834,9 +40914,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < v113 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40848,13 +40928,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici EMSDK + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Dialogflow Essentials (ES) cves: cve-2021-4104: investigated: false @@ -40864,9 +40945,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < 1.0.6 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40878,13 +40959,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici Management Console + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Document AI cves: cve-2021-4104: investigated: false @@ -40894,9 +40976,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < 21.10.3 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40908,13 +40990,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP Connection Manager + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Event Threat Detection cves: cve-2021-4104: investigated: false @@ -40924,10 +41007,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < 21.03.6 - - < 20.07.4 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40939,13 +41021,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP License Server + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Eventarc cves: cve-2021-4104: investigated: false @@ -40953,10 +41036,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40968,13 +41052,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HPE - product: 3PAR StoreServ Arrays + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Filestore cves: cve-2021-4104: investigated: false @@ -40982,10 +41067,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40997,13 +41083,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Log4j 2 is contained within the Filestore service; there is a technical + control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. + Log4j 2 will be updated to the latest version as part of the scheduled rollout + in January 2022. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: AirWave Management Platform + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Firebase cves: cve-2021-4104: investigated: false @@ -41011,10 +41100,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41026,13 +41116,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Alletra 6000 + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Firestore cves: cve-2021-4104: investigated: false @@ -41040,10 +41131,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41055,13 +41147,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Alletra 9k + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Game Servers cves: cve-2021-4104: investigated: false @@ -41069,10 +41162,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41084,13 +41178,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Central + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Google Cloud Armor cves: cve-2021-4104: investigated: false @@ -41098,10 +41193,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41113,13 +41209,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba ClearPass Policy Manager + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Google Cloud Armor Managed Protection Plus cves: cve-2021-4104: investigated: false @@ -41127,10 +41224,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41142,13 +41240,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba ClearPass Policy Manager + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Google Cloud VMware Engine cves: cve-2021-4104: investigated: false @@ -41156,10 +41255,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41171,13 +41271,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: We are working with VMware and tracking VMSA-2021-0028.1. We will deploy + fixes as they become available. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Instant (IAP) + last_updated: '2021-12-11T00:00:00' + - vendor: Google Cloud + product: Google Kubernetes Engine cves: cve-2021-4104: investigated: false @@ -41185,10 +41286,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41200,13 +41302,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Google Kubernetes Engine does not use Log4j 2 and is not impacted by the + issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have + introduced a separate logging solution that uses Log4j 2. We strongly encourage + customers who manage Google Kubernetes Engine environments to identify components + dependent on Log4j 2 and update them to the latest version. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Location Services + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Healthcare Data Engine (HDE) cves: cve-2021-4104: investigated: false @@ -41214,10 +41320,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41229,13 +41336,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba NetEdit + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Human-in-the-Loop AI cves: cve-2021-4104: investigated: false @@ -41243,10 +41351,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41258,13 +41367,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba PVOS Switches + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: IoT Core cves: cve-2021-4104: investigated: false @@ -41272,10 +41382,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41287,13 +41398,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba SDN VAN Controller + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Key Access Justifications (KAJ) cves: cve-2021-4104: investigated: false @@ -41301,10 +41413,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41316,13 +41429,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba User Experience Insight (UXI) + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Looker cves: cve-2021-4104: investigated: false @@ -41330,10 +41444,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41345,13 +41460,21 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. + Looker is currently working with third-party driver vendors to evaluate the + impact of the Log4j vulnerability. As Looker does not enable logging for these + drivers in Looker-hosted instances, no messages are logged. We conclude that + the vulnerability is mitigated. We continue to actively work with the vendors + to deploy a fix for these drivers. Looker customers who self-manage their Looker + instances have received instructions through their technical contacts on how + to take the necessary steps to address the vulnerability. Looker customers who + have questions or require assistance, please visit Looker Support. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba VIA Client + last_updated: '2021-12-18T00:00:00' + - vendor: Google Cloud + product: Media Translation API cves: cve-2021-4104: investigated: false @@ -41359,10 +41482,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41374,13 +41498,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS SD-WAN Controllers and Gateways + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Memorystore cves: cve-2021-4104: investigated: false @@ -41388,10 +41513,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41403,13 +41529,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS Wi-Fi Controllers and Gateways + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Migrate for Anthos cves: cve-2021-4104: investigated: false @@ -41417,10 +41544,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41432,13 +41560,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS-CX switches + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Migrate for Compute Engine (M4CE) cves: cve-2021-4104: investigated: false @@ -41446,10 +41575,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41461,13 +41591,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: M4CE has been updated to mitigate the issues identified in CVE-2021-44228 + and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. + A notification was sent to customers on December 17, 2021 with subject line + “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 + or below. If you are on M4CE v5.0 or above, no action is needed. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS-S switches + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Network Connectivity Center cves: cve-2021-4104: investigated: false @@ -41475,10 +41609,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41490,13 +41625,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: BladeSystem Onboard Administrator + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Network Intelligence Center cves: cve-2021-4104: investigated: false @@ -41504,10 +41640,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41519,13 +41656,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Network Service Tiers cves: cve-2021-4104: investigated: false @@ -41533,10 +41671,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41548,13 +41687,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Brocade 16Gb SAN Switch for HPE BladeSystem c-Class + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Persistent Disk cves: cve-2021-4104: investigated: false @@ -41562,10 +41702,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41577,13 +41718,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Pub/Sub cves: cve-2021-4104: investigated: false @@ -41591,10 +41733,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41606,13 +41749,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Brocade Network Advisor + last_updated: '2021-12-16T00:00:00' + - vendor: Google Cloud + product: Pub/Sub Lite cves: cve-2021-4104: investigated: false @@ -41620,10 +41764,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41635,13 +41780,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Pub/Sub Lite environments to identify components dependent on Log4j 2 and update + them to the latest version. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: CloudAuth + last_updated: '2021-12-16T00:00:00' + - vendor: Google Cloud + product: reCAPTCHA Enterprise cves: cve-2021-4104: investigated: false @@ -41649,10 +41798,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41664,13 +41814,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: CloudPhysics + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Recommendations AI cves: cve-2021-4104: investigated: false @@ -41678,10 +41829,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41693,13 +41845,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Compute Cloud Console + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Retail Search cves: cve-2021-4104: investigated: false @@ -41707,10 +41860,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41722,13 +41876,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Compute operations manager- FW UPDATE SERVICE + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Risk Manager cves: cve-2021-4104: investigated: false @@ -41736,10 +41891,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41751,13 +41907,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: COS (Cray Operating System) + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Secret Manager cves: cve-2021-4104: investigated: false @@ -41765,10 +41922,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41780,13 +41938,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Cray Systems Management (CSM) + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Security Command Center cves: cve-2021-4104: investigated: false @@ -41794,10 +41953,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41809,13 +41969,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Custom SPP Portal [Link](https://spp.hpe.com/custom) + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Service Directory cves: cve-2021-4104: investigated: false @@ -41823,10 +41984,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41838,13 +42000,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Data Services Cloud Console + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Service Infrastructure cves: cve-2021-4104: investigated: false @@ -41852,10 +42015,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41867,13 +42031,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Harmony Data Platform + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Speaker ID cves: cve-2021-4104: investigated: false @@ -41881,10 +42046,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41896,13 +42062,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HOP public services (grafana, vault, rancher, Jenkins) + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Speech-to-Text cves: cve-2021-4104: investigated: false @@ -41910,10 +42077,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41925,13 +42093,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN2600B SAN Extension Switch + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Speech-to-Text On-Prem cves: cve-2021-4104: investigated: false @@ -41939,10 +42108,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41954,13 +42124,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN4000B SAN Extension Switch + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Storage Transfer Service cves: cve-2021-4104: investigated: false @@ -41968,10 +42139,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41983,13 +42155,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN6000B Fibre Channel Switch + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Talent Solution cves: cve-2021-4104: investigated: false @@ -41997,10 +42170,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42012,13 +42186,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN6500B Fibre Channel Switch + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Text-to-Speech cves: cve-2021-4104: investigated: false @@ -42026,10 +42201,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42041,13 +42217,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN6600B Fibre Channel Switch + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Transcoder API cves: cve-2021-4104: investigated: false @@ -42055,10 +42232,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42070,13 +42248,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN6650B Fibre Channel Switch + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Transfer Appliance cves: cve-2021-4104: investigated: false @@ -42084,10 +42263,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42099,13 +42279,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN6700B Fibre Channel Switch + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Video Intelligence API cves: cve-2021-4104: investigated: false @@ -42113,10 +42294,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42128,13 +42310,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Customer Experience Assurance (CEA) + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Virtual Private Cloud cves: cve-2021-4104: investigated: false @@ -42142,10 +42325,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42157,13 +42341,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Web Security Scanner cves: cve-2021-4104: investigated: false @@ -42171,10 +42356,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42186,13 +42372,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Home Location Register (HLR/I-HLR) + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Workflows cves: cve-2021-4104: investigated: false @@ -42200,10 +42387,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42215,13 +42403,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Infosight for Servers + last_updated: '2021-12-21T00:00:00' + - vendor: Gradle + product: All cves: cve-2021-4104: investigated: false @@ -42229,10 +42418,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42244,13 +42434,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://blog.gradle.org/log4j-vulnerability + notes: Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Integrated Home Subscriber Server (I-HSS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gradle + product: Gradle Enterprise cves: cve-2021-4104: investigated: false @@ -42258,9 +42448,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 2021.3.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -42273,13 +42464,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://security.gradle.com/advisory/2021-11 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Intelligent Messaging (IM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gradle + product: Gradle Enterprise Build Cache Node cves: cve-2021-4104: investigated: false @@ -42287,9 +42478,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 10.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -42302,13 +42494,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://security.gradle.com/advisory/2021-11 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Intelligent Network Server (INS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gradle + product: Gradle Enterprise Test Distribution Agent cves: cve-2021-4104: investigated: false @@ -42316,9 +42508,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 1.6.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -42331,13 +42524,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://security.gradle.com/advisory/2021-11 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Multimedia Services Environment (MSE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Grafana + product: All cves: cve-2021-4104: investigated: false @@ -42345,10 +42538,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42360,13 +42554,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/ + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OC Convergent Communications Platform (OCCP) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Grandstream + product: All cves: cve-2021-4104: investigated: false @@ -42389,13 +42583,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OC Media Platform Media Resource Function (OCMP-MRF) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: Access Management cves: cve-2021-4104: investigated: false @@ -42403,10 +42597,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -42418,13 +42613,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OC Service Access Controller (OC SAC) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: Access Management cves: cve-2021-4104: investigated: false @@ -42432,10 +42627,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -42447,13 +42643,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OC Service Controller (OCSC) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: Alert Engine cves: cve-2021-4104: investigated: false @@ -42461,10 +42657,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -42476,13 +42673,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OC Universal Signaling Platform (OC-USP-M) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: Alert Engine cves: cve-2021-4104: investigated: false @@ -42490,10 +42687,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -42505,13 +42703,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OneView + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: API Management cves: cve-2021-4104: investigated: false @@ -42519,10 +42717,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -42534,13 +42733,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE OneView for VMware vRealize Operations (vROps) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: API Management cves: cve-2021-4104: investigated: false @@ -42548,10 +42747,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -42563,13 +42763,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE OneView Global Dashboard + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: Cockpit cves: cve-2021-4104: investigated: false @@ -42577,10 +42777,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -42592,13 +42793,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Performance Cluster Manager (HPCM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravwell + product: All cves: cve-2021-4104: investigated: false @@ -42606,10 +42807,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42621,13 +42823,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products + notes: Gravwell products do not use Java. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Performance Manager (PM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Graylog + product: All cves: cve-2021-4104: investigated: false @@ -42635,9 +42837,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.3.15 + - 4.0.14 + - 4.1.9 + - 4.2.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -42650,13 +42856,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.graylog.org/post/graylog-update-for-log4j + notes: The vulnerable Log4j library is used to record GrayLogs own log information. + Vulnerability is not triggered when GrayLog stores exploitation vector from + an outer system. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Position Determination Entity (PDE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Graylog + product: Graylog Server cves: cve-2021-4104: investigated: false @@ -42664,9 +42872,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All versions >= 1.2.0 and <= 4.2.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -42679,13 +42888,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.graylog.org/post/graylog-update-for-log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Secure Identity Broker (SIB) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GreenShot + product: All cves: cve-2021-4104: investigated: false @@ -42693,10 +42902,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -42708,13 +42918,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' - references: + - https://greenshot.atlassian.net/browse/BUG-2871 + notes: '' + references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Service Activator (SA) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GSA + product: Cloud.gov cves: cve-2021-4104: investigated: false @@ -42737,13 +42947,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.gov/2021/12/14/log4j-buildpack-updates/ + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Service Governance Framework (SGF) + last_updated: '2021-12-21T00:00:00' + - vendor: GuardedBox + product: All cves: cve-2021-4104: investigated: false @@ -42751,9 +42961,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.1.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -42766,13 +42977,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://twitter.com/GuardedBox/status/1469739834117799939 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Service Orchestration Manager (SOM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Guidewire + product: All cves: cve-2021-4104: investigated: false @@ -42795,13 +43006,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Service Provisioner (SP) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HAProxy + product: '' cves: cve-2021-4104: investigated: false @@ -42824,13 +43035,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.haproxy.com/blog/december-2021-log4shell-mitigation/ + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Short Message Point-to-Point Gateway (SMPP) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HarmanPro AMX + product: '' cves: cve-2021-4104: investigated: false @@ -42853,13 +43064,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://help.harmanpro.com/apache-log4j-vulnerability + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Slingshot + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Boundary cves: cve-2021-4104: investigated: false @@ -42882,13 +43093,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Smart Interaction Server (SIS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Consul cves: cve-2021-4104: investigated: false @@ -42911,13 +43122,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE SN3000B Fibre Channel Switch + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Consul Enterprise cves: cve-2021-4104: investigated: false @@ -42940,13 +43151,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8000B 4-Slot SAN Director Switch + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Nomad cves: cve-2021-4104: investigated: false @@ -42969,13 +43180,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8000B 8-Slot SAN Backbone Director Switch + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Nomad Enterprise cves: cve-2021-4104: investigated: false @@ -42998,13 +43209,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8600B 4-Slot SAN Director Switch + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Packer cves: cve-2021-4104: investigated: false @@ -43027,13 +43238,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8600B 8-Slot SAN Director Switch + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Terraform cves: cve-2021-4104: investigated: false @@ -43056,13 +43267,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8700B 4-Slot Director Switch + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Terraform Enterprise cves: cve-2021-4104: investigated: false @@ -43085,13 +43296,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8700B 8-Slot Director Switch + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Vagrant cves: cve-2021-4104: investigated: false @@ -43114,13 +43325,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Subscriber, Network, and Application Policy (SNAP) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Vault cves: cve-2021-4104: investigated: false @@ -43143,13 +43354,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Subscription Manager (SM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Vault Enterprise cves: cve-2021-4104: investigated: false @@ -43172,13 +43383,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Synergy Image Streamer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Waypoint cves: cve-2021-4104: investigated: false @@ -43201,13 +43412,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Systems Insight Manager (SIM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HCL Software + product: BigFix Compliance cves: cve-2021-4104: investigated: false @@ -43215,10 +43426,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -43230,13 +43442,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Telecom Application Server (TAS) + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Insights cves: cve-2021-4104: investigated: false @@ -43244,10 +43456,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -43259,13 +43472,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Unified Correlation and Automation (UCA) + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Insights for Vulnerability Remediation cves: cve-2021-4104: investigated: false @@ -43273,10 +43486,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -43288,13 +43502,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Unified Mediation Bus (UMB) + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Inventory cves: cve-2021-4104: investigated: false @@ -43302,9 +43516,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 10.0.7 unaffected_versions: [] cve-2021-45046: investigated: false @@ -43317,13 +43532,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Unified OSS Console (UOC) + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Lifecycle cves: cve-2021-4104: investigated: false @@ -43331,10 +43546,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -43346,13 +43562,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Unified Topology Manager (UTM) + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Mobile cves: cve-2021-4104: investigated: false @@ -43360,10 +43576,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -43375,13 +43592,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Universal Identity Repository (VIR) + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Patch cves: cve-2021-4104: investigated: false @@ -43389,10 +43606,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -43404,13 +43622,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Universal SLA Manager (uSLAM) + last_updated: '2021-12-15T00:00:00' + - vendor: HelpSystems Clearswift + product: '' cves: cve-2021-4104: investigated: false @@ -43433,13 +43651,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://community.helpsystems.com/kb-nav/kb-article/?id=37becc1c-255c-ec11-8f8f-6045bd006687 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Virtual Connect + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HENIX + product: Squash TM cves: cve-2021-4104: investigated: false @@ -43447,9 +43665,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.21.7-1.22.9 + - 2.0.3-2.1.5 + - 2.2.0-3.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -43462,13 +43683,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://tm-en.doc.squashtest.com/v3/downloads.html#download-previous-versions + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Virtual Connect Enterprise Manager (VCEM) + last_updated: '2021-12-23T00:00:00' + - vendor: Hexagon + product: '' cves: cve-2021-4104: investigated: false @@ -43491,13 +43712,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2?language=en_US + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Virtual Provisioning Gateway (vPGW) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Hikvision + product: '' cves: cve-2021-4104: investigated: false @@ -43520,13 +43741,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://video.xortec.de/media/pdf/87/e8/03/kw50_Update-for-Apache-Log4j2-Issue-Hikvision_official.pdf + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Virtual Server Environment (VSE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Hitachi Energy + product: 3rd party - Elastic Search, Kibana cves: cve-2021-4104: investigated: false @@ -43534,9 +43755,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Elasticsearch 5.0.0+ unaffected_versions: [] cve-2021-45046: investigated: false @@ -43549,13 +43771,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: Set the JVM option -Dlog4j2.formatMsgNoLookups=true and restart each node + of the cluster. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Virtual Subscriber Data Management (vSDM) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: 3rd party - Oracle Database Components cves: cve-2021-4104: investigated: false @@ -43563,9 +43786,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '12.1' + - '12.2' + - 19c unaffected_versions: [] cve-2021-45046: investigated: false @@ -43578,13 +43804,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: As this is a third-party component, a separate patch management report + will be provided to customers with the steps to apply the Oracle provided patches + for these components. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE WebRTC Gateway Controller (WGW) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Axis cves: cve-2021-4104: investigated: false @@ -43592,9 +43820,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '3.6' unaffected_versions: [] cve-2021-45046: investigated: false @@ -43607,13 +43836,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: No action is required by customers. Axis is a fully SaaS hosted solution + and the environment has been patched per the recommendations references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Wi-Fi Authentication Gateway (WauG) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Counterparty Settlement and Billing (CSB) cves: cve-2021-4104: investigated: false @@ -43621,9 +43851,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -43636,13 +43867,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Insight Cluster Management Utility (CMU) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: e-Mesh Monitor cves: cve-2021-4104: investigated: false @@ -43665,13 +43896,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: No end-user action needed. The affected e-Mesh Monitor part is at the cloud + offering side of which the remediation is handled by Hitachi Energy team. Remediation + is currently ongoing, and during this time period, e-Mesh Monitor edge device + is not able to upload data to cloud. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Integrated Lights-Out (iLO) Amplifier Pack + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: eSOMS cves: cve-2021-4104: investigated: false @@ -43694,13 +43928,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hitachienergy.com/offering/solutions/cybersecurity/alerts-and-notifications + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Integrated Lights-Out 4 (iLO 4) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Hitachi Energy + product: FOXMAN-UN cves: cve-2021-4104: investigated: false @@ -43710,9 +43944,12 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '4' + fixed_versions: + - R15A + - R14B + - R14A + - R11B SP1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -43724,13 +43961,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. . For + details on how to apply such patch, please refer to the technical bulletin “FOXMAN-UN + - Installation of Log4j Patch”, version A (1KHW029176) available in the Hitachi + Energy Customer Connect Portal. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Integrated Lights-Out 5 (iLO 5) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: FOXMAN-UN cves: cve-2021-4104: investigated: false @@ -43740,9 +43980,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '5' + fixed_versions: + - R11A and R10 series + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -43754,13 +43994,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: Apply General Mitigations and upgrade to latest version. For upgrades, + please get in touch with your Hitachi Energy contacts. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Integrity BL860c, BL870c, BL890c + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Lumada APM On-premises cves: cve-2021-4104: investigated: false @@ -43783,13 +44024,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: See vendor advisory for instructions for various versions. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Integrity Rx2800/Rx2900 + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Lumada APM SaaS offering cves: cve-2021-4104: investigated: false @@ -43812,13 +44053,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: No action is required by customers. The SaaS offering has been patched + per the recommendations. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Integrity Superdome 2 + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Lumada EAM / FSM cves: cve-2021-4104: investigated: false @@ -43826,9 +44068,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v1.7.x + - v1.8.x + - v1.9.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -43841,13 +44086,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: See Section Mitigation Strategy in vendor advisory. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Integrity Superdome X + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: MMS Internal facing subcomponent. cves: cve-2021-4104: investigated: false @@ -43870,13 +44115,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Intelligent Provisioning + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Network Manager ADMS Network Model Server cves: cve-2021-4104: investigated: false @@ -43884,9 +44129,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 9.1.0.32-9.1.0.44 unaffected_versions: [] cve-2021-45046: investigated: false @@ -43899,13 +44145,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: See vendor advisory for instructions on mitigation steps. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: iSUT integrated smart update tool + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Network Manager Outage Management Interface (CMI) cves: cve-2021-4104: investigated: false @@ -43913,9 +44159,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 9.0-9.10.44 + - 9.1.1 + - 10.3.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -43928,13 +44177,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: See vendor advisory for instructions on mitigation steps. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Maven Artifacts (Atlas) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: nMarket Global I-SEM cves: cve-2021-4104: investigated: false @@ -43942,9 +44191,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.7.15 + - 3.7.16 unaffected_versions: [] cve-2021-45046: investigated: false @@ -43957,13 +44208,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: MSA + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: RelCare cves: cve-2021-4104: investigated: false @@ -43971,9 +44222,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2.0.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -43986,13 +44238,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: No action is required by customers. The RelCare SaaS hosted solution and + the on-premises have been patched per the recommendations. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: NetEdit + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: UNEM cves: cve-2021-4104: investigated: false @@ -44000,9 +44253,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - R15A + - R14B + - R14A + - R11B SP1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -44015,13 +44272,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. For details + on how to apply such patch, please refer to the technical bulletin “UNEM - Installation + of Log4j Patch”, version A (1KHW029176) available in the Hitachi Energy Customer + Connect Portal. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Nimble Storage + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: UNEM cves: cve-2021-4104: investigated: false @@ -44029,9 +44289,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - R11A and R10 series unaffected_versions: [] cve-2021-45046: investigated: false @@ -44044,13 +44305,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: Apply General Mitigations and upgrade to latest version. For upgrades, + please get in touch with your Hitachi Energy contacts. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: NS-T0634-OSM CONSOLE TOOLS + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Vantara + product: '' cves: cve-2021-4104: investigated: false @@ -44073,13 +44335,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: NS-T0977-SCHEMA VALIDATOR + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HMS Industrial Networks AB + product: Cosy, Flexy and Ewon CD cves: cve-2021-4104: investigated: false @@ -44102,13 +44364,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: OfficeConnect + last_updated: '2022-01-05T00:00:00' + - vendor: HMS Industrial Networks AB + product: eCatcher Mobile applications cves: cve-2021-4104: investigated: false @@ -44131,13 +44393,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Primera Storage + last_updated: '2022-01-05T00:00:00' + - vendor: HMS Industrial Networks AB + product: eCatcher Windows software cves: cve-2021-4104: investigated: false @@ -44160,13 +44422,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: RepoServer part of OPA (on Premises aggregator) + last_updated: '2022-01-05T00:00:00' + - vendor: HMS Industrial Networks AB + product: Netbiter Hardware including EC, WS, and LC cves: cve-2021-4104: investigated: false @@ -44189,13 +44451,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Resource Aggregator for Open Distributed Infrastructure Management + last_updated: '2022-01-05T00:00:00' + - vendor: HMS Industrial Networks AB + product: Talk2M including M2Web cves: cve-2021-4104: investigated: false @@ -44203,7 +44465,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -44218,13 +44480,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: RESTful Interface Tool (iLOREST) + last_updated: '2022-01-05T00:00:00' + - vendor: HOLOGIC + product: Advanced Workflow Manager (AWM) cves: cve-2021-4104: investigated: false @@ -44247,13 +44509,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, the installed + APC PowerChute UPS with Business Edition v9.5 software installed may. APC is + still assessing its PowerChute software to determine if it is vulnerable. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: SAT (System Admin Toolkit) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Affirm Prone Biopsy System cves: cve-2021-4104: investigated: false @@ -44276,13 +44540,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Scripting Tools for Windows PowerShell (HPEiLOCmdlets) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Brevera Breast Biopsy System cves: cve-2021-4104: investigated: false @@ -44305,13 +44569,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: SGI MC990 X Server + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Cenova Image Analytics Server cves: cve-2021-4104: investigated: false @@ -44334,13 +44598,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: SGI UV 2000 Server + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Dimensions / 3Dimensions Mammography System cves: cve-2021-4104: investigated: false @@ -44363,13 +44627,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: SGI UV 300, 300H, 300RL, 30EX + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Discovery Bone Densitometer cves: cve-2021-4104: investigated: false @@ -44392,13 +44656,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: SGI UV 3000 Server + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Faxitron CT Specimen Radiography System cves: cve-2021-4104: investigated: false @@ -44421,13 +44685,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, there is + a utility program installed that may utilize Java and Log4J. This utility program + does not run on startup and is not required for system operation. Please contact + Hologic Service for assistance in removing this program. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: SN8700B 8-Slot Director Switch + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Faxitron Specimen Radiography Systems cves: cve-2021-4104: investigated: false @@ -44450,13 +44717,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: StoreEasy + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Fluoroscan Insight Mini C-Arm cves: cve-2021-4104: investigated: false @@ -44479,13 +44746,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: StoreEver CVTL + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Horizon DXA Bone Densitometer cves: cve-2021-4104: investigated: false @@ -44508,13 +44775,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: StoreEver LTO Tape Drives + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Rosetta DC Tomosynthesis Data Converter cves: cve-2021-4104: investigated: false @@ -44537,13 +44804,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: StoreEver MSL Tape Libraries + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SecurView DX Workstation cves: cve-2021-4104: investigated: false @@ -44566,13 +44833,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: StoreOnce + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SecurXChange Router cves: cve-2021-4104: investigated: false @@ -44595,13 +44862,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: SUM (Smart Update Manager) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SuperSonic Imagine Ultrasound Products (Aixplorer & Aixplorer Mach) cves: cve-2021-4104: investigated: false @@ -44624,13 +44891,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Superdome Flex 280 + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Trident HD Specimen Radiography System cves: cve-2021-4104: investigated: false @@ -44653,13 +44920,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Superdome Flex Server + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Unifi Workspace cves: cve-2021-4104: investigated: false @@ -44682,13 +44949,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, the installed + APC PowerChute UPS with Business Edition v9.5 software installed may. APC is + still assessing its PowerChute software to determine if it is vulnerable. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: UAN (User Access Node) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Windows Selenia Mammography System cves: cve-2021-4104: investigated: false @@ -44711,42 +44980,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' - references: - - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE/Micro Focus - product: Data Protector - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '9.09' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://portal.microfocus.com/s/article/KM000003243 + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity notes: '' references: - - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' - last_updated: '2021-12-17T00:00:00' - - vendor: Huawei + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Honeywell product: '' cves: cve-2021-4104: @@ -44770,13 +45009,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en + - https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Hubspot - product: '' + - vendor: HP + product: Teradici Cloud Access Controller cves: cve-2021-4104: investigated: false @@ -44784,9 +45023,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < v113 unaffected_versions: [] cve-2021-45046: investigated: false @@ -44799,13 +45039,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.hubspot.com/t5/APIs-Integrations/Log4J-day-zero-exploit-CVE-2021-44228/td-p/541949 + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: I-Net software - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici EMSDK cves: cve-2021-4104: investigated: false @@ -44813,9 +45053,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 1.0.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -44828,13 +45069,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://faq.inetsoftware.de/t/statement-about-cve-2021-44228-log4j-vulnerability-concerning-i-net-software-products/269/3 + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: I2P - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici Management Console cves: cve-2021-4104: investigated: false @@ -44842,9 +45083,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 21.10.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -44857,13 +45099,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://geti2p.net/en/blog/post/2021/12/11/i2p-unaffected-cve-2021-44228 + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: IBA-AG - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP Connection Manager cves: cve-2021-4104: investigated: false @@ -44871,9 +45113,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 21.03.6 + - < 20.07.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -44886,13 +45130,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.iba-ag.com/en/security + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ibexa - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP License Server cves: cve-2021-4104: investigated: false @@ -44915,13 +45159,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://developers.ibexa.co/security-advisories/cve-2021-44228-log4j-vulnerability + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: IBM - product: Analytics Engine + last_updated: '2021-12-17T00:00:00' + - vendor: HPE + product: 3PAR StoreServ Arrays cves: cve-2021-4104: investigated: false @@ -44944,13 +45188,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: App Configuration + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: AirWave Management Platform cves: cve-2021-4104: investigated: false @@ -44973,13 +45217,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: App Connect + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Alletra 6000 cves: cve-2021-4104: investigated: false @@ -45002,13 +45246,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: App ID + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Alletra 9k cves: cve-2021-4104: investigated: false @@ -45031,13 +45275,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Application Gateway + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Aruba Central cves: cve-2021-4104: investigated: false @@ -45060,13 +45304,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Aspera + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Aruba ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -45089,13 +45333,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Aspera Endpoint + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Aruba ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -45118,13 +45362,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Aspera Enterprise + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Aruba Instant (IAP) cves: cve-2021-4104: investigated: false @@ -45147,13 +45391,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Aspera fasp.io + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Aruba Location Services cves: cve-2021-4104: investigated: false @@ -45176,13 +45420,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Bare Metal Servers + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Aruba NetEdit cves: cve-2021-4104: investigated: false @@ -45205,13 +45449,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: BigFix Compliance + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Aruba PVOS Switches cves: cve-2021-4104: investigated: false @@ -45233,44 +45477,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: IBM - product: BigFix Inventory - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - VM Manager Tool & SAP Tool - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: [] - notes: To verify if your instance is affected, go to the lib subdirectory of the - tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version - of log4j is included. Version is included in the name of the library. + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: IBM - product: Block Storage + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Aruba SDN VAN Controller cves: cve-2021-4104: investigated: false @@ -45293,13 +45507,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Block Storage for VPC + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Aruba User Experience Insight (UXI) cves: cve-2021-4104: investigated: false @@ -45322,13 +45536,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Block Storage Snapshots for VPC + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Aruba VIA Client cves: cve-2021-4104: investigated: false @@ -45351,13 +45565,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Case Manager + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: ArubaOS SD-WAN Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -45380,13 +45594,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Certificate Manager + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: ArubaOS Wi-Fi Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -45409,13 +45623,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Client VPN for VPC + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: ArubaOS-CX switches cves: cve-2021-4104: investigated: false @@ -45438,13 +45652,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Activity Tracker + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: ArubaOS-S switches cves: cve-2021-4104: investigated: false @@ -45467,13 +45681,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Backup + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: BladeSystem Onboard Administrator cves: cve-2021-4104: investigated: false @@ -45496,13 +45710,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Monitoring + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy cves: cve-2021-4104: investigated: false @@ -45525,13 +45739,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Object Storage + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Brocade 16Gb SAN Switch for HPE BladeSystem c-Class cves: cve-2021-4104: investigated: false @@ -45554,13 +45768,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Object Storage + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy cves: cve-2021-4104: investigated: false @@ -45583,13 +45797,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloudant + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Brocade Network Advisor cves: cve-2021-4104: investigated: false @@ -45612,13 +45826,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Code Engine + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: CloudAuth cves: cve-2021-4104: investigated: false @@ -45641,13 +45855,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cognos Command Center + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: CloudPhysics cves: cve-2021-4104: investigated: false @@ -45670,43 +45884,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cognos Controller - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 10.4.2 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ibm.com/support/pages/node/6526468> - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cognos Integration Server + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Compute Cloud Console cves: cve-2021-4104: investigated: false @@ -45729,13 +45913,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose Enterprise + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Compute operations manager- FW UPDATE SERVICE cves: cve-2021-4104: investigated: false @@ -45758,13 +45942,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for Elasticsearch + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: COS (Cray Operating System) cves: cve-2021-4104: investigated: false @@ -45787,13 +45971,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for etcd + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Cray Systems Management (CSM) cves: cve-2021-4104: investigated: false @@ -45816,13 +46000,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for MongoDB + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Custom SPP Portal [Link](https://spp.hpe.com/custom) cves: cve-2021-4104: investigated: false @@ -45845,13 +46029,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for MySQL + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Data Services Cloud Console cves: cve-2021-4104: investigated: false @@ -45874,13 +46058,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for PostgreSQL + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Harmony Data Platform cves: cve-2021-4104: investigated: false @@ -45903,13 +46087,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for RabbitMQ + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HOP public services (grafana, vault, rancher, Jenkins) cves: cve-2021-4104: investigated: false @@ -45932,13 +46116,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for Redis + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE B-series SN2600B SAN Extension Switch cves: cve-2021-4104: investigated: false @@ -45961,13 +46145,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for RethinkDB + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE B-series SN4000B SAN Extension Switch cves: cve-2021-4104: investigated: false @@ -45990,13 +46174,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for ScyllaDB + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE B-series SN6000B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -46019,13 +46203,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Container Registry + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE B-series SN6500B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -46048,13 +46232,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Container Security Services + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE B-series SN6600B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -46077,13 +46261,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Content Delivery Network + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE B-series SN6650B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -46106,13 +46290,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Continuous Delivery + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE B-series SN6700B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -46135,13 +46319,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Copy Services Manager + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Customer Experience Assurance (CEA) cves: cve-2021-4104: investigated: false @@ -46164,13 +46348,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for DataStax + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager cves: cve-2021-4104: investigated: false @@ -46193,13 +46377,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for EDB + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Home Location Register (HLR/I-HLR) cves: cve-2021-4104: investigated: false @@ -46222,13 +46406,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for Elasticsearch + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Infosight for Servers cves: cve-2021-4104: investigated: false @@ -46251,13 +46435,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for etcd + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Integrated Home Subscriber Server (I-HSS) cves: cve-2021-4104: investigated: false @@ -46280,13 +46464,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for MongoDB + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Intelligent Messaging (IM) cves: cve-2021-4104: investigated: false @@ -46309,13 +46493,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for PostgreSQL + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Intelligent Network Server (INS) cves: cve-2021-4104: investigated: false @@ -46338,13 +46522,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for Redis + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Multimedia Services Environment (MSE) cves: cve-2021-4104: investigated: false @@ -46367,13 +46551,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Datapower Gateway + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OC Convergent Communications Platform (OCCP) cves: cve-2021-4104: investigated: false @@ -46396,13 +46580,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Dedicated Host for VPC + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OC Media Platform Media Resource Function (OCMP-MRF) cves: cve-2021-4104: investigated: false @@ -46425,13 +46609,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Connect + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OC Service Access Controller (OC SAC) cves: cve-2021-4104: investigated: false @@ -46454,13 +46638,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Connect on Classic + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OC Service Controller (OCSC) cves: cve-2021-4104: investigated: false @@ -46483,13 +46667,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Dedicated (2.0) + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OC Universal Signaling Platform (OC-USP-M) cves: cve-2021-4104: investigated: false @@ -46512,13 +46696,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Dedicated Hosting on Classic + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OneView cves: cve-2021-4104: investigated: false @@ -46541,13 +46725,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Dedicated on Classic + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE OneView for VMware vRealize Operations (vROps) cves: cve-2021-4104: investigated: false @@ -46570,13 +46754,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Exchange on Classic + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE OneView Global Dashboard cves: cve-2021-4104: investigated: false @@ -46599,13 +46783,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: DNS Services + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Performance Cluster Manager (HPCM) cves: cve-2021-4104: investigated: false @@ -46628,13 +46812,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Emptoris Contract Management + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Performance Manager (PM) cves: cve-2021-4104: investigated: false @@ -46657,13 +46841,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Emptoris Program Management + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Position Determination Entity (PDE) cves: cve-2021-4104: investigated: false @@ -46686,13 +46870,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Emptoris Sourcing + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Secure Identity Broker (SIB) cves: cve-2021-4104: investigated: false @@ -46715,13 +46899,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Emptoris Spend Analysis + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Service Activator (SA) cves: cve-2021-4104: investigated: false @@ -46744,13 +46928,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Emptoris Supplier Lifecycle Management + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Service Governance Framework (SGF) cves: cve-2021-4104: investigated: false @@ -46773,13 +46957,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Enterprise Tape Controller Model C07 (3592) (ETC) + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Service Orchestration Manager (SOM) cves: cve-2021-4104: investigated: false @@ -46802,13 +46986,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Event Notifications + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Service Provisioner (SP) cves: cve-2021-4104: investigated: false @@ -46831,13 +47015,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Event Streams + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Short Message Point-to-Point Gateway (SMPP) cves: cve-2021-4104: investigated: false @@ -46860,13 +47044,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: File Storage + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Slingshot cves: cve-2021-4104: investigated: false @@ -46889,13 +47073,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Flash System 900 (& 840) + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Smart Interaction Server (SIS) cves: cve-2021-4104: investigated: false @@ -46918,13 +47102,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Flow Logs for VPC + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE SN3000B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -46947,13 +47131,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Functions + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8000B 4-Slot SAN Director Switch cves: cve-2021-4104: investigated: false @@ -46976,13 +47160,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: GSKit + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8000B 8-Slot SAN Backbone Director Switch cves: cve-2021-4104: investigated: false @@ -47005,13 +47189,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Guardium S-TAP for Data Sets on z/OS + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8600B 4-Slot SAN Director Switch cves: cve-2021-4104: investigated: false @@ -47034,13 +47218,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Guardium S-TAP for DB2 on z/OS + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8600B 8-Slot SAN Director Switch cves: cve-2021-4104: investigated: false @@ -47063,13 +47247,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Guardium S-TAP for IMS on z/OS + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8700B 4-Slot Director Switch cves: cve-2021-4104: investigated: false @@ -47092,13 +47276,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Hyper Protect Crypto Services + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8700B 8-Slot Director Switch cves: cve-2021-4104: investigated: false @@ -47121,13 +47305,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Hyper Protect DBaaS for MongoDB + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Subscriber, Network, and Application Policy (SNAP) cves: cve-2021-4104: investigated: false @@ -47150,13 +47334,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Hyper Protect DBaaS for PostgreSQL + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Subscription Manager (SM) cves: cve-2021-4104: investigated: false @@ -47179,13 +47363,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Hyper Protect Virtual Server + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Synergy Image Streamer cves: cve-2021-4104: investigated: false @@ -47208,13 +47392,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: i2 Analyst’s Notebook + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Systems Insight Manager (SIM) cves: cve-2021-4104: investigated: false @@ -47237,13 +47421,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: i2 Base + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Telecom Application Server (TAS) cves: cve-2021-4104: investigated: false @@ -47266,13 +47450,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Application Runtime Expert for i + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Unified Correlation and Automation (UCA) cves: cve-2021-4104: investigated: false @@ -47295,13 +47479,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Backup, Recovery and Media Services for i + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Unified Mediation Bus (UMB) cves: cve-2021-4104: investigated: false @@ -47324,13 +47508,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Db2 Mirror for i + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Unified OSS Console (UOC) cves: cve-2021-4104: investigated: false @@ -47353,13 +47537,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM HTTP Server + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Unified Topology Manager (UTM) cves: cve-2021-4104: investigated: false @@ -47382,13 +47566,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM i Access Family + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Universal Identity Repository (VIR) cves: cve-2021-4104: investigated: false @@ -47411,13 +47595,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM i Portfolio of products under the Group SWMA + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Universal SLA Manager (uSLAM) cves: cve-2021-4104: investigated: false @@ -47440,13 +47624,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM PowerHA System Mirror for i + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Virtual Connect cves: cve-2021-4104: investigated: false @@ -47469,13 +47653,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Sterling Connect:Direct Browser User Interface + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Virtual Connect Enterprise Manager (VCEM) cves: cve-2021-4104: investigated: false @@ -47498,13 +47682,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Sterling Connect:Direct File Agent + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Virtual Provisioning Gateway (vPGW) cves: cve-2021-4104: investigated: false @@ -47512,9 +47696,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - See Vendor Links + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -47528,15 +47711,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-sterling-connectdirect-for-unix-cve-2021-44228/ - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - - '[https://www.ibm.com/support/pages/node/6526688](https://www.ibm.com/support/pages/node/6526688), - [https://www.ibm.com/support/pages/node/6528324](https://www.ibm.com/support/pages/node/6528324), - [https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/)' - last_updated: '2021-12-20T00:00:00' - - vendor: IBM - product: IBM Sterling Connect:Direct for HP NonStop + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Virtual Server Environment (VSE) cves: cve-2021-4104: investigated: false @@ -47559,13 +47740,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Sterling Connect:Direct for i5/OS + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Virtual Subscriber Data Management (vSDM) cves: cve-2021-4104: investigated: false @@ -47588,13 +47769,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Sterling Connect:Direct for OpenVMS + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE WebRTC Gateway Controller (WGW) cves: cve-2021-4104: investigated: false @@ -47617,13 +47798,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Sterling Connect:Express for Microsoft Windows + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Wi-Fi Authentication Gateway (WauG) cves: cve-2021-4104: investigated: false @@ -47646,13 +47827,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Sterling Connect:Express for UNIX + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Insight Cluster Management Utility (CMU) cves: cve-2021-4104: investigated: false @@ -47675,13 +47856,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Sterling Connect:Express for z/OS + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrated Lights-Out (iLO) Amplifier Pack cves: cve-2021-4104: investigated: false @@ -47704,13 +47885,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Instana Agent + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrated Lights-Out 4 (iLO 4) cves: cve-2021-4104: investigated: false @@ -47719,10 +47900,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Timestamp lower than 12-11-2021 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '4' cve-2021-45046: investigated: false affected_versions: [] @@ -47734,13 +47915,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.instana.io/incidents/4zgcd2gzf4jw - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: IBM - product: Internet Services + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrated Lights-Out 5 (iLO 5) cves: cve-2021-4104: investigated: false @@ -47748,10 +47929,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '5' cve-2021-45046: investigated: false affected_versions: [] @@ -47763,13 +47945,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Key Lifecycle Manager for z/OS + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrity BL860c, BL870c, BL890c cves: cve-2021-4104: investigated: false @@ -47792,13 +47974,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Key Protect + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrity Rx2800/Rx2900 cves: cve-2021-4104: investigated: false @@ -47821,13 +48003,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Knowledge Studio + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrity Superdome 2 cves: cve-2021-4104: investigated: false @@ -47850,13 +48032,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Kubernetes Service + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrity Superdome X cves: cve-2021-4104: investigated: false @@ -47879,13 +48061,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Load Balancer for VPC + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Intelligent Provisioning cves: cve-2021-4104: investigated: false @@ -47908,13 +48090,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Log Analysis + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: iSUT integrated smart update tool cves: cve-2021-4104: investigated: false @@ -47937,13 +48119,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Managed VMware Service + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Maven Artifacts (Atlas) cves: cve-2021-4104: investigated: false @@ -47966,13 +48148,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Management Extender for VMware vCenter + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: MSA cves: cve-2021-4104: investigated: false @@ -47994,13 +48176,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: IBM - product: Mass Data Migration + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: NetEdit cves: cve-2021-4104: investigated: false @@ -48023,13 +48206,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Maximo EAM SaaS + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Nimble Storage cves: cve-2021-4104: investigated: false @@ -48052,13 +48235,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Message Hub + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: NS-T0634-OSM CONSOLE TOOLS cves: cve-2021-4104: investigated: false @@ -48081,13 +48264,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: MQ Appliance + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: NS-T0977-SCHEMA VALIDATOR cves: cve-2021-4104: investigated: false @@ -48110,13 +48293,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: MQ on IBM Cloud + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: OfficeConnect cves: cve-2021-4104: investigated: false @@ -48139,13 +48322,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Natural Language Understanding + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Primera Storage cves: cve-2021-4104: investigated: false @@ -48168,13 +48351,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: OmniFind Text Search Server for DB2 for i + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: RepoServer part of OPA (on Premises aggregator) cves: cve-2021-4104: investigated: false @@ -48197,13 +48380,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: OPENBMC + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Resource Aggregator for Open Distributed Infrastructure Management cves: cve-2021-4104: investigated: false @@ -48211,7 +48394,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -48226,13 +48409,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Planning Analytics Workspace + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: RESTful Interface Tool (iLOREST) cves: cve-2021-4104: investigated: false @@ -48240,9 +48423,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '>2.0.57' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -48256,13 +48438,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/support/pages/node/6525700 - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Power HMC + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SAT (System Admin Toolkit) cves: cve-2021-4104: investigated: false @@ -48270,9 +48452,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - V9.2.950.0 & V10.1.1010.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -48286,13 +48467,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/support/pages/node/6526172?myns=pwrsmc&mynp=OCSGGSNP&mync=E&cm_sp=pwrsmc-_-OCSGGSNP-_-E - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: PowerSC + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Scripting Tools for Windows PowerShell (HPEiLOCmdlets) cves: cve-2021-4104: investigated: false @@ -48315,13 +48496,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: PowerVM Hypervisor + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI MC990 X Server cves: cve-2021-4104: investigated: false @@ -48344,13 +48525,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: PowerVM VIOS + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 2000 Server cves: cve-2021-4104: investigated: false @@ -48373,13 +48554,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: QRadar Advisor + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 300, 300H, 300RL, 30EX cves: cve-2021-4104: investigated: false @@ -48402,13 +48583,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Qradar Network Threat Analytics + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 3000 Server cves: cve-2021-4104: investigated: false @@ -48431,13 +48612,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: QRadar SIEM + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SN8700B 8-Slot Director Switch cves: cve-2021-4104: investigated: false @@ -48460,13 +48641,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Quantum Services + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEasy cves: cve-2021-4104: investigated: false @@ -48489,13 +48670,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Rational Developer for AIX and Linux + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver CVTL cves: cve-2021-4104: investigated: false @@ -48518,13 +48699,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Rational Developer for i + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver LTO Tape Drives cves: cve-2021-4104: investigated: false @@ -48547,13 +48728,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Red Hat OpenShift on IBM Cloud + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver MSL Tape Libraries cves: cve-2021-4104: investigated: false @@ -48576,13 +48757,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Resilient + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreOnce cves: cve-2021-4104: investigated: false @@ -48604,13 +48785,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: IBM - product: Robotic Process Automation + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SUM (Smart Update Manager) cves: cve-2021-4104: investigated: false @@ -48633,13 +48815,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: SAN Volume Controller and Storwize Family + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Superdome Flex 280 cves: cve-2021-4104: investigated: false @@ -48662,13 +48844,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Satellite Infrastructure Service + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Superdome Flex Server cves: cve-2021-4104: investigated: false @@ -48691,13 +48873,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Schematics + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: UAN (User Access Node) cves: cve-2021-4104: investigated: false @@ -48720,13 +48902,72 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE/Micro Focus + product: Data Protector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '9.09' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://portal.microfocus.com/s/article/KM000003243 + notes: '' + references: + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + last_updated: '2021-12-17T00:00:00' + - vendor: Huawei + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Secrets Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Hubspot + product: '' cves: cve-2021-4104: investigated: false @@ -48749,13 +48990,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://community.hubspot.com/t5/APIs-Integrations/Log4J-day-zero-exploit-CVE-2021-44228/td-p/541949 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Secure Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: I-Net software + product: '' cves: cve-2021-4104: investigated: false @@ -48778,13 +49019,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://faq.inetsoftware.de/t/statement-about-cve-2021-44228-log4j-vulnerability-concerning-i-net-software-products/269/3 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Server Automation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: I2P + product: '' cves: cve-2021-4104: investigated: false @@ -48806,13 +49047,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://geti2p.net/en/blog/post/2021/12/11/i2p-unaffected-cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: IBM - product: Spectrum Archive Library Edition + - vendor: IBA-AG + product: '' cves: cve-2021-4104: investigated: false @@ -48835,13 +49077,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.iba-ag.com/en/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Spectrum Discover + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ibexa + product: '' cves: cve-2021-4104: investigated: false @@ -48864,13 +49106,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://developers.ibexa.co/security-advisories/cve-2021-44228-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM - product: Spectrum Protect Client Management Service + product: Analytics Engine cves: cve-2021-4104: investigated: false @@ -48899,7 +49141,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: 'Spectrum Protect for Databases: Data Protection for Oracle' + product: App Configuration cves: cve-2021-4104: investigated: false @@ -48928,7 +49170,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: 'Spectrum Protect for Databases: Data Protection for SQL' + product: App Connect cves: cve-2021-4104: investigated: false @@ -48957,7 +49199,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect for Enterprise Resource Planning + product: App ID cves: cve-2021-4104: investigated: false @@ -48986,7 +49228,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: 'Spectrum Protect for Mail: Data Protection for Domino' + product: Application Gateway cves: cve-2021-4104: investigated: false @@ -49015,7 +49257,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: 'Spectrum Protect for Mail: Data Protection for Exchange' + product: Aspera cves: cve-2021-4104: investigated: false @@ -49044,7 +49286,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect for Workstations + product: Aspera Endpoint cves: cve-2021-4104: investigated: false @@ -49073,7 +49315,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect for z/OS USS Client and API + product: Aspera Enterprise cves: cve-2021-4104: investigated: false @@ -49102,7 +49344,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Plus Db2 Agent + product: Aspera fasp.io cves: cve-2021-4104: investigated: false @@ -49131,7 +49373,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Plus Exchange Agent + product: Bare Metal Servers cves: cve-2021-4104: investigated: false @@ -49160,7 +49402,66 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Plus File Systems Agent + product: BigFix Compliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IBM + product: BigFix Inventory + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - VM Manager Tool & SAP Tool + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: To verify if your instance is affected, go to the lib subdirectory of the + tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version + of log4j is included. Version is included in the name of the library. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IBM + product: Block Storage cves: cve-2021-4104: investigated: false @@ -49189,7 +49490,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Plus MongoDB Agent + product: Block Storage for VPC cves: cve-2021-4104: investigated: false @@ -49218,7 +49519,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Plus O365 Agent + product: Block Storage Snapshots for VPC cves: cve-2021-4104: investigated: false @@ -49247,7 +49548,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Server + product: Case Manager cves: cve-2021-4104: investigated: false @@ -49276,7 +49577,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Snapshot for UNIX + product: Certificate Manager cves: cve-2021-4104: investigated: false @@ -49305,7 +49606,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Snapshot for UNIX + product: Client VPN for VPC cves: cve-2021-4104: investigated: false @@ -49334,7 +49635,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: SQL Query + product: Cloud Activity Tracker cves: cve-2021-4104: investigated: false @@ -49363,7 +49664,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Gentran + product: Cloud Backup cves: cve-2021-4104: investigated: false @@ -49392,7 +49693,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Order Management + product: Cloud Monitoring cves: cve-2021-4104: investigated: false @@ -49421,7 +49722,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for ACORD + product: Cloud Object Storage cves: cve-2021-4104: investigated: false @@ -49450,7 +49751,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for Financial Services + product: Cloud Object Storage cves: cve-2021-4104: investigated: false @@ -49479,7 +49780,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for FIX + product: Cloudant cves: cve-2021-4104: investigated: false @@ -49508,7 +49809,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for NACHA + product: Code Engine cves: cve-2021-4104: investigated: false @@ -49537,7 +49838,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for PeopleSoft + product: Cognos Command Center cves: cve-2021-4104: investigated: false @@ -49566,7 +49867,37 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for SAP R/3 + product: Cognos Controller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 10.4.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/support/pages/node/6526468> + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Cognos Integration Server cves: cve-2021-4104: investigated: false @@ -49595,7 +49926,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for SEPA + product: Compose Enterprise cves: cve-2021-4104: investigated: false @@ -49624,7 +49955,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for Siebel + product: Compose for Elasticsearch cves: cve-2021-4104: investigated: false @@ -49653,7 +49984,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for SWIFT + product: Compose for etcd cves: cve-2021-4104: investigated: false @@ -49682,7 +50013,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Packs for EDI + product: Compose for MongoDB cves: cve-2021-4104: investigated: false @@ -49711,7 +50042,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Packs for Healthcare + product: Compose for MySQL cves: cve-2021-4104: investigated: false @@ -49740,7 +50071,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Trading Manager + product: Compose for PostgreSQL cves: cve-2021-4104: investigated: false @@ -49769,7 +50100,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Storage TS1160 + product: Compose for RabbitMQ cves: cve-2021-4104: investigated: false @@ -49798,7 +50129,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Storage TS2280 + product: Compose for Redis cves: cve-2021-4104: investigated: false @@ -49827,7 +50158,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Storage TS2900 Library + product: Compose for RethinkDB cves: cve-2021-4104: investigated: false @@ -49856,7 +50187,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Storage TS3100-TS3200 Library + product: Compose for ScyllaDB cves: cve-2021-4104: investigated: false @@ -49885,7 +50216,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Storage TS4500 Library + product: Container Registry cves: cve-2021-4104: investigated: false @@ -49914,7 +50245,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Storage Virtualization Engine TS7700 + product: Container Security Services cves: cve-2021-4104: investigated: false @@ -49943,7 +50274,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Tape System Library Manager + product: Content Delivery Network cves: cve-2021-4104: investigated: false @@ -49972,7 +50303,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: TDMF for zOS + product: Continuous Delivery cves: cve-2021-4104: investigated: false @@ -50001,7 +50332,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Total Storage Service Console (TSSC) / TS4500 IMC + product: Copy Services Manager cves: cve-2021-4104: investigated: false @@ -50030,7 +50361,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Transit Gateway + product: Databases for DataStax cves: cve-2021-4104: investigated: false @@ -50059,7 +50390,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Tririga Anywhere + product: Databases for EDB cves: cve-2021-4104: investigated: false @@ -50088,7 +50419,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: TS4300 + product: Databases for Elasticsearch cves: cve-2021-4104: investigated: false @@ -50117,7 +50448,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Urbancode Deploy + product: Databases for etcd cves: cve-2021-4104: investigated: false @@ -50146,7 +50477,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Virtual Private Cloud + product: Databases for MongoDB cves: cve-2021-4104: investigated: false @@ -50175,7 +50506,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Virtual Server for Classic + product: Databases for PostgreSQL cves: cve-2021-4104: investigated: false @@ -50204,7 +50535,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Virtualization Management Interface + product: Databases for Redis cves: cve-2021-4104: investigated: false @@ -50233,7 +50564,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: VMware Solutions + product: Datapower Gateway cves: cve-2021-4104: investigated: false @@ -50262,7 +50593,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: VMware vCenter Server + product: Dedicated Host for VPC cves: cve-2021-4104: investigated: false @@ -50291,7 +50622,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: VMware vSphere + product: Direct Link Connect cves: cve-2021-4104: investigated: false @@ -50320,7 +50651,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: VPN for VPC + product: Direct Link Connect on Classic cves: cve-2021-4104: investigated: false @@ -50349,7 +50680,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: vRealize Operations and Log Insight + product: Direct Link Dedicated (2.0) cves: cve-2021-4104: investigated: false @@ -50378,7 +50709,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Workload Automation + product: Direct Link Dedicated Hosting on Classic cves: cve-2021-4104: investigated: false @@ -50406,8 +50737,8 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: ICONICS - product: All + - vendor: IBM + product: Direct Link Dedicated on Classic cves: cve-2021-4104: investigated: false @@ -50430,13 +50761,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://iconics.com/News/Press-Releases/2021/ICONICS-Not-Subject-to-Apache-Log4j-Vulnerability + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: IFS - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Direct Link Exchange on Classic cves: cve-2021-4104: investigated: false @@ -50459,13 +50790,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.ifs.com/announcements-278/urgent-bulletin-ifs-advisory-ifs-products-services-and-log4j-cve-2021-44228-16436 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: IGEL - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: DNS Services cves: cve-2021-4104: investigated: false @@ -50488,13 +50819,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.igel.com/securitysafety/en/isn-2021-11-ums-log4j-vulnerability-54086712.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ignite Realtime - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Emptoris Contract Management cves: cve-2021-4104: investigated: false @@ -50517,13 +50848,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discourse.igniterealtime.org/t/openfire-4-6-5-released/91108 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: iGrafx - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Emptoris Program Management cves: cve-2021-4104: investigated: false @@ -50546,13 +50877,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.igrafx.com/igrafx-thwarts-log4j-vulnerability/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Illuminated Cloud - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Emptoris Sourcing cves: cve-2021-4104: investigated: false @@ -50575,13 +50906,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://illuminatedcloud.blogspot.com/2021/12/illuminated-cloud-2-and-log4j-security.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Illumio - product: C-VEN + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Emptoris Spend Analysis cves: cve-2021-4104: investigated: false @@ -50604,13 +50935,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: CLI + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Emptoris Supplier Lifecycle Management cves: cve-2021-4104: investigated: false @@ -50633,13 +50964,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: CloudSecure + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Enterprise Tape Controller Model C07 (3592) (ETC) cves: cve-2021-4104: investigated: false @@ -50662,13 +50993,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Core on-premise PCE + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Event Notifications cves: cve-2021-4104: investigated: false @@ -50691,13 +51022,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Core SaaS PCE + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Event Streams cves: cve-2021-4104: investigated: false @@ -50720,13 +51051,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Edge SaaS PCE + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: File Storage cves: cve-2021-4104: investigated: false @@ -50749,13 +51080,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Edge-CrowdStrike + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Flash System 900 (& 840) cves: cve-2021-4104: investigated: false @@ -50778,13 +51109,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Flowlink + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Flow Logs for VPC cves: cve-2021-4104: investigated: false @@ -50807,13 +51138,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Kubelink + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Functions cves: cve-2021-4104: investigated: false @@ -50836,13 +51167,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: NEN + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: GSKit cves: cve-2021-4104: investigated: false @@ -50865,13 +51196,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: QRadar App + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Guardium S-TAP for Data Sets on z/OS cves: cve-2021-4104: investigated: false @@ -50894,13 +51225,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Splunk App + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Guardium S-TAP for DB2 on z/OS cves: cve-2021-4104: investigated: false @@ -50923,13 +51254,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: VEN + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Guardium S-TAP for IMS on z/OS cves: cve-2021-4104: investigated: false @@ -50952,13 +51283,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: IManage - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Hyper Protect Crypto Services cves: cve-2021-4104: investigated: false @@ -50981,13 +51312,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.imanage.com/hc/en-us/articles/4412696236699-ADVISORY-Security-vulnerability-CVE-2021-44228-in-third-party-component-Apache-Log4j2#h_3164fa6c-4717-4aa1-b2dc-d14d4112595e + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Imperva - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Hyper Protect DBaaS for MongoDB cves: cve-2021-4104: investigated: false @@ -51010,13 +51341,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Inductive Automation - product: Ignition + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Hyper Protect DBaaS for PostgreSQL cves: cve-2021-4104: investigated: false @@ -51024,11 +51355,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -51040,14 +51370,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day - notes: Older versions of Ignition (7.8 and older) did use the Log4j library, but - they used an older version (1.2) that was not affected by this vulnerability. + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2022-01-19T00:00:00' - - vendor: IndustrialDefender - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Hyper Protect Virtual Server cves: cve-2021-4104: investigated: false @@ -51070,13 +51399,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.industrialdefender.com/cve-2021-44228-log4j/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: infinidat - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: i2 Analyst’s Notebook cves: cve-2021-4104: investigated: false @@ -51099,13 +51428,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.infinidat.com/hc/en-us/articles/4413483145489-INFINIDAT-Support-Announcement-2021-010-Log4Shell-CVE-2021-44228 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: InfluxData - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: i2 Base cves: cve-2021-4104: investigated: false @@ -51128,13 +51457,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.influxdata.com/blog/apache-log4j-vulnerability-cve-2021-44228/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Infoblox - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM Application Runtime Expert for i cves: cve-2021-4104: investigated: false @@ -51157,13 +51486,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.infoblox.com/articles/Knowledge/Infoblox-NIOS-and-BloxOne-products-not-vulnerable-to-CVE-2021-44228 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Informatica - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM Backup, Recovery and Media Services for i cves: cve-2021-4104: investigated: false @@ -51186,13 +51515,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://network.informatica.com/community/informatica-network/blog/2021/12/10/log4j-vulnerability-update + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Instana - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM Db2 Mirror for i cves: cve-2021-4104: investigated: false @@ -51215,13 +51544,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.instana.io/incidents/4zgcd2gzf4jw + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Instructure - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM HTTP Server cves: cve-2021-4104: investigated: false @@ -51244,13 +51573,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.canvaslms.com/t5/Community-Users/Instructure-amp-the-Apache-Log4j2-Vulnerability/ba-p/501907 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Intel - product: Audio Development Kit + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM i Access Family cves: cve-2021-4104: investigated: false @@ -51273,13 +51602,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: Computer Vision Annotation Tool maintained by Intel + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM i Portfolio of products under the Group SWMA cves: cve-2021-4104: investigated: false @@ -51302,13 +51631,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: Datacenter Manager + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM PowerHA System Mirror for i cves: cve-2021-4104: investigated: false @@ -51331,13 +51660,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: Genomics Kernel Library + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM Sterling Connect:Direct Browser User Interface cves: cve-2021-4104: investigated: false @@ -51360,13 +51689,45 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: oneAPI sample browser plugin for Eclipse + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM Sterling Connect:Direct File Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - See Vendor Links + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-sterling-connectdirect-for-unix-cve-2021-44228/ + notes: '' + references: + - '[https://www.ibm.com/support/pages/node/6526688](https://www.ibm.com/support/pages/node/6526688), + [https://www.ibm.com/support/pages/node/6528324](https://www.ibm.com/support/pages/node/6528324), + [https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/)' + last_updated: '2021-12-20T00:00:00' + - vendor: IBM + product: IBM Sterling Connect:Direct for HP NonStop cves: cve-2021-4104: investigated: false @@ -51389,13 +51750,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: Secure Device Onboard + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM Sterling Connect:Direct for i5/OS cves: cve-2021-4104: investigated: false @@ -51418,13 +51779,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: Sensor Solution Firmware Development Kit + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM Sterling Connect:Direct for OpenVMS cves: cve-2021-4104: investigated: false @@ -51447,13 +51808,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: System Debugger + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM Sterling Connect:Express for Microsoft Windows cves: cve-2021-4104: investigated: false @@ -51476,13 +51837,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: System Studio + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM Sterling Connect:Express for UNIX cves: cve-2021-4104: investigated: false @@ -51505,13 +51866,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Internet Systems Consortium(ISC) - product: BIND 9 + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: IBM Sterling Connect:Express for z/OS cves: cve-2021-4104: investigated: false @@ -51519,11 +51880,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -51535,13 +51895,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.isc.org/blogs/2021-log4j/ - notes: no JAVA Code + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Internet Systems Consortium(ISC) - product: ISC DHCP, aka dhcpd + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Instana Agent cves: cve-2021-4104: investigated: false @@ -51550,10 +51910,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Timestamp lower than 12-11-2021 fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -51565,13 +51925,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.isc.org/blogs/2021-log4j/ - notes: no JAVA Code + - https://status.instana.io/incidents/4zgcd2gzf4jw + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Internet Systems Consortium(ISC) - product: Kea DHCP + last_updated: '2021-12-14T00:00:00' + - vendor: IBM + product: Internet Services cves: cve-2021-4104: investigated: false @@ -51579,11 +51939,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -51595,13 +51954,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.isc.org/blogs/2021-log4j/ - notes: no JAVA Code + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: InterSystems - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Key Lifecycle Manager for z/OS cves: cve-2021-4104: investigated: false @@ -51624,13 +51983,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intersystems.com/gt/apache-log4j2/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Intland - product: codebeamer + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Key Protect cves: cve-2021-4104: investigated: false @@ -51638,10 +51997,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <= 20.11-SP11 - - <= 21.09-SP3 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -51655,14 +52012,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://codebeamer.com/cb/wiki/19872365 - notes: A fix has been released for [20.11](https://codebeamer.com/cb/wiki/13134438) - and [21.09](https://codebeamer.com/cb/wiki/19418497), but not yet for [21.04](https://codebeamer.com/cb/wiki/16937839) + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: IPRO - product: Netgovern + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Knowledge Studio cves: cve-2021-4104: investigated: false @@ -51684,13 +52040,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: iRedMail - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Kubernetes Service cves: cve-2021-4104: investigated: false @@ -51713,13 +52070,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.iredmail.org/topic18605-log4j-cve202144228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ironnet - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Load Balancer for VPC cves: cve-2021-4104: investigated: false @@ -51742,13 +52099,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ironnet.com/blog/ironnet-security-notifications-related-to-log4j-vulnerability + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ISLONLINE - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Log Analysis cves: cve-2021-4104: investigated: false @@ -51771,2098 +52128,13934 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.islonline.com/2021/12/13/isl-online-is-not-affected-by-log4shell-vulnerability/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ivanti - product: Application Control for Linux + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Managed VMware Service cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Application Control for Windows + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Management Extender for VMware vCenter cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Automation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IBM + product: Mass Data Migration cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Avalanche + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Maximo EAM SaaS cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 6.2.2 - - 6.3.0 to 6.3.3 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Avalanche Remote Control + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Message Hub cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: CETerm (Naurtech) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: MQ Appliance cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Cherwell Asset Management (CAM) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: MQ on IBM Cloud cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Cherwell Service Management (CSM) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Natural Language Understanding cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Connect Pro + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: OmniFind Text Search Server for DB2 for i cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: ConnectPro (Termproxy) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: OPENBMC cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Credential mgr (PivD Manager) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Planning Analytics Workspace cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '>2.0.57' fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/support/pages/node/6525700 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Discovery Classic + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Power HMC cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - V9.2.950.0 & V10.1.1010.0 fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/support/pages/node/6526172?myns=pwrsmc&mynp=OCSGGSNP&mync=E&cm_sp=pwrsmc-_-OCSGGSNP-_-E notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: DSM + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: PowerSC cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Environment Manager + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: PowerVM Hypervisor cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: GoldMine + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: PowerVM VIOS cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: HEAT Classic + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: QRadar Advisor cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: IIRIS (Neurons for IIOT) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Qradar Network Threat Analytics cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Incapptic Connect + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: QRadar SIEM cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Insight + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Quantum Services cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: ITSM 6/7 + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Rational Developer for AIX and Linux cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Asset Lifecycle Management + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Rational Developer for i cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Device Application Control + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Red Hat OpenShift on IBM Cloud cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Endpoint Manager + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Resilient cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Endpoint Security + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IBM + product: Robotic Process Automation cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Environment Manager + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: SAN Volume Controller and Storwize Family cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti EPM - Cloud Service Appliance + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Satellite Infrastructure Service cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti File Director + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Schematics cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 2019.1.* - - 2020.1.* - - 2020.3.* - - 2021.1.* - - 4.4.* - fixed_versions: - - 2021.3 HF2 - - 2021.1 HF1 - - 2020.3 HF2 + investigated: false + affected_versions: [] + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Identity Director + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Secrets Manager cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti License Optimizer (ILO) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Secure Gateway cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Management Center + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Server Automation cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Neurons Platform + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IBM + product: Spectrum Archive Library Edition cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Performance Manager + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Discover cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Security Controls (Patch ISec) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Client Management Service cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See More INFO for Ivanti Security Controls (Patch ISec) in the Advisory - Page + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Service Desk + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: 'Spectrum Protect for Databases: Data Protection for Oracle' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: Not Affected. Java is no longer required since version 2018.3U3 Customers - on older versions can uninstall JRE on their ISD Servers for mitigation. This - will disable indexing of Attachments and Documents for full-text search. + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Service Manager + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: 'Spectrum Protect for Databases: Data Protection for SQL' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Service Manager for Neurons (Cloud) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect for Enterprise Resource Planning cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Voice + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: 'Spectrum Protect for Mail: Data Protection for Domino' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Workspace Control + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: 'Spectrum Protect for Mail: Data Protection for Exchange' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MI Appconnect + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect for Workstations cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MI Email+ + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect for z/OS USS Client and API cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MI Go Client + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Plus Db2 Agent cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MI MobileAtWork + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Plus Exchange Agent cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MI Security Productivity Apps + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Plus File Systems Agent cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Mi Tunnel App + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Plus MongoDB Agent cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron Access ZSO + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Plus O365 Agent cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: Mitigated. No Impact + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron BYOD Portal + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Server cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron Cloud + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Snapshot for UNIX cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Snapshot for UNIX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: SQL Query + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Gentran + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Order Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for ACORD + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for Financial Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for FIX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for NACHA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for PeopleSoft + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for SAP R/3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for SEPA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for Siebel + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for SWIFT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Packs for EDI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Packs for Healthcare + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Trading Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage TS1160 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage TS2280 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage TS2900 Library + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage TS3100-TS3200 Library + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage TS4500 Library + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage Virtualization Engine TS7700 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Tape System Library Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: TDMF for zOS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Total Storage Service Console (TSSC) / TS4500 IMC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Transit Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Tririga Anywhere + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: TS4300 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Urbancode Deploy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Virtual Private Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Virtual Server for Classic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Virtualization Management Interface + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: VMware Solutions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: VMware vCenter Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: VMware vSphere + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: VPN for VPC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: vRealize Operations and Log Insight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Workload Automation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: ICONICS + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://iconics.com/News/Press-Releases/2021/ICONICS-Not-Subject-to-Apache-Log4j-Vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: IFS + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.ifs.com/announcements-278/urgent-bulletin-ifs-advisory-ifs-products-services-and-log4j-cve-2021-44228-16436 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IGEL + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.igel.com/securitysafety/en/isn-2021-11-ums-log4j-vulnerability-54086712.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ignite Realtime + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discourse.igniterealtime.org/t/openfire-4-6-5-released/91108 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: iGrafx + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.igrafx.com/igrafx-thwarts-log4j-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Illuminated Cloud + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://illuminatedcloud.blogspot.com/2021/12/illuminated-cloud-2-and-log4j-security.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Illumio + product: C-VEN + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: CLI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: CloudSecure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Core on-premise PCE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Core SaaS PCE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Edge SaaS PCE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Edge-CrowdStrike + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Flowlink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Kubelink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: NEN + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: QRadar App + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Splunk App + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: VEN + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: IManage + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.imanage.com/hc/en-us/articles/4412696236699-ADVISORY-Security-vulnerability-CVE-2021-44228-in-third-party-component-Apache-Log4j2#h_3164fa6c-4717-4aa1-b2dc-d14d4112595e + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Imperva + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Inductive Automation + product: Ignition + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day + notes: Older versions of Ignition (7.8 and older) did use the Log4j library, but + they used an older version (1.2) that was not affected by this vulnerability. + references: + - '' + last_updated: '2022-01-19T00:00:00' + - vendor: IndustrialDefender + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.industrialdefender.com/cve-2021-44228-log4j/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: infinidat + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.infinidat.com/hc/en-us/articles/4413483145489-INFINIDAT-Support-Announcement-2021-010-Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: InfluxData + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.influxdata.com/blog/apache-log4j-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Infoblox + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.infoblox.com/articles/Knowledge/Infoblox-NIOS-and-BloxOne-products-not-vulnerable-to-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Informatica + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://network.informatica.com/community/informatica-network/blog/2021/12/10/log4j-vulnerability-update + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Instana + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://status.instana.io/incidents/4zgcd2gzf4jw + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Instructure + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.canvaslms.com/t5/Community-Users/Instructure-amp-the-Apache-Log4j2-Vulnerability/ba-p/501907 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Intel + product: Audio Development Kit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: Computer Vision Annotation Tool maintained by Intel + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: Datacenter Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: Genomics Kernel Library + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: oneAPI sample browser plugin for Eclipse + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: Secure Device Onboard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: Sensor Solution Firmware Development Kit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: System Debugger + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: System Studio + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Internet Systems Consortium(ISC) + product: BIND 9 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.isc.org/blogs/2021-log4j/ + notes: no JAVA Code + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Internet Systems Consortium(ISC) + product: ISC DHCP, aka dhcpd + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.isc.org/blogs/2021-log4j/ + notes: no JAVA Code + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Internet Systems Consortium(ISC) + product: Kea DHCP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.isc.org/blogs/2021-log4j/ + notes: no JAVA Code + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: InterSystems + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.intersystems.com/gt/apache-log4j2/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Intland + product: codebeamer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <= 20.11-SP11 + - <= 21.09-SP3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://codebeamer.com/cb/wiki/19872365 + notes: A fix has been released for [20.11](https://codebeamer.com/cb/wiki/13134438) + and [21.09](https://codebeamer.com/cb/wiki/19418497), but not yet for [21.04](https://codebeamer.com/cb/wiki/16937839) + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IPRO + product: Netgovern + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: iRedMail + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.iredmail.org/topic18605-log4j-cve202144228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ironnet + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ironnet.com/blog/ironnet-security-notifications-related-to-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ISLONLINE + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.islonline.com/2021/12/13/isl-online-is-not-affected-by-log4shell-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ivanti + product: Application Control for Linux + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Application Control for Windows + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Automation + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Avalanche + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 6.2.2 + - 6.3.0 to 6.3.3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Avalanche Remote Control + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: CETerm (Naurtech) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Cherwell Asset Management (CAM) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Cherwell Service Management (CSM) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Connect Pro + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: ConnectPro (Termproxy) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Credential mgr (PivD Manager) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Discovery Classic + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: DSM + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Environment Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: GoldMine + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: HEAT Classic + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: IIRIS (Neurons for IIOT) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Incapptic Connect + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Insight + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: ITSM 6/7 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Asset Lifecycle Management + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Device Application Control + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Endpoint Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Endpoint Security + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Environment Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti EPM - Cloud Service Appliance + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti File Director + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2019.1.* + - 2020.1.* + - 2020.3.* + - 2021.1.* + - 4.4.* + fixed_versions: + - 2021.3 HF2 + - 2021.1 HF1 + - 2020.3 HF2 + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Identity Director + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti License Optimizer (ILO) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Management Center + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Neurons Platform + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Performance Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Security Controls (Patch ISec) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See More INFO for Ivanti Security Controls (Patch ISec) in the Advisory + Page + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Service Desk + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: Not Affected. Java is no longer required since version 2018.3U3 Customers + on older versions can uninstall JRE on their ISD Servers for mitigation. This + will disable indexing of Attachments and Documents for full-text search. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Service Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Service Manager for Neurons (Cloud) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Voice + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Workspace Control + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Appconnect + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Email+ + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Go Client + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI MobileAtWork + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Security Productivity Apps + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Mi Tunnel App + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Access ZSO + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: Mitigated. No Impact + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron BYOD Portal + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Cloud + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Cloud Connector + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Core. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core Connector + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Core Connector. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Sentry (Core/Cloud) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '9.13' + - '9.14' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Sentry. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Patch MEM (Microsoft Endpoint Manager) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Patch OEM APIs + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Performance Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Connect Secure + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Desktop Client + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Mobile Client + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse One + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Policy Secure + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Services Director + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Virtual Traffic Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Web Application Firewall + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse ZTA + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Risksense Threat and Vulnerability Management + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: SpeakEasy (add-on to Velocity) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: SpeakEasy (WinCE) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Terminal Emulation and Industrial Browser + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Velocity + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: VelocityCE + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: MobileIron Cloud Connector + product: Virtual Desktop Extender + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Wavelink License Server + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Xtraction + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Jamasoftware + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Data Policy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Health Care Listener + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Infrastructure Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Now + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Private Access + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Pro (On-Prem) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 10.34.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Protect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf School + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Threat Defense + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Janitza + product: GridVis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 8.0.82 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.janitza.com/us/gridvis-download.html + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Jaspersoft + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Java Melody + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.90.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/javamelody/javamelody/wiki/ReleaseNotes + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jedox + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.jedox.com/en/trust/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jenkins + product: CI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jenkins + product: CI/CD Core + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jenkins + product: Plugins + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ + notes: '' + references: + - '[Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/)' + last_updated: '2021-12-16T00:00:00' + - vendor: JetBrains + product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, + dotCover, dotPeek) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jetbrains + product: Code With Me + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Datalore + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Floating License Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '30241' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Hub + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2021.1.14080 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, + IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, + Rider, RubyMine, WebStorm) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Kotlin + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Ktor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: MPS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Space + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: TeamCity + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://youtrack.jetbrains.com/issue/TW-74298 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: ToolBox + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: UpSource + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2020.1.1952 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: YouTrack InCloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: YouTrack Standalone + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2021.4.35970 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JFrog + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JGraph + product: DrawIO + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/jgraph/drawio/issues/2490 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jitsi + product: jitsi-videobridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v2.1-595-g3637fda42 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jitterbit + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Johnson Controls + product: Athena + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: BCPro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CEM AC2000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CEM Hardware Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CK721-A (P2000) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CloudVue Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CloudVue Web + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Connect24 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Connected Equipment Gateway (CEG) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: C•CURE Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: C•CURE Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: C•CURE Web + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: C•CURE-9000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 2.90.x + - 2.80.x + - 2.70.x + - 2.60.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: DataSource + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: DLS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All versions + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Entrapass + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: exacqVision Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: exacqVision Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: exacqVision WebService + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Facility Explorer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 14.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Illustra Cameras + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Illustra Insight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: iSTAR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Kantech Entrapass + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Metasys Products and Tools + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All versions + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Active Responder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Bridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Chiller Utility Plant Optimizer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Connected Chiller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Enterprise Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Location Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Risk Insight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Twin + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Workplace + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: P2000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: PowerSeries NEO + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: PowerSeries Pro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Qolsys IQ Panels + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: RFID Overhead360 Backend + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: S321-IP (P2000) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Analytics (STaN) - Traffic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Market Intelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Perimeter Apps + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Shopper Journey + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Video Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Sur‐Gard Receivers + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: TrueVue Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Tyco AI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All versions + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: victor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 5.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: victor/ C•CURE‐9000 Unified + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 and 3.91.x / victor 5.6.1 / C•CURE‐9000 + 2.90 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: VideoEdge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 5.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Xaap + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Journyx + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228- + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: jPOS + product: (ISO-8583) bridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jump Desktop + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Advanced Threat Prevention (JATP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: AppFormix + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Apstra System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Apstra System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Connectivity Services Director + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Networking + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Service Orchestration + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Cross Provisioning Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: CTPOS and CTPView + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: ICEAAA Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: JATP Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Juniper Identity Management Services (JIMS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Juniper Mist Edge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Juniper Sky Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Junos OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Junos OS Evolved + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Junos Space Network Management Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST - Juniper Networks Marvis Virtual Network Assistant (VNA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST - Juniper Networks Mist AI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST - Juniper Networks Wi-Fi Assurance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST - Juniper Networks Wired Assurance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Mist Access Points + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Any version on AP12, AP21, AP32, AP33, AP34, AP41, AP43, AP45, AP61, AP63 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Network Director + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Northstar Controller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Northstar Planner + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Paragon Insights + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>= 21 version 21.1 ; >= 22 version 22.2' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Paragon Pathfinder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>= 21 version 21.1 ; >= 22 version 22.2' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Paragon Planner + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>= 21 version 21.1 ; >= 22 version 22.2' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Policy Enforcer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Products using Wind River Linux in Junos OS and Junos OS Evolved + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: ScreenOS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: SecIntel + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Secure Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Security Director + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Security Director Insights + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Session Smart Router (Formerly 128T) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Space SDK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Standalone Log Collector 20.1 (as also used by Space Security Director) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: User Engagement Virtual BLE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Justice Systems + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.justicesystems.com/services/support/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: K15t + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.k15t.com/k15t-apps-and-log4shell-193401141.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: K6 + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn SaaS in the classic Learn experience + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v3900.28.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn Self- and Managed-Hosting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v3900.26.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' + - vendor: Karakun + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://board.karakun.com/viewtopic.php?f=21&t=8351 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kaseya + product: AuthAnvil + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: BMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: ID Agent DarkWeb ID and BullPhish ID + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: IT Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: MyGlue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Network Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Passly + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: RocketCyber + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spannign Salesforce Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spanning O365 Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Unitrends + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Vorex + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: VSA SaaS and VSA On-Premises + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: KeePass + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keeper + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kemp + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit + notes: '' + references: + - '[Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-)' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keycloak + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/keycloak/keycloak/discussions/9078 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Capture + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Communication Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.3 - 5.5 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Robot File System (RFS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=10.7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Robotic Process Automation (RPA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '11.1' + - '11.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Konica Minolta + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.konicaminolta.de/de-de/support/log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kronos UKG + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kyberna + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.kyberna.com/detail/log4j-sicherheitsluecke + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: L-Soft + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - http://www.lsoft.com/news/log4jinfo.asp + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: L3Harris Geospatial + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.l3harrisgeospatial.com/Support/Self-Help-Tools/Help-Articles/Help-Articles-Detail/ArtMID/10220/ArticleID/24141/Impact-of-Log4j-Java-Security-Vulnerability-CVE-2021-44228-on-L3Harris-Geospatial-software + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Lancom Systems + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.lancom-systems.com/service-support/instant-help/general-security-information/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Lansweeper + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.lansweeper.com/vulnerability/critical-log4j-vulnerability-affects-millions-of-applications/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Laserfiche + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://answers.laserfiche.com/questions/194037/Do-any-Laserfiche-products-use-the-Apache-log4j-library#194038 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LastPass + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.logmeininc.com/lastpass/help/log4j-vulnerability-faq-for-lastpass-universal-proxy + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LaunchDarkly + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://launchdarkly.com/blog/audit-shows-systems-unaffected-by-log4j/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Leanix + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leanix.net/en/blog/log4j-vulnerability-log4shell + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio AT2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio AT2 DX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio CS2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio eSlide Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio GT 450 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio GT 450 DX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio ImageScope + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio ImageScope DX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio LV1 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio SAM DX Server For GT 450 DX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio Scanner Administration Manager (SAM) Server for GT 450 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio VERSA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio WebViewer DX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: BOND Controller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: BOND RX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: BOND RXm + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: BOND-ADVANCE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: BOND-III + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: BOND-MAX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: CEREBRO + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: CytoVision + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: HistoCore PEARL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: HistoCore PEGASUS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: HistoCore SPECTRA CV + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: HistoCore SPECTRA ST + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: HistoCore SPIRIT ST + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: HistoCore SPRING ST + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica ASP300S + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica CV5030 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica ST4020 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica ST5010 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica ST5020 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica TP1020 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: LIS Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: PathDX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: ThermoBrite Elite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Lenovo + product: BIOS/UEFI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Chassis Management Module 2 (CMM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Commercial Vantage + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Confluent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: DSS-G + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Embedded System Management Java-based KVM clients + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Fan Power Controller (FPC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Fan Power Controller2 (FPC2) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Integrated Management Module II (IMM2) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: NetApp ONTAP Tools for VMware vSphere + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: See [NetApp](https://security.netapp.com/advisory/ntap-20211210-0007/) + advisory. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: 'Network Switches running: Lenovo CNOS, Lenovo ENOS, IBM ENOS, or Brocade + FOS' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Storage Management utilities + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: System Management Module (SMM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: System Management Module 2 (SMM2) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: System Update + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Thin Installer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkAgile HX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: Nutanix and VMware components only; hardware not affected. See [Nutanix](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) + and [VMWare](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) + advisories. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkAgile VX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: VMware components only; hardware not affected. See [VMWare](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) + advisory. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkSystem 2x1x16 Digital KVM Switch - Type 1754D1T + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkSystem DE Series Storage cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: See also NetApp advisory. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkSystem DM Series Storage + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: See also NetApp advisory. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkSystem DS Series Storage + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron Core + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkSystem Manager (TSM) cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Update Retriever + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Vantage + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Administrator (LXCA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Controller (XCC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Energy Manager (LXEM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Essentials (LXCE) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for Microsoft Azure Log Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for Microsoft System Center + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for Nagios + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for ServiceNow + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for VMware vCenter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for Windows Admin Center + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Mobile (LXCM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Orchestrator (LXCO) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Core. + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron Core Connector + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Provisioning Manager (LXPM) cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Core Connector. + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron Sentry (Core/Cloud) + last_updated: '2021-12-14T00:00:00' + - vendor: LeoStream + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '9.13' - - '9.14' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Sentry. + - https://support.leostream.com/support/discussions/topics/66000507567 + notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Patch MEM (Microsoft Endpoint Manager) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Let's Encrypt + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://community.letsencrypt.org/t/log4j-vulnerability-cve-2021-44228/167464 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Patch OEM APIs + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LibreNMS + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://community.librenms.org/t/is-librenms-affected-by-vulnerable-to-cve-2021-25218-cve-2021-44228/17675/6 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Performance Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LifeRay + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://liferay.dev/blogs/-/blogs/log4j2-zero-day-vulnerability notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse Connect Secure + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LifeSize + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://community.lifesize.com/s/article/Apache-Log4j2-CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse Desktop Client + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Lightbend + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse Mobile Client + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Lime CRM + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://docs.lime-crm.com/security/lcsec21-01 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse One + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LIONGARD + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://insights.liongard.com/faq-apache-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse Policy Secure + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LiquidFiles + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://mailchi.mp/liquidfiles/liquidfiles-log4j?e=%5BUNIQID%5D notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse Services Director + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LiveAction + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://documentation.liveaction.com/LiveNX/LiveNX%2021.5.1%20Release%20Notes/Release%20Notes%20LiveNX%2021.5.1.1.3 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse Virtual Traffic Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Loftware + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://help.loftware.com/lps-kb/content/log4j%20cve-2021-44228.htm?Highlight=CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse Web Application Firewall + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LOGalyze + product: SIEM & log analyzer tool cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - v4.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: '' + - https://sourceforge.net/software/product/LOGalyze/ + notes: 'local-log4j-vuln-scanner result: indicator for vulnerable component found + in /logalyze/lib/log4j-1.2.17.jar (org/apache/log4j/net/SocketNode.class): log4j + 1.2.17' references: - - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse ZTA + - '[Forks (github.com)](https://github.com/search?q=logalyzer&s=updated&type=Repositories)' + last_updated: '2021-12-17T00:00:00' + - vendor: LogiAnalytics + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://devnet.logianalytics.com/hc/en-us/articles/4415781801751-Statement-on-Log4j-Vulnerability-CVE-2021-44228- notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Risksense Threat and Vulnerability Management + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LogicMonitor + product: LogicMonitor Platform cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.logicmonitor.com/support/log4shell-security-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: SpeakEasy (add-on to Velocity) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LogMeIn + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: SpeakEasy (WinCE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LogRhythm + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://community.logrhythm.com/t5/Product-Security/LogRhythm-Response-to-the-Apache-Log4J-Vulnerability-Log4Shell/td-p/494068 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Terminal Emulation and Industrial Browser + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Looker + product: Looker cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '21.0' + - '21.6' + - '21.12' + - '21.16' + - '21.18' + - '21.20' fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://docs.google.com/document/d/e/2PACX-1vQGN1AYNMHxsRQ9AZNu1bKyTGRUSK_9xkQBge-nu4p8PYvBKIYHhc3914KTfVtDFIXtDhc3k6SZnR2M/pub notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Velocity + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LucaNet + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.lucanet.com/en/blog/update-vulnerability-log4j notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: VelocityCE + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Lucee + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://dev.lucee.org/t/lucee-is-not-affected-by-the-log4j-jndi-exploit-cve-2021-44228/9331/4 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Virtual Desktop Extender + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Lyrasis + product: Fedora Repository cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -53871,85 +66064,87 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 3.x + - 4.x + - 5.x + - 6.x cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: '' + - https://groups.google.com/g/fedora-tech/c/dQMQ5jaX8Xo + notes: Fedora Repository is unaffiliated with Fedora Linux. Uses logback and + explicitly excludes log4j. references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Wavelink License Server + last_updated: '2021-12-14T00:00:00' + - vendor: MailStore + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.mailstore.com/en/blog/mailstore-affected-by-log4shell/ notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Xtraction + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Maltego + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.maltego.com/blog/our-response-to-log4j-cve-2021-44228/ notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Jamasoftware - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ManageEngine + product: AD SelfService Plus cves: cve-2021-4104: investigated: false @@ -53957,10 +66152,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Build 6.1 build 6114 cve-2021-45046: investigated: false affected_versions: [] @@ -53971,14 +66167,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22 + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jamf - product: Jamf Pro + last_updated: '2021-12-27T00:00:00' + - vendor: ManageEngine + product: Servicedesk Plus cves: cve-2021-4104: investigated: false @@ -53988,7 +66183,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 10.31.0 – 10.34.0 + - 11305 and below fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -54002,13 +66197,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + - https://www.manageengine.com/products/service-desk/security-response-plan.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Janitza - product: GridVis + last_updated: '2021-12-15T00:00:00' + - vendor: ManageEngine Zoho + product: '' cves: cve-2021-4104: investigated: false @@ -54016,11 +66211,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 8.0.82 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54032,13 +66226,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.janitza.com/us/gridvis-download.html + - https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Jaspersoft - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ManageEngine Zoho + product: ADAudit Plus cves: cve-2021-4104: investigated: false @@ -54061,13 +66255,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jedox - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: ADManager Plus cves: cve-2021-4104: investigated: false @@ -54090,13 +66284,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.jedox.com/en/trust/ + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jenkins - product: CI/CD Core + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: Analytics Plus cves: cve-2021-4104: investigated: false @@ -54118,13 +66312,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jenkins - product: Plugins + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: Cloud Security Plus cves: cve-2021-4104: investigated: false @@ -54147,14 +66342,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ - notes: '[Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/)' + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + notes: '' references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: JetBrains - product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, - dotCover, dotPeek) + - vendor: ManageEngine Zoho + product: DataSecurity Plus cves: cve-2021-4104: investigated: false @@ -54162,41 +66356,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Unknown - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jetbrains - product: Code With Me - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54208,13 +66371,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Datalore + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: EventLog Analyzer cves: cve-2021-4104: investigated: false @@ -54222,41 +66385,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Unknown - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Floating license server - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '30211' - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54268,13 +66400,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Gateway + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: Exchange Reporter Plus cves: cve-2021-4104: investigated: false @@ -54282,11 +66414,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54298,13 +66429,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Hub + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: Log360 cves: cve-2021-4104: investigated: false @@ -54312,10 +66443,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 2021.1.14080 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -54328,15 +66458,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/ + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, - IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, - Rider, RubyMine, WebStorm) + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: Log360 UEBA cves: cve-2021-4104: investigated: false @@ -54344,11 +66472,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54360,13 +66487,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Kotlin + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: M365 Manager Plus cves: cve-2021-4104: investigated: false @@ -54374,11 +66501,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54390,13 +66516,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Ktor + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: M365 Security Plus cves: cve-2021-4104: investigated: false @@ -54404,11 +66530,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54420,13 +66545,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: MPS + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: RecoveryManager Plus cves: cve-2021-4104: investigated: false @@ -54434,11 +66559,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54450,13 +66574,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Space + last_updated: '2021-12-16T00:00:00' + - vendor: MariaDB + product: '' cves: cve-2021-4104: investigated: false @@ -54464,11 +66588,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54480,13 +66603,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: TeamCity + - vendor: MathWorks + product: All MathWorks general release desktop or server products cves: cve-2021-4104: investigated: false @@ -54497,8 +66620,7 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54510,13 +66632,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://youtrack.jetbrains.com/issue/TW-74298 + - https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: ToolBox + last_updated: '2022-01-18T00:00:00' + - vendor: MathWorks + product: MATLAB cves: cve-2021-4104: investigated: false @@ -54528,7 +66650,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - All cve-2021-45046: investigated: false affected_versions: [] @@ -54540,13 +66662,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: UpSource + last_updated: '2022-01-18T00:00:00' + - vendor: Matillion + product: Matillion ETL cves: cve-2021-4104: investigated: false @@ -54557,7 +66679,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 2020.1.1952 + - 1.59.10+ unaffected_versions: [] cve-2021-45046: investigated: false @@ -54570,13 +66692,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://documentation.matillion.com/docs/security-advisory-14th-december-2021 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: YouTrack InCloud + last_updated: '2022-11-01T00:00:00' + - vendor: Matomo + product: '' cves: cve-2021-4104: investigated: false @@ -54584,10 +66706,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Unknown + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -54600,13 +66721,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://forum.matomo.org/t/matomo-is-not-concerned-by-the-log4j-security-breach-cve-2021-44228-discovered-on-december-2021-the-9th/44089 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: YouTrack Standalone + - vendor: Mattermost FocalBoard + product: '' cves: cve-2021-4104: investigated: false @@ -54614,10 +66735,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 2021.4.35970 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -54630,13 +66750,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/ + - https://forum.mattermost.org/t/log4j-vulnerability-concern/12676 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JFROG - product: '' + - vendor: McAfee + product: Data Exchange Layer (DXL) Client cves: cve-2021-4104: investigated: false @@ -54658,14 +66778,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/ + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jitsi - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Data Loss Prevention (DLP) Discover cves: cve-2021-4104: investigated: false @@ -54687,14 +66806,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jitterbit - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Data Loss Prevention (DLP) Endpoint for Mac cves: cve-2021-4104: investigated: false @@ -54716,14 +66834,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Johnson Controls - product: BCPro + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Data Loss Prevention (DLP) Endpoint for Windows cves: cve-2021-4104: investigated: false @@ -54731,11 +66848,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54746,14 +66862,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CEM AC2000 + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Data Loss Prevention (DLP) Monitor cves: cve-2021-4104: investigated: false @@ -54761,11 +66876,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54776,14 +66890,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CEM Hardware Products + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Data Loss Prevention (DLP) Prevent cves: cve-2021-4104: investigated: false @@ -54791,11 +66904,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54806,14 +66918,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CloudVue Gateway + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Endpoint Security (ENS) for Linux cves: cve-2021-4104: investigated: false @@ -54821,11 +66932,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54836,14 +66946,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CloudVue Web + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Endpoint Security (ENS) for Mac cves: cve-2021-4104: investigated: false @@ -54851,11 +66960,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54866,14 +66974,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Endpoint Security (ENS) for Windows cves: cve-2021-4104: investigated: false @@ -54881,11 +66988,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 2.90.x (all 2.90 versions) + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54896,14 +67002,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Enterprise Security Manager (ESM) cves: cve-2021-4104: investigated: false @@ -54913,9 +67018,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 2.80.x (all 2.80 versions) + fixed_versions: + - 11.5.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54927,13 +67032,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: ePolicy Orchestrator Agent Handlers (ePO-AH) cves: cve-2021-4104: investigated: false @@ -54941,11 +67046,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 2.70 (All versions) + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54956,14 +67060,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: ePolicy Orchestrator Application Server (ePO) cves: cve-2021-4104: investigated: false @@ -54973,9 +67076,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 2.60 (All versions) + fixed_versions: + - 5.10 CU11 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54987,13 +67090,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: DLS + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Host Intrusion Prevention (Host IPS) cves: cve-2021-4104: investigated: false @@ -55001,11 +67104,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55016,14 +67118,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Entrapass + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Management of Native Encryption (MNE) cves: cve-2021-4104: investigated: false @@ -55031,11 +67132,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55046,14 +67146,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: exacqVision Client + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Active Response (MAR) cves: cve-2021-4104: investigated: false @@ -55061,11 +67160,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55076,14 +67174,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: exacqVision Server + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Agent (MA) cves: cve-2021-4104: investigated: false @@ -55091,11 +67188,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55106,14 +67202,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: exacqVision WebService + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Application and Change Control (MACC) for Linux cves: cve-2021-4104: investigated: false @@ -55121,11 +67216,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55136,14 +67230,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Facility Explorer + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Application and Change Control (MACC) for Windows cves: cve-2021-4104: investigated: false @@ -55151,11 +67244,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 14.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55166,14 +67258,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Illustra Cameras + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Client Proxy (MCP) for Mac cves: cve-2021-4104: investigated: false @@ -55181,11 +67272,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55196,14 +67286,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Illustra Insight + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Client Proxy (MCP) for Windows cves: cve-2021-4104: investigated: false @@ -55211,11 +67300,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55226,14 +67314,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: iSTAR + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Drive Encryption (MDE) cves: cve-2021-4104: investigated: false @@ -55241,11 +67328,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55256,14 +67342,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Metasys Products and Tools + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Security for Microsoft Exchange (MSME) cves: cve-2021-4104: investigated: false @@ -55271,11 +67356,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55286,14 +67370,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: PowerSeries NEO + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Security for Microsoft Exchange (MSME) cves: cve-2021-4104: investigated: false @@ -55301,11 +67384,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55316,14 +67398,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: PowerSeries Pro + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Security for Microsoft SharePoint (MSMS) cves: cve-2021-4104: investigated: false @@ -55331,11 +67412,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55346,14 +67426,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Qolsys IQ Panels + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Network Security Manager (NSM) cves: cve-2021-4104: investigated: false @@ -55361,11 +67440,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55376,14 +67454,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Sur‐Gard Receivers + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Network Security Platform (NSP) cves: cve-2021-4104: investigated: false @@ -55391,11 +67468,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55406,14 +67482,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Tyco AI + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Policy Auditor cves: cve-2021-4104: investigated: false @@ -55421,11 +67496,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55436,14 +67510,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: victor + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Threat Intelligence Exchange (TIE) cves: cve-2021-4104: investigated: false @@ -55451,11 +67524,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 5.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55467,13 +67539,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories - notes: '' + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + notes: Latest status in linked Security Bulletin references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: victor/ C•CURE‐9000 Unified + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Web Gateway (MWG) cves: cve-2021-4104: investigated: false @@ -55481,11 +67553,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55497,13 +67568,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: victor/ C•CURE‐9000 Unified + last_updated: '2021-12-20T00:00:00' + - vendor: Medtronic + product: '' cves: cve-2021-4104: investigated: false @@ -55511,11 +67582,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 3.91.x / victor 5.6.1 / C•CURE‐9000 2.90 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55527,13 +67597,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://global.medtronic.com/xg-en/product-security/security-bulletins/log4j-vulnerabilities.html notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: VideoEdge + - vendor: MEINBERG + product: '' cves: cve-2021-4104: investigated: false @@ -55541,11 +67611,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 5.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55557,13 +67626,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Journyx - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MEINBERG + product: LANTIME and microSync cves: cve-2021-4104: investigated: false @@ -55586,13 +67655,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228- + - https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: jPOS - product: (ISO-8583) bridge + last_updated: '2022-01-05T00:00:00' + - vendor: Meltano + product: Meltano cves: cve-2021-4104: investigated: false @@ -55600,11 +67669,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55616,12 +67684,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625 - notes: '' + - https://github.com/meltano/meltano + notes: Project is written in Python references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jump Desktop + - vendor: Memurai product: '' cves: cve-2021-4104: @@ -55645,13 +67713,52 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement + - https://www.memurai.com/blog/apache-log4j2-cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: '' + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Micro Focus + product: Data Protector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '10.20' + - '10.30' + - '10.40' + - '10.50' + - '10.60' + - '10.70' + - '10.80' + - '10.90' + - '10.91' + - '11.00' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://portal.microfocus.com/s/article/KM000003052 + notes: '' + references: + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + last_updated: '2021-12-13T00:00:00' + - vendor: Microsoft + product: Azure API Gateway cves: cve-2021-4104: investigated: false @@ -55674,13 +67781,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Justice Systems - product: '' + - vendor: Microsoft + product: Azure Application Gateway cves: cve-2021-4104: investigated: false @@ -55703,13 +67810,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.justicesystems.com/services/support/ + - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: K15t - product: '' + - vendor: Microsoft + product: Azure Data lake store java cves: cve-2021-4104: investigated: false @@ -55717,10 +67824,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - < 2.3.10 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Azure Data lake store java + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 2.3.10 + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -55732,13 +67870,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.k15t.com/k15t-apps-and-log4shell-193401141.html + - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: K6 - product: '' + - vendor: Microsoft + product: Azure DevOps cves: cve-2021-4104: investigated: false @@ -55761,13 +67899,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/ + - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Karakun - product: '' + - vendor: Microsoft + product: Azure DevOps Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2019.0 - 2020.1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Azure Traffic Manager cves: cve-2021-4104: investigated: false @@ -55790,12 +67958,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://board.karakun.com/viewtopic.php?f=21&t=8351 + - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Kaseya + - vendor: Microsoft + product: Team Foundation Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2018.2+ + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microstrategy product: '' cves: cve-2021-4104: @@ -55819,12 +68017,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + - https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Keeper Security + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Midori Global product: '' cves: cve-2021-4104: @@ -55848,12 +68046,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/ + - https://www.midori-global.com/blog/2021/12/15/cve-2021-44228-log4shell-midori-apps-are-not-affected notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Mikrotik product: '' cves: cve-2021-4104: @@ -55877,12 +68075,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit + - https://forum.mikrotik.com/viewtopic.php?p=897938 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP 2 + - vendor: Milestone sys product: '' cves: cve-2021-4104: @@ -55906,12 +68104,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228- + - https://supportcommunity.milestonesys.com/s/article/Log4J-vulnerability-faq?language=en_US notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Kofax + - vendor: Mimecast product: '' cves: cve-2021-4104: @@ -55935,12 +68133,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228) + - https://community.mimecast.com/s/article/Mimecast-Information-for-Customers-on-the-Log4Shell-Vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Konica Minolta + - vendor: Minecraft product: '' cves: cve-2021-4104: @@ -55964,12 +68162,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.konicaminolta.de/de-de/support/log4j + - https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Kronos UKG + - vendor: Mirantis product: '' cves: cve-2021-4104: @@ -55993,12 +68191,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US + - https://github.com/Mirantis/security/blob/main/news/cve-2021-44288.md notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Kyberna + - vendor: Miro product: '' cves: cve-2021-4104: @@ -56022,12 +68220,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.kyberna.com/detail/log4j-sicherheitsluecke + - https://miro.com/trust/updates/log4j/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: L-Soft + - vendor: Mitel product: '' cves: cve-2021-4104: @@ -56051,13 +68249,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://www.lsoft.com/news/log4jinfo.asp + - https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: L3Harris Geospatial - product: '' + - vendor: MMM Group + product: Control software of all MMM series cves: cve-2021-4104: investigated: false @@ -56080,13 +68278,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.l3harrisgeospatial.com/Support/Self-Help-Tools/Help-Articles/Help-Articles-Detail/ArtMID/10220/ArticleID/24141/Impact-of-Log4j-Java-Security-Vulnerability-CVE-2021-44228-on-L3Harris-Geospatial-software + - https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Lancom Systems - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: MMM Group + product: RUMED360 Cycles, RUMED360 Cycles View, RUMED360 Sicon, RUMED360 ISA-Server cves: cve-2021-4104: investigated: false @@ -56109,13 +68307,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.lancom-systems.com/service-support/instant-help/general-security-information/ + - https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Lansweeper - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: MongoDB + product: All other components of MongoDB Atlas (including Atlas Database, Data + Lake, Charts) cves: cve-2021-4104: investigated: false @@ -56138,13 +68337,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.lansweeper.com/vulnerability/critical-log4j-vulnerability-affects-millions-of-applications/ + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Laserfiche - product: '' + - vendor: MongoDB + product: MongoDB Atlas Search cves: cve-2021-4104: investigated: false @@ -56167,13 +68366,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://answers.laserfiche.com/questions/194037/Do-any-Laserfiche-products-use-the-Apache-log4j-library#194038 + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LastPass - product: '' + - vendor: MongoDB + product: MongoDB Community Edition (including Community Server, Cloud Manager, + Community Kubernetes Operators) cves: cve-2021-4104: investigated: false @@ -56196,13 +68396,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.logmeininc.com/lastpass/help/log4j-vulnerability-faq-for-lastpass-universal-proxy + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LaunchDarkly - product: '' + - vendor: MongoDB + product: MongoDB Drivers cves: cve-2021-4104: investigated: false @@ -56225,13 +68425,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://launchdarkly.com/blog/audit-shows-systems-unaffected-by-log4j/ + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Leanix - product: '' + - vendor: MongoDB + product: MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, + Enterprise Kubernetes Operators) cves: cve-2021-4104: investigated: false @@ -56254,13 +68455,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leanix.net/en/blog/log4j-vulnerability-log4shell + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio AT2 + - vendor: MongoDB + product: MongoDB Realm (including Realm Database, Sync, Functions, APIs) cves: cve-2021-4104: investigated: false @@ -56283,13 +68484,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio AT2 DX + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas + CLI, Database Connectors) cves: cve-2021-4104: investigated: false @@ -56312,13 +68514,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio CS2 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Moodle + product: '' cves: cve-2021-4104: investigated: false @@ -56341,13 +68543,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://moodle.org/mod/forum/discuss.php?d=429966 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio eSlide Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MoogSoft + product: '' cves: cve-2021-4104: investigated: false @@ -56370,13 +68572,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio GT 450 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Motorola Avigilon + product: '' cves: cve-2021-4104: investigated: false @@ -56399,42 +68601,45 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://support.avigilon.com/s/article/Technical-Notification-Apache-Log4j2-vulnerability-impact-on-Avigilon-products-CVE-2021-44228?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio GT 450 DX + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Moxa + product: '' cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ - notes: '' + - https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability + notes: Moxa is investigating to determine if any of our products are affected + by this vulnerability. At the time of publication, none of Moxa's products are + affected. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio ImageScope + last_updated: '2022-01-19T00:00:00' + - vendor: Mulesoft + product: '' cves: cve-2021-4104: investigated: false @@ -56457,13 +68662,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ - notes: '' + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio ImageScope DX + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Mulesoft + product: Anypoint Studio cves: cve-2021-4104: investigated: false @@ -56471,8 +68677,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 7.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -56486,13 +68693,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ - notes: '' + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to account holders only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio LV1 + last_updated: '2021-12-15T00:00:00' + - vendor: Mulesoft + product: Cloudhub cves: cve-2021-4104: investigated: false @@ -56515,13 +68723,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ - notes: '' + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to account holders only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio SAM DX Server For GT 450 DX + last_updated: '2021-12-15T00:00:00' + - vendor: Mulesoft + product: Mule Agent cves: cve-2021-4104: investigated: false @@ -56529,8 +68738,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -56544,13 +68754,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ - notes: '' + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to account holders only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio Scanner Administration Manager (SAM) Server for GT 450 + last_updated: '2021-12-15T00:00:00' + - vendor: Mulesoft + product: Mule Runtime cves: cve-2021-4104: investigated: false @@ -56558,8 +68769,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.x + - 4.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -56573,13 +68786,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ - notes: '' + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to account holders only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio VERSA + last_updated: '2021-12-15T00:00:00' + - vendor: N-able + product: '' cves: cve-2021-4104: investigated: false @@ -56602,13 +68816,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio WebViewer DX + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nagios + product: '' cves: cve-2021-4104: investigated: false @@ -56631,13 +68845,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND Controller + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: NAKIVO + product: '' cves: cve-2021-4104: investigated: false @@ -56660,42 +68874,46 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND RX + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: National Instruments + product: OptimalPlus cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Vertica + - Cloudera + - Logstash fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ - notes: '' + - https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html + notes: (Limited to deployments running Vertica, Cloudera, or Logstash) Contact + Technical Support references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND RXm + last_updated: '2022-01-05T00:00:00' + - vendor: Neo4j + product: Neo4j Graph Database cves: cve-2021-4104: investigated: false @@ -56703,8 +68921,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '>4.2' + - <4..2.12 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -56717,14 +68937,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND-ADVANCE + last_updated: '2021-12-13T00:00:00' + - vendor: Netapp + product: Multiple NetApp products cves: cve-2021-4104: investigated: false @@ -56747,13 +68966,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://security.netapp.com/advisory/ntap-20211210-0007/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND-III + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Netcup + product: '' cves: cve-2021-4104: investigated: false @@ -56776,13 +68995,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND-MAX + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: NetGate PFSense + product: '' cves: cve-2021-4104: investigated: false @@ -56805,13 +69024,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://forum.netgate.com/topic/168417/java-log4j-vulnerability-is-pfsense-affected/35 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: CEREBRO + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Netwrix + product: '' cves: cve-2021-4104: investigated: false @@ -56834,13 +69053,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://www.netwrix.com/netwrix_statement_on_cve_2021_44228_the_apache_log4j_vulnerability.html notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: CytoVision + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: New Relic + product: Containerized Private Minion (CPM) cves: cve-2021-4104: investigated: false @@ -56848,9 +69067,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.0.57 unaffected_versions: [] cve-2021-45046: investigated: false @@ -56863,13 +69083,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ - notes: '' + - https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/ + notes: New Relic is in the process of revising guidance/documentation, however + the fix version remains sufficient. references: - - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore PEARL + - '[Security Bulletin NR21-04](https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/)' + last_updated: '2021-12-18T00:00:00' + - vendor: New Relic + product: New Relic Java Agent cves: cve-2021-4104: investigated: false @@ -56877,8 +69098,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <7.4.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -56892,13 +69114,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ - notes: '' + - https://docs.newrelic.com/docs/release-notes/agent-release-notes/java-release-notes/java-agent-743/ + notes: Initially fixed in 7.4.2, but additional vulnerability found references: - - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore PEGASUS + - '[New Relic tracking](https://github.com/newrelic/newrelic-java-agent/issues/605), + covers CVE-2021-44228, CVE-2021-45046' + last_updated: '2021-12-20T00:00:00' + - vendor: NextCloud + product: '' cves: cve-2021-4104: investigated: false @@ -56921,13 +69144,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://help.nextcloud.com/t/apache-log4j-does-not-affect-nextcloud/129244 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore SPECTRA CV + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nextflow + product: Nextflow cves: cve-2021-4104: investigated: false @@ -56935,10 +69158,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 21.04.0.5552 cve-2021-45046: investigated: false affected_versions: [] @@ -56950,13 +69174,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://www.nextflow.io/docs/latest/index.html notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore SPECTRA ST + - vendor: Nexus Group + product: '' cves: cve-2021-4104: investigated: false @@ -56979,13 +69203,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://doc.nexusgroup.com/pages/viewpage.action?pageId=83133294 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore SPIRIT ST + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Nice Software (AWS) EnginFRAME + product: '' cves: cve-2021-4104: investigated: false @@ -57008,13 +69232,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://download.enginframe.com/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore SPRING ST + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: NinjaRMM + product: '' cves: cve-2021-4104: investigated: false @@ -57037,13 +69261,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ - notes: '' + - https://ninjarmm.zendesk.com/hc/en-us/articles/4416226194189-12-10-21-Security-Declaration-NinjaOne-not-affected-by-CVE-2021-44228-log4j- + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica ASP300S + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nomachine + product: '' cves: cve-2021-4104: investigated: false @@ -57066,13 +69291,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://forums.nomachine.com/topic/apache-log4j-notification notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica CV5030 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: NoviFlow + product: '' cves: cve-2021-4104: investigated: false @@ -57095,13 +69320,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://noviflow.com/noviflow-products-and-the-log4shell-exploit-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica ST4020 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nulab + product: Backlog cves: cve-2021-4104: investigated: false @@ -57109,9 +69334,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - N/A (SaaS) unaffected_versions: [] cve-2021-45046: investigated: false @@ -57124,13 +69350,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://nulab.com/blog/company-news/log4shell/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica ST5010 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nulab + product: Backlog Enterprise (On-premises) cves: cve-2021-4104: investigated: false @@ -57138,9 +69364,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 1.11.7 unaffected_versions: [] cve-2021-45046: investigated: false @@ -57153,13 +69380,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://nulab.com/blog/company-news/log4shell/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica ST5020 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nulab + product: Cacoo cves: cve-2021-4104: investigated: false @@ -57167,9 +69394,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - N/A (SaaS) unaffected_versions: [] cve-2021-45046: investigated: false @@ -57182,13 +69410,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://nulab.com/blog/company-news/log4shell/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica TP1020 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nulab + product: Cacoo Enterprise (On-premises) cves: cve-2021-4104: investigated: false @@ -57196,9 +69424,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 4.0.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -57211,13 +69440,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://nulab.com/blog/company-news/log4shell/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: LIS Connect + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nulab + product: Typetalk cves: cve-2021-4104: investigated: false @@ -57225,9 +69454,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - N/A (SaaS) unaffected_versions: [] cve-2021-45046: investigated: false @@ -57240,13 +69470,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://nulab.com/blog/company-news/log4shell/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: PathDX + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nutanix + product: AHV cves: cve-2021-4104: investigated: false @@ -57254,10 +69484,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -57269,13 +69500,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: ThermoBrite Elite + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: AOS cves: cve-2021-4104: investigated: false @@ -57283,10 +69514,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - LTS (including Prism Element) + - Community Edition + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: AOS + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - STS (including Prism Element) + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -57298,13 +69561,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Patched in 6.0.2.4, available on the Portal for download. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Lenovo - product: BIOS/UEFI + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Beam cves: cve-2021-4104: investigated: false @@ -57327,13 +69590,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Chassis Management Module 2 (CMM) + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: BeamGov cves: cve-2021-4104: investigated: false @@ -57356,13 +69619,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Commercial Vantage + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Calm cves: cve-2021-4104: investigated: false @@ -57370,10 +69633,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -57385,13 +69649,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Confluent + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Calm Tunnel VM cves: cve-2021-4104: investigated: false @@ -57399,10 +69663,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Collector + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -57414,13 +69709,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: DSS-G + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Collector Portal cves: cve-2021-4104: investigated: false @@ -57443,13 +69738,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Embedded System Management Java-based KVM clients + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Data Lens cves: cve-2021-4104: investigated: false @@ -57472,13 +69767,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Fan Power Controller (FPC) + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Era cves: cve-2021-4104: investigated: false @@ -57486,10 +69781,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -57501,13 +69797,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Fan Power Controller2 (FPC2) + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: File Analytics cves: cve-2021-4104: investigated: false @@ -57515,8 +69811,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.1.x + - 2.2.x + - 3.0+ fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -57530,13 +69829,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigated in version 3.0.1 which is available on the Portal for download. + Mitigation is available [here](https://portal.nutanix.com/kb/12499) references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Integrated Management Module II (IMM2) + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Files cves: cve-2021-4104: investigated: false @@ -57544,10 +69844,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -57559,13 +69860,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: NetApp ONTAP Tools for VMware vSphere + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Flow cves: cve-2021-4104: investigated: false @@ -57573,10 +69874,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -57588,15 +69890,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: See [NetApp](https://security.netapp.com/advisory/ntap-20211210-0007/) - advisory. + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: 'Network Switches running: Lenovo CNOS, Lenovo ENOS, IBM ENOS, or Brocade - FOS' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Flow Security Cental cves: cve-2021-4104: investigated: false @@ -57619,13 +69919,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Storage Management utilities + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Foundation cves: cve-2021-4104: investigated: false @@ -57633,10 +69933,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -57648,13 +69949,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: System Management Module (SMM) + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Frame cves: cve-2021-4104: investigated: false @@ -57677,13 +69978,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: System Management Module 2 (SMM2) + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: FrameGov cves: cve-2021-4104: investigated: false @@ -57706,13 +70007,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: System Update + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: FSCVM cves: cve-2021-4104: investigated: false @@ -57720,10 +70021,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -57735,13 +70037,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Thin Installer + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Insights cves: cve-2021-4104: investigated: false @@ -57764,13 +70066,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkAgile HX + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Karbon cves: cve-2021-4104: investigated: false @@ -57778,8 +70080,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -57793,15 +70096,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: Nutanix and VMware components only; hardware not affected. See [Nutanix](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) - and [VMWare](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) - advisories. + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12483) references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkAgile VX + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Karbon Platform Service cves: cve-2021-4104: investigated: false @@ -57824,14 +70125,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: VMware components only; hardware not affected. See [VMWare](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) - advisory. + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkSystem 2x1x16 Digital KVM Switch - Type 1754D1T + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: LCM cves: cve-2021-4104: investigated: false @@ -57839,10 +70139,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -57854,13 +70155,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkSystem DE Series Storage + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Leap cves: cve-2021-4104: investigated: false @@ -57883,13 +70184,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: See also NetApp advisory. + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkSystem DM Series Storage + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Mine cves: cve-2021-4104: investigated: false @@ -57897,8 +70198,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -57912,13 +70214,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: See also NetApp advisory. + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12484) references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkSystem DS Series Storage + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Move cves: cve-2021-4104: investigated: false @@ -57926,10 +70228,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -57941,13 +70244,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkSystem Manager (TSM) + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: MSP cves: cve-2021-4104: investigated: false @@ -57955,8 +70258,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -57970,13 +70274,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12482) references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Update Retriever + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: NCC cves: cve-2021-4104: investigated: false @@ -57984,10 +70288,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -57999,13 +70304,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Vantage + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: NGT cves: cve-2021-4104: investigated: false @@ -58013,10 +70318,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -58028,13 +70334,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Administrator (LXCA) + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Objects cves: cve-2021-4104: investigated: false @@ -58042,8 +70348,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -58057,13 +70364,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12482) references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Controller (XCC) + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Prism Central cves: cve-2021-4104: investigated: false @@ -58071,9 +70378,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -58086,13 +70394,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Patched in 2021-9.0.3, available on the Portal for download. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Energy Manager (LXEM) + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Sizer cves: cve-2021-4104: investigated: false @@ -58115,13 +70423,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Volumes + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Essentials (LXCE) + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Witness VM cves: cve-2021-4104: investigated: false @@ -58129,10 +70467,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12491) + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: X-Ray + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -58144,13 +70513,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for Microsoft Azure Log Analytics + last_updated: '2021-12-20T00:00:00' + - vendor: Nvidia + product: '' cves: cve-2021-4104: investigated: false @@ -58173,13 +70542,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://nvidia.custhelp.com/app/answers/detail/a_id/5294 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for Microsoft System Center + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: NXLog + product: '' cves: cve-2021-4104: investigated: false @@ -58202,13 +70571,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://nxlog.co/news/apache-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for Nagios + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Objectif Lune + product: '' cves: cve-2021-4104: investigated: false @@ -58231,13 +70600,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://learn.objectiflune.com/blog/security/statement-on-log4j-vulnerability-cve-2021-4428/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for ServiceNow + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OCLC + product: '' cves: cve-2021-4104: investigated: false @@ -58260,13 +70629,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://oclc.service-now.com/status notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for VMware vCenter + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Octopus + product: '' cves: cve-2021-4104: investigated: false @@ -58289,13 +70658,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://advisories.octopus.com/adv/December.2306508680.html notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for Windows Admin Center + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Okta + product: Advanced Server Access cves: cve-2021-4104: investigated: false @@ -58318,13 +70687,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Mobile (LXCM) + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Access Gateway cves: cve-2021-4104: investigated: false @@ -58347,13 +70716,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Orchestrator (LXCO) + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta AD Agent cves: cve-2021-4104: investigated: false @@ -58376,13 +70745,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Provisioning Manager (LXPM) + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Browser Plugin cves: cve-2021-4104: investigated: false @@ -58405,13 +70774,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: LeoStream - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta IWA Web Agent cves: cve-2021-4104: investigated: false @@ -58434,13 +70803,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.leostream.com/support/discussions/topics/66000507567 + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Let's Encrypt - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta LDAP Agent cves: cve-2021-4104: investigated: false @@ -58463,13 +70832,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.letsencrypt.org/t/log4j-vulnerability-cve-2021-44228/167464 + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LibreNMS - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Mobile cves: cve-2021-4104: investigated: false @@ -58492,13 +70861,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.librenms.org/t/is-librenms-affected-by-vulnerable-to-cve-2021-25218-cve-2021-44228/17675/6 + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LifeRay - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta On-Prem MFA Agent cves: cve-2021-4104: investigated: false @@ -58506,10 +70875,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - < 1.4.6 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta RADIUS Server Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 2.17.0 + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -58521,13 +70921,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://liferay.dev/blogs/-/blogs/log4j2-zero-day-vulnerability + - https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LifeSize - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Verify cves: cve-2021-4104: investigated: false @@ -58550,12 +70950,41 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.lifesize.com/s/article/Apache-Log4j2-CVE-2021-44228 + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Lightbend + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Workflows + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://sec.okta.com/articles/2021/12/log4shell + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Onespan product: '' cves: cve-2021-4104: @@ -58579,12 +71008,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275 + - https://www.onespan.com/remote-code-execution-vulnerability-in-log4j2-cve-2018-11776 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Lime CRM + - vendor: Opengear product: '' cves: cve-2021-4104: @@ -58608,12 +71037,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.lime-crm.com/security/lcsec21-01 + - https://opengear.zendesk.com/hc/en-us/articles/4412713339419-CVE-2021-44228-aka-Log4Shell-Opengear-products-are-not-affected notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LIONGARD + - vendor: OpenMRS TALK product: '' cves: cve-2021-4104: @@ -58637,12 +71066,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://insights.liongard.com/faq-apache-log4j-vulnerability + - https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LiquidFiles + - vendor: OpenNMS product: '' cves: cve-2021-4104: @@ -58666,12 +71095,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://mailchi.mp/liquidfiles/liquidfiles-log4j?e=%5BUNIQID%5D + - https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LiveAction + - vendor: OpenSearch product: '' cves: cve-2021-4104: @@ -58695,12 +71124,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://documentation.liveaction.com/LiveNX/LiveNX%2021.5.1%20Release%20Notes/Release%20Notes%20LiveNX%2021.5.1.1.3 + - https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Loftware + - vendor: OpenText product: '' cves: cve-2021-4104: @@ -58724,13 +71153,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.loftware.com/lps-kb/content/log4j%20cve-2021-44228.htm?Highlight=CVE-2021-44228 + - https://www.opentext.com/support/log4j-remote-code-execution-advisory notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LOGalyze - product: SIEM & log analyzer tool + last_updated: '2021-12-23T00:00:00' + - vendor: Opto 22 + product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP cves: cve-2021-4104: investigated: false @@ -58740,8 +71169,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - v4.x - fixed_versions: [] + - < 4.3g + fixed_versions: + - 4.3g unaffected_versions: [] cve-2021-45046: investigated: false @@ -58754,15 +71184,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sourceforge.net/software/product/LOGalyze/ - notes: 'local-log4j-vuln-scanner result: indicator for vulnerable component found - in /logalyze/lib/log4j-1.2.17.jar (org/apache/log4j/net/SocketNode.class): log4j - 1.2.17' + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software references: - - '[Forks (github.com)](https://github.com/search?q=logalyzer&s=updated&type=Repositories)' - last_updated: '2021-12-17T00:00:00' - - vendor: LogiAnalytics - product: '' + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GROOV-AT1, GROOV-AT1-SNAP cves: cve-2021-4104: investigated: false @@ -58770,9 +71198,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g unaffected_versions: [] cve-2021-45046: investigated: false @@ -58785,13 +71215,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devnet.logianalytics.com/hc/en-us/articles/4415781801751-Statement-on-Log4j-Vulnerability-CVE-2021-44228- - notes: '' + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LogicMonitor - product: LogicMonitor Platform + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP cves: cve-2021-4104: investigated: false @@ -58799,9 +71229,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g unaffected_versions: [] cve-2021-45046: investigated: false @@ -58814,13 +71246,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.logicmonitor.com/support/log4shell-security-vulnerability-cve-2021-44228 - notes: '' + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LogMeIn - product: '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GRV-EPIC-PR1, GRV-EPIC-PR2 cves: cve-2021-4104: investigated: false @@ -58828,9 +71260,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] + investigated: true + affected_versions: + - < 3.3.2 + fixed_versions: + - 3.3.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -58843,12 +71277,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327 - notes: '' + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LogRhythm + last_updated: '2022-01-13T00:00:00' + - vendor: Oracle product: '' cves: cve-2021-4104: @@ -58872,13 +71306,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.logrhythm.com/t5/Product-Security/LogRhythm-Response-to-the-Apache-Log4J-Vulnerability-Log4Shell/td-p/494068 - notes: '' + - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html + notes: The support document is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Looker - product: Looker + last_updated: '2021-12-17T00:00:00' + - vendor: Oracle + product: Enterprise Manager cves: cve-2021-4104: investigated: false @@ -58888,12 +71323,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - '21.0' - - '21.6' - - '21.12' - - '21.16' - - '21.18' - - '21.20' + - '13.5' + - 13.4 & 13.3.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -58907,13 +71338,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.google.com/document/d/e/2PACX-1vQGN1AYNMHxsRQ9AZNu1bKyTGRUSK_9xkQBge-nu4p8PYvBKIYHhc3914KTfVtDFIXtDhc3k6SZnR2M/pub - notes: '' + - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html + notes: Patch status and other security guidance is restricted to Oracle account/support + members. The support document is available to customers only and has not been + reviewed by CISA. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LucaNet - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Oracle + product: Exadata cves: cve-2021-4104: investigated: false @@ -58921,8 +71354,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <21.3.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -58936,12 +71370,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.lucanet.com/en/blog/update-vulnerability-log4j - notes: '' + - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html + notes: Patch status and other security guidance is restricted to Oracle account/support + members. The support document is available to customers only and has not been + reviewed by CISA. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Lucee + last_updated: '2021-12-17T00:00:00' + - vendor: Orgavision product: '' cves: cve-2021-4104: @@ -58965,13 +71401,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dev.lucee.org/t/lucee-is-not-affected-by-the-log4j-jndi-exploit-cve-2021-44228/9331/4 + - https://www.orgavision.com/neuigkeiten/sicherheitsluecke-java-library-log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Lyrasis - product: Fedora Repository + - vendor: Osirium + product: PAM cves: cve-2021-4104: investigated: false @@ -58979,14 +71415,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 3.x - - 4.x - - 5.x - - 6.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -58998,14 +71430,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://groups.google.com/g/fedora-tech/c/dQMQ5jaX8Xo - notes: Fedora Repository is unaffiliated with Fedora Linux. Uses logback and - explicitly excludes log4j. + - https://www.osirium.com/blog/apache-log4j-vulnerability + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: MailStore - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Osirium + product: PEM cves: cve-2021-4104: investigated: false @@ -59028,13 +71459,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mailstore.com/en/blog/mailstore-affected-by-log4shell/ + - https://www.osirium.com/blog/apache-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Maltego - product: '' + - vendor: Osirium + product: PPA cves: cve-2021-4104: investigated: false @@ -59057,13 +71488,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.maltego.com/blog/our-response-to-log4j-cve-2021-44228/ + - https://www.osirium.com/blog/apache-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ManageEngine - product: AD SelfService Plus + - vendor: OTRS + product: '' cves: cve-2021-4104: investigated: false @@ -59071,11 +71502,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Build 6.1 build 6114 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59086,13 +71516,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://portal.otrs.com/external notes: '' references: - '' - last_updated: '2021-12-27T00:00:00' - - vendor: ManageEngine - product: Servicedesk Plus + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OVHCloud + product: '' cves: cve-2021-4104: investigated: false @@ -59100,9 +71531,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 11305 and below + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59116,12 +71546,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.manageengine.com/products/service-desk/security-response-plan.html + - https://blog.ovhcloud.com/log4shell-how-to-protect-my-cloud-workloads/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: ManageEngine Zoho + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OwnCloud product: '' cves: cve-2021-4104: @@ -59145,13 +71575,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus + - https://central.owncloud.org/t/owncloud-not-directly-affected-by-log4j-vulnerability/35493 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ManageEngine Zoho - product: ADAudit Plus + - vendor: OxygenXML + product: Author cves: cve-2021-4104: investigated: false @@ -59173,14 +71603,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: ADManager Plus + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Developer cves: cve-2021-4104: investigated: false @@ -59202,14 +71631,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: Analytics Plus + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Editor cves: cve-2021-4104: investigated: false @@ -59231,14 +71659,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: Cloud Security Plus + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen Content Fusion cves: cve-2021-4104: investigated: false @@ -59246,8 +71673,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '2.0' + - '3.0' + - '4.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59260,14 +71690,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: DataSecurity Plus + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen Feedback Enterprise cves: cve-2021-4104: investigated: false @@ -59275,8 +71704,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.4.4 & older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59289,14 +71719,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: EventLog Analyzer + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen License Server cves: cve-2021-4104: investigated: false @@ -59304,8 +71733,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v22.1 to v24.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59318,14 +71748,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: Exchange Reporter Plus + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen PDF Chemistry cves: cve-2021-4104: investigated: false @@ -59333,8 +71762,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v22.1 + - '23.0' + - '23.1' + - '24.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59347,14 +71780,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: Log360 + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen SDK cves: cve-2021-4104: investigated: false @@ -59376,14 +71808,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: Log360 UEBA + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Plugins (see advisory link) cves: cve-2021-4104: investigated: false @@ -59405,14 +71836,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: M365 Manager Plus + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Publishing Engine cves: cve-2021-4104: investigated: false @@ -59434,14 +71864,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: M365 Security Plus + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Web Author cves: cve-2021-4104: investigated: false @@ -59463,14 +71892,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: RecoveryManager Plus + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: WebHelp cves: cve-2021-4104: investigated: false @@ -59492,14 +71920,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: MariaDB - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: PagerDuty + product: PagerDuty SaaS cves: cve-2021-4104: investigated: false @@ -59522,13 +71949,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/ - notes: '' + - https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability + notes: We currently see no evidence of compromises on our platform. Our teams + continue to monitor for new developments and for impacts on sub-processors and + dependent systems. PagerDuty SaaS customers do not need to take any additional + action for their PagerDuty SaaS environment references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MathWorks - product: All MathWorks general release desktop or server products + last_updated: '2021-12-21T00:00:00' + - vendor: Palantir + product: Palantir AI Inference Platform (AIP) cves: cve-2021-4104: investigated: false @@ -59538,7 +71968,8 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -59551,13 +71982,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time - notes: '' + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: Fully remediated as of 1.97.0. Disconnected customer instances may require + manual updates. references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: MathWorks - product: MATLAB + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Apollo cves: cve-2021-4104: investigated: false @@ -59581,13 +72013,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf - notes: '' + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact, and updates have been deployed for full remediation. references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Matillion - product: Matillion ETL + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Foundry cves: cve-2021-4104: investigated: false @@ -59598,7 +72030,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 1.59.10+ + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -59611,13 +72043,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://documentation.matillion.com/docs/security-advisory-14th-december-2021 - notes: '' + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact to Palantir-hosted or Apollo-connected instances, and updates + have been deployed for full remediation. Disconnected customer instances may + require manual updates. references: - '' - last_updated: '2022-11-01T00:00:00' - - vendor: Matomo - product: '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Gotham cves: cve-2021-4104: investigated: false @@ -59625,9 +72059,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -59640,13 +72075,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.matomo.org/t/matomo-is-not-concerned-by-the-log4j-security-breach-cve-2021-44228-discovered-on-december-2021-the-9th/44089 - notes: '' + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact to Palantir-hosted or Apollo-connected instances, and updates + have been deployed for full remediation. Disconnected customer instances may + require manual updates. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Mattermost FocalBoard - product: '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palo-Alto Networks + product: Bridgecrew cves: cve-2021-4104: investigated: false @@ -59669,13 +72106,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.mattermost.org/t/log4j-vulnerability-concern/12676 + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: McAfee - product: Data Exchange Layer (DXL) Client + - vendor: Palo-Alto Networks + product: CloudGenix cves: cve-2021-4104: investigated: false @@ -59697,13 +72134,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Discover + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex Data Lake cves: cve-2021-4104: investigated: false @@ -59725,13 +72163,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Endpoint for Mac + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex XDR Agent cves: cve-2021-4104: investigated: false @@ -59753,13 +72192,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Endpoint for Windows + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex Xpanse cves: cve-2021-4104: investigated: false @@ -59781,13 +72221,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Monitor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex XSOAR cves: cve-2021-4104: investigated: false @@ -59809,13 +72250,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Prevent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Expedition cves: cve-2021-4104: investigated: false @@ -59837,13 +72279,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Endpoint Security (ENS) for Linux + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: GlobalProtect App cves: cve-2021-4104: investigated: false @@ -59865,13 +72308,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Endpoint Security (ENS) for Mac + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: IoT Security cves: cve-2021-4104: investigated: false @@ -59893,13 +72337,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Endpoint Security (ENS) for Windows + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Okyo Grade cves: cve-2021-4104: investigated: false @@ -59921,43 +72366,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Enterprise Security Manager (ESM) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - 11.5.3 - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: ePolicy Orchestrator Agent Handlers (ePO-AH) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-OS for Firewall and Wildfire cves: cve-2021-4104: investigated: false @@ -59979,13 +72395,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: ePolicy Orchestrator Application Server (ePO) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-OS for Panorama cves: cve-2021-4104: investigated: false @@ -59994,9 +72411,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - 5.10 CU11 + affected_versions: + - '9.0' + - '9.1' + - '10.0' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -60009,13 +72428,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Host Intrusion Prevention (Host IPS) + - Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will + be updated when hot fixes for the affected Panorama versions are available. + PAN-OS for Panorama versions 8.1, 10.1 are not affected. + last_updated: '2021-12-15T00:00:00' + - vendor: Palo-Alto Networks + product: Prisma Access cves: cve-2021-4104: investigated: false @@ -60037,13 +72458,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Management of Native Encryption (MNE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Prisma Cloud cves: cve-2021-4104: investigated: false @@ -60065,13 +72487,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Active Response (MAR) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Prisma Cloud Compute cves: cve-2021-4104: investigated: false @@ -60093,13 +72516,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Agent (MA) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: SaaS Security cves: cve-2021-4104: investigated: false @@ -60121,13 +72545,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Application and Change Control (MACC) for Linux + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: User-ID Agent cves: cve-2021-4104: investigated: false @@ -60149,13 +72574,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Application and Change Control (MACC) for Windows + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: WildFire Appliance cves: cve-2021-4104: investigated: false @@ -60177,13 +72603,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Client Proxy (MCP) for Mac + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: WildFire Cloud cves: cve-2021-4104: investigated: false @@ -60205,537 +72632,554 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Client Proxy (MCP) for Windows + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Panasonic + product: KX-HDV100 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Drive Encryption (MDE) + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV130 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Security for Microsoft Exchange (MSME) + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV230 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Security for Microsoft Exchange (MSME) + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV330 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Security for Microsoft SharePoint (MSMS) + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV340 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Network Security Manager (NSM) + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV430 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Network Security Platform (NSP) + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV800 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Policy Auditor + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP500 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Threat Intelligence Exchange (TIE) + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP550 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 - notes: Latest status in linked Security Bulletin + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Web Gateway (MWG) + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP600 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Medtronic - product: '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP700 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medtronic.com/xg-en/product-security/security-bulletins/log4j-vulnerabilities.html + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: MEINBERG - product: '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UDS124 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MEINBERG - product: LANTIME and microSync + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT113 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Meltano - product: Meltano + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT123 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/meltano/meltano - notes: Project is written in Python + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Memurai - product: '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT133 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.memurai.com/blog/apache-log4j2-cve-2021-44228 + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Micro Focus - product: Data Protector + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT136 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '10.20' - - '10.30' - - '10.40' - - '10.50' - - '10.60' - - '10.70' - - '10.80' - - '10.90' - - '10.91' - - '11.00' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.microfocus.com/s/article/KM000003052 + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' - last_updated: '2021-12-13T00:00:00' - - vendor: Microsoft - product: Azure API Gateway + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT248 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microsoft - product: Azure Application Gateway + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT670 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microsoft - product: Azure Data lake store java + last_updated: '2022-01-20T00:00:00' + - vendor: Panopto + product: '' cves: cve-2021-4104: investigated: false @@ -60743,9 +73187,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 2.3.10 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60759,13 +73202,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 + - https://support.panopto.com/s/article/Panopto-Statement-on-the-Log4j2-Zero-Day-Vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microsoft - product: Azure Data lake store java + - vendor: PaperCut + product: PaperCut MF cves: cve-2021-4104: investigated: false @@ -60775,7 +73218,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.3.10 + - 21.0 and later fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60789,13 +73232,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 - notes: '' + - https://www.papercut.com/support/known-issues/?id=PO-684#ng + notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted + by this. Workaround manual steps available in reference. Upgrade to PaperCut + NG/MF version 21.2.3 Now Available to resolve. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microsoft - product: Azure DevOps + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut NG cves: cve-2021-4104: investigated: false @@ -60803,8 +73248,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 21.0 and later fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60818,13 +73264,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 - notes: '' + - https://www.papercut.com/support/known-issues/?id=PO-684#ng + notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted + by this. Workaround manual steps available in reference. Upgrade to PaperCut + NG/MF version 21.2.3 Now Available to resolve. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microsoft - product: Azure DevOps Server + last_updated: '2021-12-16T00:00:00' + - vendor: Parallels + product: '' cves: cve-2021-4104: investigated: false @@ -60832,9 +73280,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 2019.0 - 2020.1 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60848,13 +73295,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 + - https://kb.parallels.com/en/128696 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microsoft - product: Azure Traffic Manager + - vendor: Parse.ly + product: '' cves: cve-2021-4104: investigated: false @@ -60877,13 +73324,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ + - https://blog.parse.ly/parse-ly-log4shell/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microsoft - product: Team Foundation Server + - vendor: PBXMonitor + product: RMM for 3CX PBX cves: cve-2021-4104: investigated: false @@ -60891,9 +73338,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 2018.2+ + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60907,12 +73353,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 - notes: '' + - https://www.pbxmonitor.net/changelog.php + notes: Mirror Servers were also checked to ensure Log4J was not installed or being + used by any of our systems. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microstrategy + last_updated: '2021-12-22T00:00:00' + - vendor: Pega product: '' cves: cve-2021-4104: @@ -60936,12 +73383,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US + - https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Midori Global + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pentaho product: '' cves: cve-2021-4104: @@ -60965,12 +73412,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.midori-global.com/blog/2021/12/15/cve-2021-44228-log4shell-midori-apps-are-not-affected + - https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho- notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Mikrotik + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pepperl+Fuchs product: '' cves: cve-2021-4104: @@ -60994,12 +73441,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.mikrotik.com/viewtopic.php?p=897938 + - https://www.pepperl-fuchs.com/global/en/29079.htm notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Milestone sys + last_updated: '2021-12-21T00:00:00' + - vendor: Percona product: '' cves: cve-2021-4104: @@ -61023,12 +73470,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcommunity.milestonesys.com/s/article/Log4J-vulnerability-faq?language=en_US + - https://www.percona.com/blog/log4jshell-vulnerability-update/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Mimecast + - vendor: Pexip product: '' cves: cve-2021-4104: @@ -61052,12 +73499,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.mimecast.com/s/article/Mimecast-Information-for-Customers-on-the-Log4Shell-Vulnerability + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Minecraft + - vendor: Phenix Id product: '' cves: cve-2021-4104: @@ -61081,13 +73528,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition + - https://support.phenixid.se/uncategorized/log4j-fix/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Mirantis - product: '' + - vendor: Philips + product: Multiple products cves: cve-2021-4104: investigated: false @@ -61110,13 +73557,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/Mirantis/security/blob/main/news/cve-2021-44288.md + - https://www.philips.com/a-w/security/security-advisories.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Miro - product: '' + - vendor: PHOENIX CONTACT + product: Cloud Services cves: cve-2021-4104: investigated: false @@ -61139,13 +73586,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://miro.com/trust/updates/log4j/ - notes: '' + - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + notes: Partly affected. Remediations are being implemented. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Mitel - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: PHOENIX CONTACT + product: Physical products containing firmware cves: cve-2021-4104: investigated: false @@ -61168,13 +73615,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010 + - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MMM Group - product: Control software of all MMM series + last_updated: '2021-12-22T00:00:00' + - vendor: PHOENIX CONTACT + product: Software Products cves: cve-2021-4104: investigated: false @@ -61197,13 +73644,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j + - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: MMM Group - product: RUMED360 Cycles, RUMED360 Cycles View, RUMED360 Sicon, RUMED360 ISA-Server + last_updated: '2021-12-22T00:00:00' + - vendor: Ping Identity + product: PingAccess + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 4.0 <= version <= 6.3.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingCentral cves: cve-2021-4104: investigated: false @@ -61226,14 +73703,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: MongoDB - product: All other components of MongoDB Atlas (including Atlas Database, Data - Lake, Charts) + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate cves: cve-2021-4104: investigated: false @@ -61241,10 +73717,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - 8.0 <= version <= 10.3.4 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate Java Integration Kit + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 2.7.2 + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61256,13 +73763,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MongoDB - product: MongoDB Atlas Search + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate OAuth Playground + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 4.3.1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingIntelligence cves: cve-2021-4104: investigated: false @@ -61285,14 +73822,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MongoDB - product: MongoDB Community Edition (including Community Server, Cloud Manager, - Community Kubernetes Operators) + last_updated: '2021-12-15T00:00:00' + - vendor: Pitney Bowes + product: '' cves: cve-2021-4104: investigated: false @@ -61315,13 +73851,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MongoDB - product: MongoDB Drivers + - vendor: Planmeca + product: '' cves: cve-2021-4104: investigated: false @@ -61344,14 +73880,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://www.planmeca.com/apache-log4j-vulnerability-in-planmeca-products/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MongoDB - product: MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, - Enterprise Kubernetes Operators) + - vendor: Planon Software + product: '' cves: cve-2021-4104: investigated: false @@ -61374,13 +73909,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb - notes: '' + - https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/ + notes: This advisory is available for customers only and has not been reviewed + by CISA references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MongoDB - product: MongoDB Realm (including Realm Database, Sync, Functions, APIs) + - vendor: Platform.SH + product: '' cves: cve-2021-4104: investigated: false @@ -61403,14 +73939,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://platform.sh/blog/2021/platformsh-protects-from-apache-log4j/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MongoDB - product: MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas - CLI, Database Connectors) + - vendor: Plesk + product: '' cves: cve-2021-4104: investigated: false @@ -61433,12 +73968,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Moodle + - vendor: Plex + product: Plex Industrial IoT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: The product has been updated to Log4j version 2.15. An additional patch + is being developed to update to 2.16. No user interaction is required. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Polycom product: '' cves: cve-2021-4104: @@ -61462,12 +74027,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://moodle.org/mod/forum/discuss.php?d=429966 + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MoogSoft + - vendor: Portainer product: '' cves: cve-2021-4104: @@ -61491,12 +74056,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228 + - https://www.portainer.io/blog/portainer-statement-re-log4j-cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Motorola Avigilon + - vendor: PortSwigger product: '' cves: cve-2021-4104: @@ -61520,44 +74085,41 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avigilon.com/s/article/Technical-Notification-Apache-Log4j2-vulnerability-impact-on-Avigilon-products-CVE-2021-44228?language=en_US + - https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Moxa + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PostGreSQL product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability - notes: Moxa is investigating to determine if any of our products are affected - by this vulnerability. At the time of publication, none of Moxa's products are - affected. + - https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/ + notes: '' references: - '' - last_updated: '2022-01-19T00:00:00' - - vendor: Mulesoft + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Postman product: '' cves: cve-2021-4104: @@ -61581,14 +74143,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://support.postman.com/hc/en-us/articles/4415791933335-Is-Postman-impacted-by-the-Log4j-vulnerability-CVE-2021-44228- + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Mulesoft - product: Anypoint Studio + - vendor: Power Admin LLC + product: PA File Sight cves: cve-2021-4104: investigated: false @@ -61597,10 +74158,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 7.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - NONE cve-2021-45046: investigated: false affected_versions: [] @@ -61611,15 +74172,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to account holders only and has not been reviewed - by CISA. + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Mulesoft - product: Cloudhub + last_updated: '2021-12-17T00:00:00' + - vendor: Power Admin LLC + product: PA Server Monitor cves: cve-2021-4104: investigated: false @@ -61627,10 +74186,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - NONE cve-2021-45046: investigated: false affected_versions: [] @@ -61641,15 +74201,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to account holders only and has not been reviewed - by CISA. + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Mulesoft - product: Mule Agent + last_updated: '2021-12-17T00:00:00' + - vendor: Power Admin LLC + product: PA Storage Monitor cves: cve-2021-4104: investigated: false @@ -61658,10 +74216,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - NONE cve-2021-45046: investigated: false affected_versions: [] @@ -61672,15 +74230,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to account holders only and has not been reviewed - by CISA. + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Mulesoft - product: Mule Runtime + last_updated: '2021-12-17T00:00:00' + - vendor: Pretix + product: '' cves: cve-2021-4104: investigated: false @@ -61688,10 +74244,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 3.x - - 4.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61705,13 +74259,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to account holders only and has not been reviewed - by CISA. + - https://pretix.eu/about/de/blog/20211213-log4j/ + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: N-able + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PrimeKey product: '' cves: cve-2021-4104: @@ -61735,12 +74288,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability + - https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nagios + - vendor: Progress / IpSwitch product: '' cves: cve-2021-4104: @@ -61764,12 +74317,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/ + - https://www.progress.com/security notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: NAKIVO + - vendor: ProofPoint product: '' cves: cve-2021-4104: @@ -61793,46 +74346,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145 - notes: '' + - https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2 + notes: This advisory is available for customers only and has not been reviewed + by CISA references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: National Instruments - product: OptimalPlus + - vendor: ProSeS + product: '' cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Vertica - - Cloudera - - Logstash + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html - notes: (Limited to deployments running Vertica, Cloudera, or Logstash) Contact - Technical Support + - https://www.proses.de/en/2021/12/16/log4shell-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Neo4j - product: Neo4j Graph Database + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Prosys + product: '' cves: cve-2021-4104: investigated: false @@ -61840,10 +74390,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '>4.2' - - <4..2.12 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61856,13 +74404,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://prosysopc.com/news/important-security-release/ notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Netapp - product: Multiple NetApp products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Proxmox + product: '' cves: cve-2021-4104: investigated: false @@ -61885,12 +74434,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.netapp.com/advisory/ntap-20211210-0007/ + - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Netcup + - vendor: PRTG Paessler product: '' cves: cve-2021-4104: @@ -61914,13 +74463,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/ + - https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: NetGate PFSense - product: '' + - vendor: PTC + product: Axeda Platform cves: cve-2021-4104: investigated: false @@ -61928,8 +74477,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.9.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61943,13 +74493,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.netgate.com/topic/168417/java-log4j-vulnerability-is-pfsense-affected/35 + - https://www.ptc.com/en/support/article/CS358990 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Netwrix - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingsWorx Analytics cves: cve-2021-4104: investigated: false @@ -61957,10 +74507,49 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - '8.5' + - '9.0' + - '9.1' + - '9.2' + - All supported versions + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingsWorx Platform + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '8.5' + - '9.0' + - '9.1' + - '9.2' + - All supported versions + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61972,13 +74561,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.netwrix.com/netwrix_statement_on_cve_2021_44228_the_apache_log4j_vulnerability.html + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: New Relic - product: Containerized Private Minion (CPM) + last_updated: '2021-12-17T00:00:00' + - vendor: PTV Group + product: '' cves: cve-2021-4104: investigated: false @@ -61986,10 +74575,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 3.0.57 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62002,14 +74590,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/ - notes: New Relic is in the process of revising guidance/documentation, however - the fix version remains sufficient. + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' references: - - '[Security Bulletin NR21-04](https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/)' - last_updated: '2021-12-18T00:00:00' - - vendor: New Relic - product: New Relic Java Agent + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Connect Secure (ICS) cves: cve-2021-4104: investigated: false @@ -62017,9 +74604,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <7.4.3 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -62033,14 +74619,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.newrelic.com/docs/release-notes/agent-release-notes/java-release-notes/java-agent-743/ - notes: Initially fixed in 7.4.2, but additional vulnerability found + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' references: - - '[New Relic tracking](https://github.com/newrelic/newrelic-java-agent/issues/605), - covers CVE-2021-44228, CVE-2021-45046' - last_updated: '2021-12-20T00:00:00' - - vendor: NextCloud - product: '' + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for secure Access cves: cve-2021-4104: investigated: false @@ -62063,13 +74648,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.nextcloud.com/t/apache-log4j-does-not-affect-nextcloud/129244 + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nextflow - product: Nextflow + - vendor: Pulse Secure + product: Ivanti Neurons for secure Access cves: cve-2021-4104: investigated: false @@ -62077,11 +74662,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 21.04.0.5552 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62093,13 +74677,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.nextflow.io/docs/latest/index.html + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Nexus Group - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for ZTA cves: cve-2021-4104: investigated: false @@ -62122,13 +74706,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://doc.nexusgroup.com/pages/viewpage.action?pageId=83133294 + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nice Software (AWS) EnginFRAME - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for ZTA cves: cve-2021-4104: investigated: false @@ -62151,13 +74735,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.enginframe.com/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: NinjaRMM - product: '' + - vendor: Pulse Secure + product: Pulse Connect Secure cves: cve-2021-4104: investigated: false @@ -62180,14 +74764,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ninjarmm.zendesk.com/hc/en-us/articles/4416226194189-12-10-21-Security-Declaration-NinjaOne-not-affected-by-CVE-2021-44228-log4j- - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nomachine - product: '' + - vendor: Pulse Secure + product: Pulse Desktop Client cves: cve-2021-4104: investigated: false @@ -62210,13 +74793,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.nomachine.com/topic/apache-log4j-notification + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: NoviFlow - product: '' + - vendor: Pulse Secure + product: Pulse Mobile Client cves: cve-2021-4104: investigated: false @@ -62239,13 +74822,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://noviflow.com/noviflow-products-and-the-log4shell-exploit-cve-2021-44228/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nulab - product: Backlog + - vendor: Pulse Secure + product: Pulse One cves: cve-2021-4104: investigated: false @@ -62253,10 +74836,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - N/A (SaaS) + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62269,13 +74851,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nulab - product: Backlog Enterprise (On-premises) + - vendor: Pulse Secure + product: Pulse Policy Secure cves: cve-2021-4104: investigated: false @@ -62283,10 +74865,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - < 1.11.7 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62299,13 +74880,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nulab - product: Cacoo + - vendor: Pulse Secure + product: Pulse Secure Services Director cves: cve-2021-4104: investigated: false @@ -62313,10 +74894,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - N/A (SaaS) + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62329,13 +74909,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nulab - product: Cacoo Enterprise (On-premises) + - vendor: Pulse Secure + product: Pulse Secure Virtual Traffic Manager cves: cve-2021-4104: investigated: false @@ -62343,10 +74923,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - < 4.0.4 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62359,13 +74938,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nulab - product: Typetalk + - vendor: Pulse Secure + product: Pulse Secure Web Application Firewall cves: cve-2021-4104: investigated: false @@ -62373,10 +74952,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - N/A (SaaS) + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62389,13 +74967,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nutanix - product: AHV + - vendor: Pulse Secure + product: Pulse ZTA cves: cve-2021-4104: investigated: false @@ -62403,11 +74981,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62419,13 +74996,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: AOS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Puppet + product: '' cves: cve-2021-4104: investigated: false @@ -62433,12 +75010,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - LTS (including Prism Element) - - Community Edition + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62450,13 +75025,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: AOS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pure Storage + product: '' cves: cve-2021-4104: investigated: false @@ -62464,10 +75039,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - STS (including Prism Element) + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62480,13 +75054,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Patched in 6.0.2.4, available on the Portal for download. + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22) + notes: This advisory is available for customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Beam + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pure Storage + product: Cloud Blockstore cves: cve-2021-4104: investigated: false @@ -62494,10 +75069,45 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - CBS6.1.x + - CBS6.2.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: Patch expected 12/27/2021 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: Flash Array + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 5.3.x + - 6.0.x + - 6.1.x + - 6.2.x + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62509,13 +75119,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: Patch expected 12/20/2021 references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: BeamGov + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: FlashBlade cves: cve-2021-4104: investigated: false @@ -62523,10 +75133,43 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - 3.1.x + - 3.2.x + - 3.3.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: Patch expected 12/24/2021 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: PortWorx + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.8.0+ + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62538,13 +75181,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Calm + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: Pure1 cves: cve-2021-4104: investigated: false @@ -62554,9 +75197,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62568,13 +75211,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Calm Tunnel VM + last_updated: '2021-12-15T00:00:00' + - vendor: Pyramid Analytics + product: '' cves: cve-2021-4104: investigated: false @@ -62582,11 +75225,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62598,13 +75240,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Collector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Qconference + product: FaceTalk cves: cve-2021-4104: investigated: false @@ -62614,9 +75256,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62628,13 +75270,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://qconferencing.com/status-vulnerability-log4j-en-qconferencing/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Collector Portal + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: QF-Test + product: All cves: cve-2021-4104: investigated: false @@ -62657,13 +75299,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Data Lens + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Qlik + product: AIS, including ARC cves: cve-2021-4104: investigated: false @@ -62671,10 +75313,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -62686,13 +75329,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Era + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Attunity Visibility cves: cve-2021-4104: investigated: false @@ -62716,13 +75359,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: File Analytics + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: AutoML cves: cve-2021-4104: investigated: false @@ -62731,12 +75374,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.1.x - - 2.2.x - - 3.0+ + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -62748,14 +75389,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigated in version 3.0.1 which is available on the Portal for download. - Mitigation is available [here](https://portal.nutanix.com/kb/12499) + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Files + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Blendr cves: cve-2021-4104: investigated: false @@ -62779,13 +75419,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Flow + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DL cves: cve-2021-4104: investigated: false @@ -62795,9 +75435,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '6.6' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62809,13 +75449,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Flow Security Cental + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DW cves: cve-2021-4104: investigated: false @@ -62823,9 +75463,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '6.6' + - 6.6.1 + - '7.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -62838,13 +75481,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Foundation + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Catalog cves: cve-2021-4104: investigated: false @@ -62854,9 +75497,15 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - 4.10.0 + - 4.10.1 + - 4.10.2 + - 4.11.0 + - 4.11.1 + - 4.12.0 + - 4.12.1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62868,13 +75517,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Frame + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose cves: cve-2021-4104: investigated: false @@ -62882,9 +75531,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '2021.2' + - '2021.5' + - '2021.8' unaffected_versions: [] cve-2021-45046: investigated: false @@ -62897,13 +75549,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: FrameGov + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Lakes cves: cve-2021-4104: investigated: false @@ -62911,10 +75563,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '6.6' cve-2021-45046: investigated: false affected_versions: [] @@ -62926,13 +75579,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869987 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: FSCVM + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Wharehouses cves: cve-2021-4104: investigated: false @@ -62944,7 +75597,9 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '6.6' + - 6.6.1 + - '7.0' cve-2021-45046: investigated: false affected_versions: [] @@ -62956,13 +75611,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869990 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Insights + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Plus cves: cve-2021-4104: investigated: false @@ -62970,9 +75625,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 5.26.5 + - 5.27.5 - 5.28.2 + - 5.29.4 - 5.30.1 + - 5.31.1 + - 5.31.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -62985,13 +75645,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Karbon + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Server cves: cve-2021-4104: investigated: false @@ -63000,9 +75660,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 4.19.1 - 4.27.3 + - 4.23.4 + - 4.32.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -63015,13 +75677,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12483) + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Karbon Platform Service + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nodegraph cves: cve-2021-4104: investigated: false @@ -63029,10 +75691,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -63044,13 +75707,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: LCM + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nprinting cves: cve-2021-4104: investigated: false @@ -63074,13 +75737,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Leap + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: ODBC Connector Package cves: cve-2021-4104: investigated: false @@ -63088,10 +75751,44 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: QEM + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -63103,13 +75800,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Mine + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Alerting cves: cve-2021-4104: investigated: false @@ -63118,10 +75815,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: [] + unaffected_versions: - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - May 2021 release and after cve-2021-45046: investigated: false affected_versions: [] @@ -63133,13 +75860,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12484) + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Move + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Data Transfer cves: cve-2021-4104: investigated: false @@ -63151,7 +75878,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -63163,13 +75890,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: MSP + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Enterprise Manager cves: cve-2021-4104: investigated: false @@ -63178,9 +75905,12 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' unaffected_versions: [] cve-2021-45046: investigated: false @@ -63193,13 +75923,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12482) + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869994 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: NCC + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Forts cves: cve-2021-4104: investigated: false @@ -63211,7 +75941,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -63223,13 +75953,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: NGT + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik RepliWeb and ARC cves: cve-2021-4104: investigated: false @@ -63253,13 +75983,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Objects + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Business cves: cve-2021-4104: investigated: false @@ -63268,10 +75998,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -63283,13 +76013,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12482) + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Prism Central + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise cves: cve-2021-4104: investigated: false @@ -63299,9 +76029,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - All - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -63313,13 +76043,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Patched in 2021-9.0.3, available on the Portal for download. + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Sizer + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise SaaS cves: cve-2021-4104: investigated: false @@ -63327,10 +76057,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -63342,13 +76073,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Volumes + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik View cves: cve-2021-4104: investigated: false @@ -63372,13 +76103,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Witness VM + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Web Connectors cves: cve-2021-4104: investigated: false @@ -63387,10 +76118,43 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: [] + unaffected_versions: - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Replicate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -63402,13 +76166,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12491) + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: X-Ray + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: REST Connectors cves: cve-2021-4104: investigated: false @@ -63432,13 +76196,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nvidia - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Salesforce and SAP Connectors cves: cve-2021-4104: investigated: false @@ -63446,10 +76210,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -63461,13 +76226,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nvidia.custhelp.com/app/answers/detail/a_id/5294 - notes: '' + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: Connectos are not affected. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: NXLog - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: QMATIC + product: Appointment Booking cves: cve-2021-4104: investigated: false @@ -63475,10 +76240,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.4+ + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + notes: Update to v. 2.8.2 which contains log4j 2.16 + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: QMATIC + product: Appointment Booking + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud/Managed Service + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -63490,13 +76286,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nxlog.co/news/apache-log4j-vulnerability-cve-2021-44228 - notes: '' + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + notes: log4j 2.16 applied 2021-12-15 references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Objectif Lune - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: QMATIC + product: Insights cves: cve-2021-4104: investigated: false @@ -63504,10 +76300,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + notes: log4j 2.16 applied 2021-12-16 + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: QMATIC + product: Orchestra Central + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 6.0+ cve-2021-45046: investigated: false affected_versions: [] @@ -63519,13 +76346,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://learn.objectiflune.com/blog/security/statement-on-log4j-vulnerability-cve-2021-4428/ + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OCLC - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: QNAP + product: QES Operating System cves: cve-2021-4104: investigated: false @@ -63533,10 +76360,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -63548,13 +76376,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://oclc.service-now.com/status + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Octopus - product: '' + - vendor: QNAP + product: Qsirch cves: cve-2021-4104: investigated: false @@ -63562,10 +76390,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -63577,13 +76406,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://advisories.octopus.com/adv/December.2306508680.html + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Okta - product: Advanced Server Access + - vendor: QNAP + product: QTS Operating System cves: cve-2021-4104: investigated: false @@ -63591,10 +76420,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -63606,13 +76436,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Access Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QuTS Hero Operating System cves: cve-2021-4104: investigated: false @@ -63620,10 +76450,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -63635,13 +76466,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta AD Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QOPPA + product: All cves: cve-2021-4104: investigated: false @@ -63664,13 +76495,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Browser Plugin + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QOS.ch + product: SLF4J Simple Logging Facade for Java cves: cve-2021-4104: investigated: false @@ -63693,13 +76524,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://www.slf4j.org/log4shell.html notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta IWA Web Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QSC Q-SYS + product: All cves: cve-2021-4104: investigated: false @@ -63722,13 +76553,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta LDAP Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QT + product: All cves: cve-2021-4104: investigated: false @@ -63751,13 +76582,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Mobile + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Foglight cves: cve-2021-4104: investigated: false @@ -63768,7 +76599,8 @@ software: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '5.9' cve-2021-45046: investigated: false affected_versions: [] @@ -63780,13 +76612,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta On-Prem MFA Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Foglight cves: cve-2021-4104: investigated: false @@ -63795,9 +76627,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 1.4.6 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '6.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -63810,13 +76642,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228 + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta RADIUS Server Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Quest KACE SMA cves: cve-2021-4104: investigated: false @@ -63825,10 +76657,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2.17.0 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -63840,13 +76672,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228 + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Verify + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: R + product: R cves: cve-2021-4104: investigated: false @@ -63854,10 +76686,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 4.1.1 cve-2021-45046: investigated: false affected_versions: [] @@ -63869,13 +76702,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://www.r-project.org/ notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Workflows + last_updated: '2021-12-21T00:00:00' + - vendor: R2ediviewer + product: '' cves: cve-2021-4104: investigated: false @@ -63898,12 +76731,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://r2ediviewer.de/DE/reload.html?Change-log_17858584.html notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Onespan + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Radware product: '' cves: cve-2021-4104: @@ -63927,13 +76760,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.onespan.com/remote-code-execution-vulnerability-in-log4j2-cve-2018-11776 + - https://support.radware.com/app/answers/answer_view/a_id/1029752 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Opengear - product: '' + - vendor: Rapid7 + product: AlcidekArt, kAdvisor, and kAudit cves: cve-2021-4104: investigated: false @@ -63941,10 +76774,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -63956,13 +76790,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://opengear.zendesk.com/hc/en-us/articles/4412713339419-CVE-2021-44228-aka-Log4Shell-Opengear-products-are-not-affected + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OpenMRS TALK - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: AppSpider Enterprise cves: cve-2021-4104: investigated: false @@ -63970,10 +76804,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -63985,13 +76820,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341 + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OpenNMS - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: AppSpider Pro cves: cve-2021-4104: investigated: false @@ -63999,10 +76834,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -64014,13 +76850,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/ + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OpenSearch - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Insight Agent cves: cve-2021-4104: investigated: false @@ -64028,10 +76864,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -64043,13 +76880,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950 + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OpenText - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightAppSec Scan Engine cves: cve-2021-4104: investigated: false @@ -64057,10 +76894,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -64072,13 +76910,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.opentext.com/support/log4j-remote-code-execution-advisory + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Opto 22 - product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightAppSec Scan Engine cves: cve-2021-4104: investigated: false @@ -64087,11 +76925,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 4.3g - fixed_versions: - - 4.3g - unaffected_versions: [] + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -64103,13 +76940,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit - notes: The Log4j vulnerability affects all products running groov View software + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Opto 22 - product: GROOV-AT1, GROOV-AT1-SNAP + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightCloudSec/DivvyCloud cves: cve-2021-4104: investigated: false @@ -64118,11 +76955,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 4.3g - fixed_versions: - - 4.3g - unaffected_versions: [] + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -64134,13 +76970,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit - notes: The Log4j vulnerability affects all products running groov View software + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Opto 22 - product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightConnect Orchestrator cves: cve-2021-4104: investigated: false @@ -64149,11 +76985,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 4.3g - fixed_versions: - - 4.3g - unaffected_versions: [] + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -64165,13 +77000,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit - notes: The Log4j vulnerability affects all products running groov View software + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Opto 22 - product: GRV-EPIC-PR1, GRV-EPIC-PR2 + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightIDR Network Sensor cves: cve-2021-4104: investigated: false @@ -64180,11 +77015,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 3.3.2 - fixed_versions: - - 3.3.2 - unaffected_versions: [] + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -64196,13 +77030,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit - notes: The Log4j vulnerability affects all products running groov View software + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Oracle - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightIDR/InsightOps Collector & Event Sources cves: cve-2021-4104: investigated: false @@ -64210,10 +77044,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -64225,14 +77060,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html - notes: The support document is available to customers only and has not been reviewed - by CISA + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Oracle - product: Enterprise Manager + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps DataHub cves: cve-2021-4104: investigated: false @@ -64242,8 +77076,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '13.5' - - 13.4 & 13.3.2 + - InsightOps DataHub <= 2.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64257,15 +77090,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html - notes: Patch status and other security guidance is restricted to Oracle account/support - members. The support document is available to customers only and has not been - reviewed by CISA. + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Upgrade [DataHub to version 2.0.1](https://rep.logentries.com/datahub/DataHub_2.0.1.deb) + using the [following instructions](https://docs.rapid7.com/insightops/setting-up-datahub/). references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Oracle - product: Exadata + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps non-Java logging libraries cves: cve-2021-4104: investigated: false @@ -64274,10 +77106,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <21.3.4 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -64289,15 +77121,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html - notes: Patch status and other security guidance is restricted to Oracle account/support - members. The support document is available to customers only and has not been - reviewed by CISA. + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Orgavision - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps r7insight_java logging library cves: cve-2021-4104: investigated: false @@ -64305,8 +77135,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <=3.0.8 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64320,13 +77151,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.orgavision.com/neuigkeiten/sicherheitsluecke-java-library-log4j - notes: '' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Upgrade [r7insight_java](https://github.com/rapid7/r7insight_java) to 3.0.9 references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Osirium - product: PAM + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM Kubernetes Monitor cves: cve-2021-4104: investigated: false @@ -64334,10 +77165,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -64349,13 +77181,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.osirium.com/blog/apache-log4j-vulnerability + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Osirium - product: PEM + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose cves: cve-2021-4104: investigated: false @@ -64363,10 +77195,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -64378,13 +77211,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.osirium.com/blog/apache-log4j-vulnerability + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Osirium - product: PPA + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose Console cves: cve-2021-4104: investigated: false @@ -64392,10 +77225,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -64407,13 +77241,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.osirium.com/blog/apache-log4j-vulnerability - notes: '' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” + packaged in them. This is a different library than log4j-core and is not vulnerable + to Log4Shell. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OTRS - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose Engine cves: cve-2021-4104: investigated: false @@ -64421,10 +77257,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -64436,13 +77273,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.otrs.com/external - notes: '' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” + packaged in them. This is a different library than log4j-core and is not vulnerable + to Log4Shell. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OVHCloud - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: IntSights virtual appliance cves: cve-2021-4104: investigated: false @@ -64450,10 +77289,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -64465,13 +77305,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.ovhcloud.com/log4shell-how-to-protect-my-cloud-workloads/ + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OwnCloud - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Logentries DataHub cves: cve-2021-4104: investigated: false @@ -64479,8 +77319,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Linux version <= 1.2.0.820; Windows version <= 1.2.0.820 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64494,13 +77335,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://central.owncloud.org/t/owncloud-not-directly-affected-by-log4j-vulnerability/35493 - notes: '' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: 'Linux: Install DataHub_1.2.0.822.deb using the following [instructions](https://docs.logentries.com/docs/datahub-linux). + Windows: Run version 1.2.0.822 in a Docker container or as a Java command per + these [instructions](https://docs.logentries.com/docs/datahub-windows). You + can find more details [here](https://docs.logentries.com/docs/datahub-linux).' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OxygenXML - product: Author + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Logentries le_java logging library cves: cve-2021-4104: investigated: false @@ -64508,8 +77352,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'All versions: this is a deprecated component' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64522,13 +77367,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Migrate to version 3.0.9 of [r7insight_java](https://github.com/rapid7/r7insight_java) references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Developer + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Metasploit Framework cves: cve-2021-4104: investigated: false @@ -64536,10 +77382,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -64550,13 +77397,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Editor + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Metasploit Pro cves: cve-2021-4104: investigated: false @@ -64564,10 +77412,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -64578,13 +77427,16 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Metasploit Pro ships with log4j but has specific configurations applied + to it that mitigate Log4Shell. A future update will contain a fully patched + version of log4j. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen Content Fusion + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: tCell Java Agent cves: cve-2021-4104: investigated: false @@ -64593,12 +77445,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '2.0' - - '3.0' - - '4.1' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -64609,13 +77459,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen Feedback Enterprise + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Velociraptor cves: cve-2021-4104: investigated: false @@ -64624,10 +77475,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.4.4 & older + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -64638,13 +77489,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen License Server + last_updated: '2021-12-15T00:00:00' + - vendor: Raritan + product: '' cves: cve-2021-4104: investigated: false @@ -64652,9 +77504,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - v22.1 to v24.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64667,13 +77518,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://www.raritan.com/support + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen PDF Chemistry + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ravelin + product: '' cves: cve-2021-4104: investigated: false @@ -64681,12 +77533,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - v22.1 - - '23.0' - - '23.1' - - '24.0' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64699,13 +77547,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://syslog.ravelin.com/log4shell-cve-2021-44228-4338bb8da67b + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen SDK + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Real-Time Innovations (RTI) + product: Distributed Logger cves: cve-2021-4104: investigated: false @@ -64727,13 +77576,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Plugins (see advisory link) + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: Recording Console cves: cve-2021-4104: investigated: false @@ -64755,13 +77605,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Publishing Engine + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Administration Console cves: cve-2021-4104: investigated: false @@ -64783,13 +77634,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Web Author + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Code Generator cves: cve-2021-4104: investigated: false @@ -64811,13 +77663,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: WebHelp + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Code Generator Server cves: cve-2021-4104: investigated: false @@ -64839,13 +77692,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: PagerDuty - product: PagerDuty SaaS + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Micro Application Generator (MAG) cves: cve-2021-4104: investigated: false @@ -64853,8 +77707,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - as part of RTI Connext Micro 3.0.0 + - 3.0.1 + - 3.0.2 + - 3.0.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64868,16 +77726,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability - notes: We currently see no evidence of compromises on our platform. Our teams - continue to monitor for new developments and for impacts on sub-processors and - dependent systems. PagerDuty SaaS customers do not need to take any additional - action for their PagerDuty SaaS environment + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Palantir - product: Palantir AI Inference Platform (AIP) + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Micro Application Generator (MAG) cves: cve-2021-4104: investigated: false @@ -64886,9 +77741,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - All + affected_versions: + - as part of RTI Connext Professional 6.0.0 and 6.0.1 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -64901,14 +77756,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.palantir.com/security-advisories/log4j-vulnerability/ - notes: Fully remediated as of 1.97.0. Disconnected customer instances may require - manual updates. + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Palantir - product: Palantir Apollo + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Monitor cves: cve-2021-4104: investigated: false @@ -64916,11 +77770,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -64932,13 +77785,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.palantir.com/security-advisories/log4j-vulnerability/ - notes: No impact, and updates have been deployed for full remediation. + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Palantir - product: Palantir Foundry + last_updated: '2021-12-16T00:00:00' + - vendor: Red Hat + product: log4j-core cves: cve-2021-4104: investigated: false @@ -64946,10 +77799,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -64962,15 +77814,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.palantir.com/security-advisories/log4j-vulnerability/ - notes: No impact to Palantir-hosted or Apollo-connected instances, and updates - have been deployed for full remediation. Disconnected customer instances may - require manual updates. + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Palantir - product: Palantir Gotham + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Integration Camel K cves: cve-2021-4104: investigated: false @@ -64978,10 +77828,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -64994,15 +77843,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.palantir.com/security-advisories/log4j-vulnerability/ - notes: No impact to Palantir-hosted or Apollo-connected instances, and updates - have been deployed for full remediation. Disconnected customer instances may - require manual updates. + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5130](https://access.redhat.com/errata/RHSA-2021:5130)' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Palo-Alto Networks - product: Bridgecrew + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat build of Quarkus cves: cve-2021-4104: investigated: false @@ -65025,13 +77872,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: CloudGenix + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat CodeReady Studio cves: cve-2021-4104: investigated: false @@ -65039,9 +77886,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 12.21.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -65054,13 +77902,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[CRS 12.21.1 Patch](https://developers.redhat.com/products/codeready-studio/download?source=sso)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Cortex Data Lake + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Data Grid cves: cve-2021-4104: investigated: false @@ -65068,9 +77916,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '8' unaffected_versions: [] cve-2021-45046: investigated: false @@ -65083,13 +77932,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5132](http://access.redhat.com/errata/RHSA-2021:5132)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Cortex XDR Agent + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Decision Manager cves: cve-2021-4104: investigated: false @@ -65097,10 +77946,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '7' cve-2021-45046: investigated: false affected_versions: [] @@ -65112,13 +77962,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Cortex Xpanse + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux cves: cve-2021-4104: investigated: false @@ -65126,10 +77976,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '6' cve-2021-45046: investigated: false affected_versions: [] @@ -65141,13 +77992,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Cortex XSOAR + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux cves: cve-2021-4104: investigated: false @@ -65155,10 +78006,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '7' cve-2021-45046: investigated: false affected_versions: [] @@ -65170,13 +78022,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Expedition + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux cves: cve-2021-4104: investigated: false @@ -65184,10 +78036,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '8' cve-2021-45046: investigated: false affected_versions: [] @@ -65199,13 +78052,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: GlobalProtect App + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Integration Camel Quarkus cves: cve-2021-4104: investigated: false @@ -65228,13 +78081,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5126](https://access.redhat.com/errata/RHSA-2021:5126)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: IoT Security + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss A-MQ Streaming cves: cve-2021-4104: investigated: false @@ -65257,13 +78110,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5138](https://access.redhat.com/errata/RHSA-2021:5138)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Okyo Grade + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Enterprise Application Platform cves: cve-2021-4104: investigated: false @@ -65271,9 +78124,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '7' unaffected_versions: [] cve-2021-45046: investigated: false @@ -65286,13 +78140,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.4)\ + \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ + \ affected." references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Palo-Alto Networks-OS for Firewall and Wildfire + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Enterprise Application Platform Expansion Pack cves: cve-2021-4104: investigated: false @@ -65300,10 +78156,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '7' cve-2021-45046: investigated: false affected_versions: [] @@ -65315,13 +78172,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Palo-Alto Networks-OS for Panorama + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Fuse cves: cve-2021-4104: investigated: false @@ -65330,11 +78187,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '9.0' - - '9.1' - - '10.0' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '7' unaffected_versions: [] cve-2021-45046: investigated: false @@ -65347,15 +78202,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5134](https://access.redhat.com/errata/RHSA-2021:5134)' references: - - Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will - be updated when hot fixes for the affected Panorama versions are available. - PAN-OS for Panorama versions 8.1, 10.1 are not affected. - last_updated: '2021-12-15T00:00:00' - - vendor: Palo-Alto Networks - product: Prisma Access + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Process Automation cves: cve-2021-4104: investigated: false @@ -65363,9 +78216,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '7' unaffected_versions: [] cve-2021-45046: investigated: false @@ -65378,13 +78232,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=103671&product=rhpam&version=7.11.1&downloadType=patches)\ + \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ + \ affected." references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Prisma Cloud + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Single Sign-On cves: cve-2021-4104: investigated: false @@ -65392,10 +78248,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '7' cve-2021-45046: investigated: false affected_versions: [] @@ -65407,13 +78264,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Prisma Cloud Compute + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Vert.X cves: cve-2021-4104: investigated: false @@ -65421,9 +78278,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '4' unaffected_versions: [] cve-2021-45046: investigated: false @@ -65436,13 +78294,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5093](https://access.redhat.com/errata/RHSA-2021:5093)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: SaaS Security + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Satellite 5 cves: cve-2021-4104: investigated: false @@ -65465,13 +78323,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: User-ID Agent + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Spacewalk cves: cve-2021-4104: investigated: false @@ -65494,13 +78352,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: WildFire Appliance + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 3.11 + product: openshift3/ose-logging-elasticsearch5 cves: cve-2021-4104: investigated: false @@ -65523,13 +78381,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5094](http://access.redhat.com/errata/RHSA-2021:5094)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: WildFire Cloud + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-logging-elasticsearch6 cves: cve-2021-4104: investigated: false @@ -65552,552 +78410,539 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Panasonic - product: KX-HDV100 + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-metering-hive cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-HDV130 + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-metering-presto cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-HDV230 + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Logging + product: logging-elasticsearch6-container cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-HDV330 + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenStack Platform 13 (Queens) + product: opendaylight cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: End of Life references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-HDV340 + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-java-common-log4j cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-HDV430 + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-maven35-log4j12 cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-HDV800 + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-maven36-log4j12 cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-TGP500 + last_updated: '2021-12-21T00:00:00' + - vendor: Red5Pro + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/ notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-TGP550 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RedGate + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://www.red-gate.com/privacy-and-security/vulnerabilities/2021-12-15-log4j-statement notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-TGP600 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Redis + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://redis.com/security/notice-apache-log4j2-cve-2021-44228/ notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-TGP700 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Reiner SCT + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://forum.reiner-sct.com/index.php?/topic/5973-timecard-und-log4j-schwachstelle/&do=findComment&comment=14933 notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-UDS124 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ReportURI + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://scotthelme.co.uk/responding-to-the-log4j-2-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-UT113 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ResMed + product: AirView cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://www.resmed.com/en-us/security/ notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-UT123 + last_updated: '2021-12-21T00:00:00' + - vendor: ResMed + product: myAir cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://www.resmed.com/en-us/security/ notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-UT133 + last_updated: '2021-12-21T00:00:00' + - vendor: Respondus + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html - notes: '' + - https://support.respondus.com/support/index.php?/News/NewsItem/View/339 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-UT136 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Revenera / Flexera + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905 notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-UT248 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ricoh + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://www.ricoh.com/info/2021/1215_1/ notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-UT670 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RingCentral + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://www.ringcentral.com/trust-center/security-bulletin.html notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panopto + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Riverbed product: '' cves: cve-2021-4104: @@ -66121,13 +78966,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.panopto.com/s/article/Panopto-Statement-on-the-Log4j2-Zero-Day-Vulnerability + - https://supportkb.riverbed.com/support/index?page=content&id=S35645 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PaperCut - product: PaperCut MF + - vendor: Rockwell Automation + product: FactoryTalk Analytics DataFlowML cves: cve-2021-4104: investigated: false @@ -66137,7 +78982,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 21.0 and later + - 4.00.00 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66151,15 +78996,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.papercut.com/support/known-issues/?id=PO-684#ng - notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted - by this. Workaround manual steps available in reference. Upgrade to PaperCut - NG/MF version 21.2.3 Now Available to resolve. + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: PaperCut - product: PaperCut NG + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: FactoryTalk Analytics DataView cves: cve-2021-4104: investigated: false @@ -66169,7 +79012,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 21.0 and later + - 3.03.00 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66183,15 +79026,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.papercut.com/support/known-issues/?id=PO-684#ng - notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted - by this. Workaround manual steps available in reference. Upgrade to PaperCut - NG/MF version 21.2.3 Now Available to resolve. + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Parallels - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: Industrial Data Center cves: cve-2021-4104: investigated: false @@ -66199,9 +79040,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Gen 1 + - Gen 2 + - Gen 3 + - Gen 3.5 unaffected_versions: [] cve-2021-45046: investigated: false @@ -66214,13 +79059,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.parallels.com/en/128696 + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Parse.ly - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: MES EIG cves: cve-2021-4104: investigated: false @@ -66228,8 +79073,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.03.00 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66243,13 +79089,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.parse.ly/parse-ly-log4shell/ - notes: '' + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: Customers should upgrade to EIG Hub if possible or work with their local + representatives about alternative solutions. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PBXMonitor - product: RMM for 3CX PBX + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: VersaVirtual cves: cve-2021-4104: investigated: false @@ -66257,9 +79104,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Series A unaffected_versions: [] cve-2021-45046: investigated: false @@ -66272,14 +79120,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.pbxmonitor.net/changelog.php - notes: Mirror Servers were also checked to ensure Log4J was not installed or being - used by any of our systems. + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Pega - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: Warehouse Management cves: cve-2021-4104: investigated: false @@ -66287,8 +79134,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.01.00 + - 4.02.00 + - 4.02.01 + - 4.02.02 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66302,12 +79153,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pentaho + last_updated: '2021-12-15T00:00:00' + - vendor: Rollbar product: '' cves: cve-2021-4104: @@ -66331,12 +79182,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho- + - https://rollbar.com/blog/log4j-zero-day-2021-log4shell/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pepperl+Fuchs + - vendor: Rosette.com product: '' cves: cve-2021-4104: @@ -66360,13 +79211,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.pepperl-fuchs.com/global/en/29079.htm + - https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Percona - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager cves: cve-2021-4104: investigated: false @@ -66388,14 +79239,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.percona.com/blog/log4jshell-vulnerability-update/ + vendor_links: [] notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pexip - product: '' + - vendor: RSA + product: SecurID Authentication Manager Prime cves: cve-2021-4104: investigated: false @@ -66417,14 +79267,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + vendor_links: [] notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Phenix Id - product: '' + - vendor: RSA + product: SecurID Authentication Manager WebTier cves: cve-2021-4104: investigated: false @@ -66446,14 +79295,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.phenixid.se/uncategorized/log4j-fix/ + vendor_links: [] notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Philips - product: Multiple products + - vendor: RSA + product: SecurID Governance and Lifecycle cves: cve-2021-4104: investigated: false @@ -66475,14 +79323,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.philips.com/a-w/security/security-advisories.html + vendor_links: [] notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PHOENIX CONTACT - product: Cloud Services + - vendor: RSA + product: SecurID Governance and Lifecycle Cloud cves: cve-2021-4104: investigated: false @@ -66504,14 +79351,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf - notes: Partly affected. Remediations are being implemented. + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: PHOENIX CONTACT - product: Physical products containing firmware + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Identity Router cves: cve-2021-4104: investigated: false @@ -66533,14 +79379,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: PHOENIX CONTACT - product: Software Products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA Netwitness + product: '' cves: cve-2021-4104: investigated: false @@ -66563,13 +79408,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + - https://community.rsa.com/t5/netwitness-platform-product/netwitness-apache-vulnerability-log4j2-cve-2021-44228-nbsp/ta-p/660540 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Ping Identity - product: PingAccess + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rstudioapi + product: Rstudioapi cves: cve-2021-4104: investigated: false @@ -66578,10 +79423,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.0 <= version <= 6.3.2 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '0.13' cve-2021-45046: investigated: false affected_versions: [] @@ -66593,13 +79438,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + - https://github.com/rstudio/rstudioapi notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Ping Identity - product: PingCentral + last_updated: '2021-12-21T00:00:00' + - vendor: Rubrik + product: '' cves: cve-2021-4104: investigated: false @@ -66622,13 +79467,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 - notes: '' + - https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Ping Identity - product: PingFederate + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ruckus + product: Virtual SmartZone (vSZ) cves: cve-2021-4104: investigated: false @@ -66638,7 +79484,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 8.0 <= version <= 10.3.4 + - 5.1 to 6.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66652,13 +79498,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + - https://support.ruckuswireless.com/security_bulletins/313 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Ping Identity - product: PingFederate Java Integration Kit + last_updated: '2021-12-13T00:00:00' + - vendor: RunDeck by PagerDuty + product: '' cves: cve-2021-4104: investigated: false @@ -66666,9 +79512,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 2.7.2 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66682,13 +79527,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + - https://docs.rundeck.com/docs/history/CVEs/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Ping Identity - product: PingFederate OAuth Playground + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Runecast + product: Runecast Analyzer cves: cve-2021-4104: investigated: false @@ -66697,9 +79542,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 4.3.1 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 6.0.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -66712,13 +79557,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + - https://www.runecast.com/release-notes notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Ping Identity - product: PingIntelligence + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SAE-IT + product: '' cves: cve-2021-4104: investigated: false @@ -66741,12 +79586,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + - https://www.sae-it.com/nc/de/news/sicherheitsmeldungen.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Pitney Bowes + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SAFE FME Server product: '' cves: cve-2021-4104: @@ -66770,12 +79615,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html + - https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Planmeca + - vendor: SAGE product: '' cves: cve-2021-4104: @@ -66799,12 +79644,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.planmeca.com/apache-log4j-vulnerability-in-planmeca-products/ + - https://www.sagecity.com/sage-global-solutions/sage-crm/f/sage-crm-announcements-news-and-alerts/178655/advisory-apache-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Planon Software + - vendor: SailPoint product: '' cves: cve-2021-4104: @@ -66828,14 +79673,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/ - notes: This advisory is available for customers only and has not been reviewed + - https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681 + notes: This advisory is available to customers only and has not been reviewed by CISA references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Platform.SH - product: '' + - vendor: Salesforce + product: Analytics Cloud cves: cve-2021-4104: investigated: false @@ -66843,14 +79688,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -66858,13 +79705,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://platform.sh/blog/2021/platformsh-protects-from-apache-log4j/ - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Plesk - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: B2C Commerce Cloud cves: cve-2021-4104: investigated: false @@ -66872,14 +79721,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -66887,13 +79738,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Plex - product: Plex Industrial IoT + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: ClickSoftware (As-a-Service) cves: cve-2021-4104: investigated: false @@ -66901,14 +79754,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -66916,14 +79771,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: The product has been updated to Log4j version 2.15. An additional patch - is being developed to update to 2.16. No user interaction is required. + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Polycom - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: ClickSoftware (On-Premise) cves: cve-2021-4104: investigated: false @@ -66931,14 +79787,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -66946,13 +79804,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional + details are available here. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Portainer - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Data.com cves: cve-2021-4104: investigated: false @@ -66960,14 +79821,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -66975,13 +79838,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.portainer.io/blog/portainer-statement-re-log4j-cve-2021-44228 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Data.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PortSwigger - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: DataLoader cves: cve-2021-4104: investigated: false @@ -66989,14 +79854,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>=53.0.2' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>=53.0.2' unaffected_versions: [] cve-2021-45105: investigated: false @@ -67004,13 +79871,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0 - notes: '' + - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.2 + notes: This version is for use with Salesforce Winter '22 or higher release through + Salesforce Force Partner API and Force WSC v53.0.0. It contains the fix for + CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 by upgrading to log4j 2.17.0. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PostGreSQL - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Datorama cves: cve-2021-4104: investigated: false @@ -67018,14 +79887,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -67033,13 +79904,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/ - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Postman - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Evergage (Interaction Studio) cves: cve-2021-4104: investigated: false @@ -67047,28 +79920,65 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-45046: + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Experience (Community) Cloud + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.postman.com/hc/en-us/articles/4415791933335-Is-Postman-impacted-by-the-Log4j-vulnerability-CVE-2021-44228- - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Power Admin LLC - product: PA File Sight + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Force.com cves: cve-2021-4104: investigated: false @@ -67078,26 +79988,33 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - NONE + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. The Data Loader tool has been + patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + Make sure that you are using Data Loader version 53.0.2 or later. Follow the + steps described here to download the latest version of Data Loader. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Power Admin LLC - product: PA Server Monitor + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Heroku cves: cve-2021-4104: investigated: false @@ -67109,24 +80026,27 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - NONE + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Heroku is reported to not be affected by the issues currently identified + in CVE-2021-44228 or CVE-2021-45046. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Power Admin LLC - product: PA Storage Monitor + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Marketing Cloud cves: cve-2021-4104: investigated: false @@ -67136,26 +80056,31 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - NONE + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Salesforce-owned services within Marketing Cloud are not affected by the + issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party + vendors have been patched to address the security issues currently identified + in CVE-2021-44228 or CVE-2021-45046. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Pretix - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: MuleSoft (Cloud) cves: cve-2021-4104: investigated: false @@ -67163,14 +80088,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -67178,13 +80105,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pretix.eu/about/de/blog/20211213-log4j/ - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft + services, including dataloader.io, have been updated to mitigate the issues + currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional + details here. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PrimeKey - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: MuleSoft (On-Premise) cves: cve-2021-4104: investigated: false @@ -67192,14 +80122,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -67207,13 +80139,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors, including Private Cloud Edition + (PCE) and Anypoint Studio, have a mitigation in place to address the issues + currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional + details here. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Progress / IpSwitch - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Pardot cves: cve-2021-4104: investigated: false @@ -67221,14 +80157,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -67236,13 +80174,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.progress.com/security - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ProofPoint - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Sales Cloud cves: cve-2021-4104: investigated: false @@ -67250,14 +80190,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -67265,14 +80207,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2 - notes: This advisory is available for customers only and has not been reviewed - by CISA + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ProSeS - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Service Cloud cves: cve-2021-4104: investigated: false @@ -67280,14 +80223,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -67295,13 +80240,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.proses.de/en/2021/12/16/log4shell-cve-2021-44228/ - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Prosys - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Slack cves: cve-2021-4104: investigated: false @@ -67309,14 +80256,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -67324,13 +80273,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://prosysopc.com/news/important-security-release/ - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are + available here. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Proxmox - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Social Studio cves: cve-2021-4104: investigated: false @@ -67338,14 +80290,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -67353,13 +80307,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PRTG Paessler - product: '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Tableau (On-Premise) cves: cve-2021-4104: investigated: false @@ -67367,9 +80323,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 2021.4.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -67382,13 +80339,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228 - notes: '' + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + notes: Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Patches to address the issues currently identified in both CVE-2021-44228 and + CVE-2021-45046 are available for download. Additional details are available + here. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PTC - product: Axeda Platform + last_updated: '2021-12-16T00:00:00' + - vendor: Salesforce + product: Tableau (Online) cves: cve-2021-4104: investigated: false @@ -67397,14 +80357,15 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.9.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -67412,13 +80373,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ptc.com/en/support/article/CS358990 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services + have been patched to mitigate the issues currently identified in both CVE-2021-44228 + and CVE-2021-45046. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: PTC - product: ThingsWorx Analytics + last_updated: '2022-01-26T00:00:00' + - vendor: Samsung Electronics America + product: Knox Admin Portal cves: cve-2021-4104: investigated: false @@ -67427,32 +80390,29 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '8.5' - - '9.0' - - '9.1' - - '9.2' - - All supported versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ptc.com/en/support/article/CS358901 + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: PTC - product: ThingsWorx Platform + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Asset Intelligence cves: cve-2021-4104: investigated: false @@ -67461,32 +80421,29 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '8.5' - - '9.0' - - '9.1' - - '9.2' - - All supported versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ptc.com/en/support/article/CS358901 + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: PTV Group - product: '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Configure cves: cve-2021-4104: investigated: false @@ -67494,28 +80451,30 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Ivanti Connect Secure (ICS) + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox E-FOTA One cves: cve-2021-4104: investigated: false @@ -67523,28 +80482,30 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Ivanti Neurons for secure Access + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Guard cves: cve-2021-4104: investigated: false @@ -67552,28 +80513,30 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Ivanti Neurons for secure Access + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox License Management cves: cve-2021-4104: investigated: false @@ -67581,28 +80544,30 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Ivanti Neurons for ZTA + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Manage cves: cve-2021-4104: investigated: false @@ -67610,14 +80575,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45105: investigated: false @@ -67625,13 +80592,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Ivanti Neurons for ZTA + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Managed Services Provider (MSP) cves: cve-2021-4104: investigated: false @@ -67639,28 +80606,30 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse Connect Secure + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Mobile Enrollment cves: cve-2021-4104: investigated: false @@ -67668,28 +80637,30 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse Desktop Client + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Reseller Portal cves: cve-2021-4104: investigated: false @@ -67697,14 +80668,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45105: investigated: false @@ -67712,13 +80685,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse Mobile Client + last_updated: '2022-01-17T00:00:00' + - vendor: Sangoma + product: '' cves: cve-2021-4104: investigated: false @@ -67741,13 +80714,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://help.sangoma.com/community/s/article/Log4Shell notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse One + - vendor: SAP + product: '' cves: cve-2021-4104: investigated: false @@ -67770,13 +80743,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' + - https://support.sap.com/content/dam/support/en_us/library/ssp/my-support/trust-center/sap-tc-01-5025.pdf + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse Policy Secure + last_updated: '2021-12-17T00:00:00' + - vendor: SAP Advanced Platform + product: '' cves: cve-2021-4104: investigated: false @@ -67799,13 +80773,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' + - https://launchpad.support.sap.com/#/notes/3130698 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse Secure Services Director + last_updated: '2021-12-17T00:00:00' + - vendor: SAP BusinessObjects + product: '' cves: cve-2021-4104: investigated: false @@ -67828,13 +80803,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' + - https://blogs.sap.com/2021/12/16/cve-2021-44228-impact-of-log4j-vulnerability-on-sap-businessobjects/ + notes: The support document is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse Secure Virtual Traffic Manager + last_updated: '2021-12-17T00:00:00' + - vendor: SAS + product: '' cves: cve-2021-4104: investigated: false @@ -67857,13 +80833,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse Secure Web Application Firewall + - vendor: SASSAFRAS + product: '' cves: cve-2021-4104: investigated: false @@ -67886,13 +80862,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://www.sassafras.com/log4j-vulnerability-cve-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse ZTA + - vendor: Savignano software solutions + product: '' cves: cve-2021-4104: investigated: false @@ -67915,13 +80891,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://savignano.atlassian.net/wiki/spaces/SNOTIFY/blog/2021/12/13/2839740417/No+Log4j+Vulnerability+in+S+Notify notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Puppet - product: '' + - vendor: SBT + product: SBT cves: cve-2021-4104: investigated: false @@ -67929,8 +80905,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <1.5.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67944,12 +80921,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ + - https://github.com/sbt/sbt/releases/tag/v1.5.7 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pure Storage + last_updated: '2021-12-15T00:00:00' + - vendor: ScaleComputing product: '' cves: cve-2021-4104: @@ -67973,14 +80950,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22) - notes: This advisory is available for customers only and has not been reviewed + - https://community.scalecomputing.com/s/article/Apache-Log4j-Vulnerability + notes: This advisory is available to customers only and has not been reviewed by CISA references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pure Storage - product: Cloud Blockstore + - vendor: ScaleFusion MobileLock Pro + product: '' cves: cve-2021-4104: investigated: false @@ -67988,10 +80965,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - CBS6.1.x - - CBS6.2.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68005,13 +80980,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: Patch expected 12/27/2021 + - https://help.mobilock.in/article/t9sx43yg44-scalefusion-security-advisory-for-apache-log-4-j-vulnerability-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Pure Storage - product: Flash Array + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Schneider Electric + product: EASYFIT cves: cve-2021-4104: investigated: false @@ -68021,10 +80996,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 5.3.x - - 6.0.x - - 6.1.x - - 6.2.x + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68038,13 +81010,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: Patch expected 12/20/2021 + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Pure Storage - product: FlashBlade + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Ecoreal XL cves: cve-2021-4104: investigated: false @@ -68054,9 +81026,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.1.x - - 3.2.x - - 3.3.x + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68070,13 +81040,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: Patch expected 12/24/2021 + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Pure Storage - product: PortWorx + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: EcoStruxure IT Expert cves: cve-2021-4104: investigated: false @@ -68085,9 +81055,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.8.0+ - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -68099,14 +81069,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Pure Storage - product: Pure1 + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: EcoStruxure IT Gateway cves: cve-2021-4104: investigated: false @@ -68117,7 +81086,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - N/A + - V1.5.0 to V1.13.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -68130,13 +81099,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + - https://ecostruxureit.com/download-and-set-upecostruxureit-gateway/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Pyramid Analytics - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Eurotherm Data Reviewer cves: cve-2021-4104: investigated: false @@ -68144,8 +81113,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - V3.0.2 and prior fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68159,13 +81129,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: QF-Test - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Facility Expert Small Business cves: cve-2021-4104: investigated: false @@ -68173,9 +81143,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -68188,13 +81159,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Qlik - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: MSE cves: cve-2021-4104: investigated: false @@ -68202,8 +81173,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68217,13 +81189,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: QMATIC - product: Appointment Booking + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: NetBotz750/755 cves: cve-2021-4104: investigated: false @@ -68233,7 +81205,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2.4+ + - Software versions 5.0 through 5.3.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68247,13 +81219,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: Update to v. 2.8.2 which contains log4j 2.16 + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QMATIC - product: Appointment Booking + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: NEW630 cves: cve-2021-4104: investigated: false @@ -68263,7 +81235,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Cloud/Managed Service + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68277,13 +81249,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: log4j 2.16 applied 2021-12-15 + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QMATIC - product: Insights + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK BOM cves: cve-2021-4104: investigated: false @@ -68293,7 +81265,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Cloud + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68307,13 +81279,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: log4j 2.16 applied 2021-12-16 + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QMATIC - product: Orchestra Central + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK-Docgen cves: cve-2021-4104: investigated: false @@ -68322,10 +81294,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Current software and earlier fixed_versions: [] - unaffected_versions: - - 6.0+ + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68337,13 +81309,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QNAP - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK-TNC cves: cve-2021-4104: investigated: false @@ -68351,8 +81323,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68366,13 +81339,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: QOPPA - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK-UMS cves: cve-2021-4104: investigated: false @@ -68380,8 +81353,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68395,13 +81369,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/ + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: QSC Q-SYS - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK3D2DRenderer cves: cve-2021-4104: investigated: false @@ -68409,8 +81383,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68424,13 +81399,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228 + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: QT - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK3D360Widget cves: cve-2021-4104: investigated: false @@ -68438,8 +81413,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68453,13 +81429,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Quest Global - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Select and Config DATA cves: cve-2021-4104: investigated: false @@ -68467,10 +81443,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - Current software and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SNC-API + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Current software and earlier + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68482,13 +81489,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: R - product: R + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SNC-CMM cves: cve-2021-4104: investigated: false @@ -68497,10 +81504,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Current software and earlier fixed_versions: [] - unaffected_versions: - - 4.1.1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68512,13 +81519,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.r-project.org/ + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: R2ediviewer - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SNCSEMTECH cves: cve-2021-4104: investigated: false @@ -68526,8 +81533,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68541,13 +81549,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://r2ediviewer.de/DE/reload.html?Change-log_17858584.html + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Radware - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SPIMV3 cves: cve-2021-4104: investigated: false @@ -68555,8 +81563,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68570,13 +81579,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.radware.com/app/answers/answer_view/a_id/1029752 + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Rapid7 - product: AlcidekArt, kAdvisor, and kAudit + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SWBEditor cves: cve-2021-4104: investigated: false @@ -68585,10 +81594,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Current software and earlier fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68600,13 +81609,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: AppSpider Enterprise + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SWBEngine cves: cve-2021-4104: investigated: false @@ -68615,10 +81624,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Current software and earlier fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68630,13 +81639,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: AppSpider Pro + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Wiser by SE platform cves: cve-2021-4104: investigated: false @@ -68646,9 +81655,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - on-prem + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68659,14 +81668,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: Insight Agent + last_updated: '2021-12-20T00:00:00' + - vendor: Schweitzer Engineering Laboratories + product: '' cves: cve-2021-4104: investigated: false @@ -68674,11 +81682,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68690,13 +81697,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://selinc.com/support/security-notifications/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightAppSec Scan Engine + last_updated: '2021-12-21T00:00:00' + - vendor: SCM Manager + product: '' cves: cve-2021-4104: investigated: false @@ -68704,11 +81711,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68720,13 +81726,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://scm-manager.org/blog/posts/2021-12-13-log4shell/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightAppSec Scan Engine + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ScreenBeam + product: '' cves: cve-2021-4104: investigated: false @@ -68734,11 +81740,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68750,13 +81755,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://customersupport.screenbeam.com/hc/en-us/articles/4416468085389-December-2021-Security-Alert-Log4j-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightCloudSec/DivvyCloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SDL worldServer + product: '' cves: cve-2021-4104: investigated: false @@ -68764,11 +81769,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68780,13 +81784,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://gateway.sdl.com/apex/communityknowledge?articleName=000017707 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightConnect Orchestrator + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Seagull Scientific + product: '' cves: cve-2021-4104: investigated: false @@ -68794,11 +81798,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68810,13 +81813,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://support.seagullscientific.com/hc/en-us/articles/4415794235543-Apache-Log4Shell-Vulnerability notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightIDR Network Sensor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SecurePoint + product: '' cves: cve-2021-4104: investigated: false @@ -68824,11 +81827,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68840,13 +81842,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://www.securepoint.de/news/details/sicherheitsluecke-log4j-securepoint-loesungen-nicht-betroffen.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightIDR/InsightOps Collector & Event Sources + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Security Onion + product: '' cves: cve-2021-4104: investigated: false @@ -68854,11 +81856,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68870,13 +81871,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightOps DataHub + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Securonix + product: Extended Detection and Response (XDR) cves: cve-2021-4104: investigated: false @@ -68886,7 +81887,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - InsightOps DataHub <= 2.0 + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68900,14 +81901,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: Upgrade [DataHub to version 2.0.1](https://rep.logentries.com/datahub/DataHub_2.0.1.deb) - using the [following instructions](https://docs.rapid7.com/insightops/setting-up-datahub/). + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightOps non-Java logging libraries + last_updated: '2021-12-10T00:00:00' + - vendor: Securonix + product: Next Gen SIEM cves: cve-2021-4104: investigated: false @@ -68916,10 +81916,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68931,13 +81931,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: '' + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightOps r7insight_java logging library + last_updated: '2021-12-10T00:00:00' + - vendor: Securonix + product: Security Analytics and Operations Platform (SOAR) cves: cve-2021-4104: investigated: false @@ -68947,7 +81947,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <=3.0.8 + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68961,13 +81961,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: Upgrade [r7insight_java](https://github.com/rapid7/r7insight_java) to 3.0.9 + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightVM Kubernetes Monitor + last_updated: '2021-12-10T00:00:00' + - vendor: Securonix + product: SNYPR Application cves: cve-2021-4104: investigated: false @@ -68975,11 +81975,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68991,13 +81990,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-OnPrem-Customer-Update.pdf notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightVM/Nexpose + last_updated: '2021-12-10T00:00:00' + - vendor: Securonix + product: User and Entity Behavior Analytics(UEBA) cves: cve-2021-4104: investigated: false @@ -69006,10 +82005,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69021,13 +82020,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: '' + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightVM/Nexpose Console + last_updated: '2021-12-10T00:00:00' + - vendor: Seeburger + product: '' cves: cve-2021-4104: investigated: false @@ -69035,11 +82034,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69051,15 +82049,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” - packaged in them. This is a different library than log4j-core and is not vulnerable - to Log4Shell. + - https://servicedesk.seeburger.de/portal/en-US/Knowledge/Article/?defId=101040&id=25486312&COMMAND=Open + notes: This advisory is available to customers only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightVM/Nexpose Engine + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SentinelOne + product: '' cves: cve-2021-4104: investigated: false @@ -69067,11 +82064,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69083,15 +82079,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” - packaged in them. This is a different library than log4j-core and is not vulnerable - to Log4Shell. + - https://www.sentinelone.com/blog/cve-2021-44228-staying-secure-apache-log4j-vulnerability/ + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: IntSights virtual appliance + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sentry + product: '' cves: cve-2021-4104: investigated: false @@ -69099,11 +82093,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69115,13 +82108,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://blog.sentry.io/2021/12/15/sentrys-response-to-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: Logentries DataHub + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SEP + product: '' cves: cve-2021-4104: investigated: false @@ -69129,9 +82122,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Linux version <= 1.2.0.820; Windows version <= 1.2.0.820 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69145,16 +82137,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: 'Linux: Install DataHub_1.2.0.822.deb using the following [instructions](https://docs.logentries.com/docs/datahub-linux). - Windows: Run version 1.2.0.822 in a Docker container or as a Java command per - these [instructions](https://docs.logentries.com/docs/datahub-windows). You - can find more details [here](https://docs.logentries.com/docs/datahub-linux).' + - https://support.sep.de/otrs/public.pl?Action=PublicFAQZoom;ItemID=132 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: Logentries le_java logging library + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Server Eye + product: '' cves: cve-2021-4104: investigated: false @@ -69162,9 +82151,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 'All versions: this is a deprecated component' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69178,13 +82166,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: Migrate to version 3.0.9 of [r7insight_java](https://github.com/rapid7/r7insight_java) + - https://www.server-eye.de/blog/sicherheitsluecke-log4j-server-eye-systeme-sind-nicht-betroffen/ + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: Metasploit Framework + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ServiceNow + product: '' cves: cve-2021-4104: investigated: false @@ -69192,11 +82180,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69208,13 +82195,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: Metasploit Pro + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Shibboleth + product: '' cves: cve-2021-4104: investigated: false @@ -69222,11 +82209,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69238,15 +82224,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: Metasploit Pro ships with log4j but has specific configurations applied - to it that mitigate Log4Shell. A future update will contain a fully patched - version of log4j. + - http://shibboleth.net/pipermail/announce/2021-December/000253.html + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: tCell Java Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Shibboleth + product: All Products cves: cve-2021-4104: investigated: false @@ -69258,7 +82242,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - Identity Provider>=3.0 + - All other software versions cve-2021-45046: investigated: false affected_versions: [] @@ -69270,13 +82255,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://shibboleth.net/pipermail/announce/2021-December/000253.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: Velociraptor + last_updated: '2021-12-10T00:00:00' + - vendor: Shopify + product: '' cves: cve-2021-4104: investigated: false @@ -69284,11 +82269,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69300,12 +82284,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://community.shopify.com/c/technical-q-a/is-shopify-affected-by-the-log4j-vulnerability/td-p/1417625 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Raritan + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Siebel product: '' cves: cve-2021-4104: @@ -69329,13 +82313,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.raritan.com/support + - https://www.siebelhub.com/main/2021/12/log4j-vulnerability-cve-2021-44228-and-siebel-crm.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ravelin - product: '' + - vendor: Siemens + product: Affected Products cves: cve-2021-4104: investigated: false @@ -69358,13 +82342,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://syslog.ravelin.com/log4shell-cve-2021-44228-4338bb8da67b - notes: '' + - https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Real-Time Innovations (RTI) - product: Distributed Logger + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens + product: Affected Products cves: cve-2021-4104: investigated: false @@ -69387,13 +82372,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products - notes: '' + - https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Real-Time Innovations (RTI) - product: Recording Console + last_updated: '2021-12-19T00:00:00' + - vendor: Siemens Energy + product: Affected Products cves: cve-2021-4104: investigated: false @@ -69416,13 +82402,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products - notes: '' + - https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Real-Time Innovations (RTI) - product: RTI Administration Console + last_updated: '2021-12-21T00:00:00' + - vendor: Siemens Energy + product: Affected Products cves: cve-2021-4104: investigated: false @@ -69445,13 +82432,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products - notes: '' + - https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Real-Time Innovations (RTI) - product: RTI Code Generator + last_updated: '2021-12-20T00:00:00' + - vendor: Siemens Energy + product: Affected Products cves: cve-2021-4104: investigated: false @@ -69474,13 +82462,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products - notes: '' + - https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: Real-Time Innovations (RTI) - product: RTI Code Generator Server + - vendor: Siemens Healthineers + product: ATELLICA DATA MANAGER v1.1.1 / v1.2.1 / v1.3.1 cves: cve-2021-4104: investigated: false @@ -69503,13 +82492,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: If you have determined that your Atellica Data Manager has a “Java communication + engine” service, and you require an immediate mitigation, then please contact + your Siemens Customer Care Center or your local Siemens technical support representative. references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Real-Time Innovations (RTI) - product: RTI Micro Application Generator (MAG) + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: CENTRALINK v16.0.2 / v16.0.3 cves: cve-2021-4104: investigated: false @@ -69517,12 +82508,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - as part of RTI Connext Micro 3.0.0 - - 3.0.1 - - 3.0.2 - - 3.0.3 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69536,13 +82523,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: If you have determined that your CentraLink has a “Java communication engine” + service, and you require a mitigation, then please contact your Siemens Customer + Care Center or your local Siemens technical support representative. references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Real-Time Innovations (RTI) - product: RTI Micro Application Generator (MAG) + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Cios Flow S1 / Alpha / Spin VA30 cves: cve-2021-4104: investigated: false @@ -69550,9 +82539,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - as part of RTI Connext Professional 6.0.0 and 6.0.1 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69566,13 +82554,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Real-Time Innovations (RTI) - product: RTI Monitor + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Cios Select FD/I.I. VA21 / VA21-S3P cves: cve-2021-4104: investigated: false @@ -69595,13 +82583,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Red Hat - product: log4j-core + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: DICOM Proxy VB10A cves: cve-2021-4104: investigated: false @@ -69624,13 +82612,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat Integration Camel K + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.All, Som10 VA20 / VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -69653,13 +82641,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[RHSA-2021:5130](https://access.redhat.com/errata/RHSA-2021:5130)' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat build of Quarkus + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Fit, Som10 VA30 cves: cve-2021-4104: investigated: false @@ -69682,13 +82671,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Red Hat - product: Red Hat CodeReady Studio + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Now, Som10 VA10 / VA20 / VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -69696,10 +82686,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 12.21.0 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -69712,13 +82701,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[CRS 12.21.1 Patch](https://developers.redhat.com/products/codeready-studio/download?source=sso)' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat Data Grid + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Open Pro, Som10 VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -69726,10 +82716,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '8' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -69742,13 +82731,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[RHSA-2021:5132](http://access.redhat.com/errata/RHSA-2021:5132)' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat Decision Manager + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Sim, Som10 VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -69756,11 +82746,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '7' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69772,13 +82761,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Red Hat - product: Red Hat Enterprise Linux + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Top, Som10 VA20 / VA20A_SP5 / VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -69786,11 +82776,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '6' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69802,13 +82791,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Red Hat - product: Red Hat Enterprise Linux + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Up, Som10 VA10 / VA20 / VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -69816,11 +82806,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '7' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69832,13 +82821,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Red Hat - product: Red Hat Enterprise Linux + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM AERA 1,5T, MAGNETOM PRISMA, MAGNETOM PRISMA FIT, MAGNETOM SKYRA + 3T NUMARIS/X VA30A cves: cve-2021-4104: investigated: false @@ -69846,11 +82837,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '8' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69862,13 +82852,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Red Hat - product: Red Hat Integration Camel Quarkus + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Altea NUMARIS/X VA20A cves: cve-2021-4104: investigated: false @@ -69891,13 +82883,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[RHSA-2021:5126](https://access.redhat.com/errata/RHSA-2021:5126)' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat JBoss A-MQ Streaming + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM ALTEA, MAGNETOM LUMINA, MAGNETOM SOLA, MAGNETOM VIDA NUMARIS/X + VA31A cves: cve-2021-4104: investigated: false @@ -69920,13 +82915,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[RHSA-2021:5138](https://access.redhat.com/errata/RHSA-2021:5138)' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat JBoss Enterprise Application Platform + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Amira NUMARIS/X VA12M cves: cve-2021-4104: investigated: false @@ -69934,10 +82931,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '7' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -69950,15 +82946,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.4)\ - \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ - \ affected." + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat JBoss Enterprise Application Platform Expansion Pack + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Free.Max NUMARIS/X VA40 cves: cve-2021-4104: investigated: false @@ -69966,11 +82962,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '7' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69982,13 +82977,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Red Hat - product: Red Hat JBoss Fuse + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Lumina NUMARIS/X VA20A cves: cve-2021-4104: investigated: false @@ -69996,10 +82993,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '7' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -70012,13 +83008,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[RHSA-2021:5134](https://access.redhat.com/errata/RHSA-2021:5134)' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat Process Automation + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Sempra NUMARIS/X VA12M cves: cve-2021-4104: investigated: false @@ -70026,10 +83024,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '7' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -70042,15 +83039,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=103671&product=rhpam&version=7.11.1&downloadType=patches)\ - \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ - \ affected." + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat Single Sign-On + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Sola fit NUMARIS/X VA20A cves: cve-2021-4104: investigated: false @@ -70058,11 +83055,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '7' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -70074,13 +83070,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat Vert.X + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Sola NUMARIS/X VA20A cves: cve-2021-4104: investigated: false @@ -70088,10 +83086,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '4' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -70104,13 +83101,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[RHSA-2021:5093](https://access.redhat.com/errata/RHSA-2021:5093)' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Satellite 5 + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Vida fit NUMARIS/X VA20A cves: cve-2021-4104: investigated: false @@ -70133,13 +83132,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Spacewalk + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Vida NUMARIS/X VA10A* / VA20A cves: cve-2021-4104: investigated: false @@ -70162,13 +83163,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat OpenShift Container Platform 3.11 - product: openshift3/ose-logging-elasticsearch5 + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A cves: cve-2021-4104: investigated: false @@ -70191,13 +83194,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[RHSA-2021:5094](http://access.redhat.com/errata/RHSA-2021:5094)' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat OpenShift Container Platform 4 - product: openshift4/ose-logging-elasticsearch6 + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Somatom Emotion Som5 VC50 cves: cve-2021-4104: investigated: false @@ -70220,14 +83223,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: Please refer to Red Hat Customer Portal to find the right errata for your - version. + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat OpenShift Container Platform 4 - product: openshift4/ose-metering-hive + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Somatom Scope Som5 VC50 cves: cve-2021-4104: investigated: false @@ -70250,14 +83252,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: Please refer to Red Hat Customer Portal to find the right errata for your - version. + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat OpenShift Container Platform 4 - product: openshift4/ose-metering-presto + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A cves: cve-2021-4104: investigated: false @@ -70280,14 +83281,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: Please refer to Red Hat Customer Portal to find the right errata for your - version. + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat OpenShift Logging - product: logging-elasticsearch6-container + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Syngo MobileViewer VA10A cves: cve-2021-4104: investigated: false @@ -70310,14 +83310,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: Please refer to Red Hat Customer Portal to find the right errata for your - version. + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: The vulnerability will be patch/mitigated in upcoming releases\patches. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat OpenStack Platform 13 (Queens) - product: opendaylight + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 + / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 cves: cve-2021-4104: investigated: false @@ -70340,13 +83340,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: End of Life + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat Software Collections - product: rh-java-common-log4j + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 + - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 cves: cve-2021-4104: investigated: false @@ -70369,13 +83370,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: Please contact your Customer Service to get support on mitigating the vulnerability. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat Software Collections - product: rh-maven35-log4j12 + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 + - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B + / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 + / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 cves: cve-2021-4104: investigated: false @@ -70398,13 +83402,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat Software Collections - product: rh-maven36-log4j12 + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: syngo.via WebViewer VA13B / VA20A / VA20B cves: cve-2021-4104: investigated: false @@ -70427,13 +83431,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red5Pro - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: X.Ceed Somaris 10 VA40* cves: cve-2021-4104: investigated: false @@ -70456,13 +83460,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/ - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RedGate - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: X.Cite Somaris 10 VA30*/VA40* cves: cve-2021-4104: investigated: false @@ -70485,12 +83490,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.red-gate.com/privacy-and-security/vulnerabilities/2021-12-15-log4j-statement - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Redis + last_updated: '2021-12-22T00:00:00' + - vendor: Sierra Wireless product: '' cves: cve-2021-4104: @@ -70514,13 +83520,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://redis.com/security/notice-apache-log4j2-cve-2021-44228/ + - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Reiner SCT - product: '' + - vendor: Sierra Wireless + product: AirVantage and Octave cloud platforms cves: cve-2021-4104: investigated: false @@ -70543,13 +83549,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.reiner-sct.com/index.php?/topic/5973-timecard-und-log4j-schwachstelle/&do=findComment&comment=14933 - notes: '' + - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs + notes: These systems do not operate with the specific non-standard configuration + required for CVE-2021-25046 and hence were not vulnerable to it. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ReportURI - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Sierra Wireless + product: AM/AMM servers cves: cve-2021-4104: investigated: false @@ -70572,13 +83579,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://scotthelme.co.uk/responding-to-the-log4j-2-vulnerability/ + - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ResMed - product: AirView + last_updated: '2022-01-05T00:00:00' + - vendor: Signald + product: '' cves: cve-2021-4104: investigated: false @@ -70601,13 +83608,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.resmed.com/en-us/security/ + - https://gitlab.com/signald/signald/-/issues/259 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: ResMed - product: myAir + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Silver Peak + product: Orchestrator, Silver Peak GMS cves: cve-2021-4104: investigated: false @@ -70630,12 +83637,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.resmed.com/en-us/security/ - notes: '' + - https://www.arubanetworks.com/website/techdocs/sdwan/docs/advisories/media/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf + notes: Customer managed Orchestrator and legacy GMS products are affected by this + vulnerability. This includes on-premise and customer managed instances running + in public cloud services such as AWS, Azure, Google, or Oracle Cloud. See Corrective + Action Required for details about how to mitigate this exploit. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Respondus + last_updated: '2021-12-14T00:00:00' + - vendor: SingleWire product: '' cves: cve-2021-4104: @@ -70659,13 +83669,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.respondus.com/support/index.php?/News/NewsItem/View/339 + - https://support.singlewire.com/s/article/Apache-Log4j2-vulnerability-CVE-2021-44228 notes: This advisory is available to customers only and has not been reviewed by CISA references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Revenera / Flexera + - vendor: SISCO product: '' cves: cve-2021-4104: @@ -70689,12 +83699,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905 + - https://sisconet.com/sisco-news/log4j/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ricoh + last_updated: '2022-01-05T00:00:00' + - vendor: Sitecore product: '' cves: cve-2021-4104: @@ -70718,12 +83728,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ricoh.com/info/2021/1215_1/ + - https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001391 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RingCentral + - vendor: Skillable product: '' cves: cve-2021-4104: @@ -70747,12 +83757,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ringcentral.com/trust-center/security-bulletin.html + - https://skillable.com/log4shell/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Riverbed + - vendor: SLF4J product: '' cves: cve-2021-4104: @@ -70776,13 +83786,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportkb.riverbed.com/support/index?page=content&id=S35645 + - http://slf4j.org/log4shell.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Rockwell Automation - product: FactoryTalk Analytics DataFlowML + - vendor: Slurm + product: Slurm cves: cve-2021-4104: investigated: false @@ -70791,8 +83801,37 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.00.00 + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 20.11.8 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://slurm.schedmd.com/documentation.html + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: SMA Solar Technology AG + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70806,13 +83845,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + - https://files.sma.de/downloads/HK_Log4j-en-10.pdf?_ga=2.237963714.352491368.1640298543-2015796445.1640298540 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rockwell Automation - product: FactoryTalk Analytics DataView + last_updated: '2022-01-05T00:00:00' + - vendor: SmartBear + product: '' cves: cve-2021-4104: investigated: false @@ -70820,9 +83859,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 3.03.00 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70836,13 +83874,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + - https://smartbear.com/security/cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rockwell Automation - product: Industrial Data Center + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SmileCDR + product: '' cves: cve-2021-4104: investigated: false @@ -70850,13 +83888,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Gen 1 - - Gen 2 - - Gen 3 - - Gen 3.5 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -70869,13 +83903,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + - https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rockwell Automation - product: MES EIG + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sn0m + product: '' cves: cve-2021-4104: investigated: false @@ -70883,11 +83917,40 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 3.03.00 + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.snom.com/en/press/log4j-poses-no-threat-snom-phones/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Snakemake + product: Snakemake + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 6.12.1 cve-2021-45046: investigated: false affected_versions: [] @@ -70899,14 +83962,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: Customers should upgrade to EIG Hub if possible or work with their local - representatives about alternative solutions. + - https://snakemake.readthedocs.io/en/stable/ + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rockwell Automation - product: VersaVirtual + last_updated: '2021-12-21T00:00:00' + - vendor: Snow Software + product: Snow Commander cves: cve-2021-4104: investigated: false @@ -70917,7 +83979,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Series A + - 8.1 to 8.10.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -70930,13 +83992,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + - https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rockwell Automation - product: Warehouse Management + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Snow Software + product: VM Access Proxy cves: cve-2021-4104: investigated: false @@ -70945,12 +84007,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.01.00 - - 4.02.00 - - 4.02.01 - - 4.02.02 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - v3.1 to v3.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -70963,12 +84022,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + - https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rollbar + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Snowflake product: '' cves: cve-2021-4104: @@ -70992,13 +84051,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rollbar.com/blog/log4j-zero-day-2021-log4shell/ + - https://community.snowflake.com/s/article/No-Snowflake-exposure-to-Apache-Log4j-vulnerability-CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Rosette.com - product: '' + - vendor: Snyk + product: Cloud Platform cves: cve-2021-4104: investigated: false @@ -71021,13 +84080,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability + - https://updates.snyk.io/snyk%27s-cloud-platform-all-clear-from-log4j-exploits-216499 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RSA - product: SecurID Authentication Manager + - vendor: Software AG + product: '' cves: cve-2021-4104: investigated: false @@ -71049,13 +84108,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://tech.forums.softwareag.com/t/log4j-zero-day-vulnerability/253849 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RSA - product: SecurID Authentication Manager Prime + - vendor: SolarWinds + product: Database Performance Analyzer (DPA) cves: cve-2021-4104: investigated: false @@ -71063,8 +84123,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2021.1.x + - 2021.3.x + - 2022.1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71077,13 +84140,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 + notes: 'For more information, please see the following KB article: [link](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RSA - product: SecurID Authentication Manager WebTier + last_updated: '2021-12-23T00:00:00' + - vendor: SolarWinds + product: Orion Platform cves: cve-2021-4104: investigated: false @@ -71105,13 +84169,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RSA - product: SecurID Governance and Lifecycle + last_updated: '2021-12-23T00:00:00' + - vendor: SolarWinds + product: Server & Application Monitor (SAM) cves: cve-2021-4104: investigated: false @@ -71119,8 +84184,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - SAM 2020.2.6 and later fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71133,13 +84199,15 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 + notes: 'For more information, please see the following KB article for the latest + details specific to the SAM hotfix: [link](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RSA - product: SecurID Governance and Lifecycle Cloud + last_updated: '2021-12-23T00:00:00' + - vendor: SonarSource + product: '' cves: cve-2021-4104: investigated: false @@ -71161,13 +84229,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RSA - product: SecurID Identity Router + - vendor: Sonatype + product: All Products cves: cve-2021-4104: investigated: false @@ -71175,10 +84244,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Versions cve-2021-45046: investigated: false affected_versions: [] @@ -71189,13 +84259,18 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://help.sonatype.com/docs/important-announcements/sonatype-product-log4j-vulnerability-status + notes: Sonatype uses logback as the default logging solution as opposed to log4j. + This means our software including Nexus Lifecycle, Nexus Firewall, Nexus Repository + OSS and Nexus Repository Pro in versions 2.x and 3.x are NOT affected by the + reported log4j vulnerabilities. We still advise keeping your software upgraded + at the latest version. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RSA Netwitness - product: '' + last_updated: '2021-12-29T00:00:00' + - vendor: SonicWall + product: Access Points cves: cve-2021-4104: investigated: false @@ -71218,13 +84293,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rsa.com/t5/netwitness-platform-product/netwitness-apache-vulnerability-log4j2-cve-2021-44228-nbsp/ta-p/660540 - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the SonicWall Access Points references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Rstudioapi - product: Rstudioapi + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Analytics cves: cve-2021-4104: investigated: false @@ -71232,11 +84307,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '0.13' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -71248,13 +84322,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/rstudio/rstudioapi - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Rubrik - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Analyzer cves: cve-2021-4104: investigated: false @@ -71277,14 +84351,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ruckus - product: Virtual SmartZone (vSZ) + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Capture Client & Capture Client Portal cves: cve-2021-4104: investigated: false @@ -71292,9 +84365,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 5.1 to 6.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71308,13 +84380,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.ruckuswireless.com/security_bulletins/313 - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the Capture Client. references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: RunDeck by PagerDuty - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Capture Security Appliance cves: cve-2021-4104: investigated: false @@ -71337,13 +84409,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.rundeck.com/docs/history/CVEs/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the Capture Security appliance. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Runecast - product: Runecast Analyzer + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: CAS cves: cve-2021-4104: investigated: false @@ -71351,10 +84423,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 6.0.3 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -71367,13 +84438,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.runecast.com/release-notes - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SAE-IT - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Email Security cves: cve-2021-4104: investigated: false @@ -71396,13 +84467,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sae-it.com/nc/de/news/sicherheitsmeldungen.html - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: ES 10.0.11 and earlier versions are impacted references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SAFE FME Server - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: SonicWall + product: Gen5 Firewalls (EOS) cves: cve-2021-4104: investigated: false @@ -71425,13 +84496,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the appliance. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SAGE - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Gen6 Firewalls cves: cve-2021-4104: investigated: false @@ -71454,13 +84525,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sagecity.com/sage-global-solutions/sage-crm/f/sage-crm-announcements-news-and-alerts/178655/advisory-apache-log4j-vulnerability-cve-2021-44228 - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the appliance. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SailPoint - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Gen7 Firewalls cves: cve-2021-4104: investigated: false @@ -71483,14 +84554,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the appliance. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Salesforce - product: Analytics Cloud + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: GMS cves: cve-2021-4104: investigated: false @@ -71498,16 +84568,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71515,15 +84583,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: B2C Commerce Cloud + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: MSW cves: cve-2021-4104: investigated: false @@ -71531,16 +84597,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71548,15 +84612,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Mysonicwall service doesn't use Log4j references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: ClickSoftware (As-a-Service) + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: NSM cves: cve-2021-4104: investigated: false @@ -71564,16 +84626,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71581,15 +84641,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to address - the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: NSM On-Prem and SaaS doesn't use a vulnerable version references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: ClickSoftware (On-Premise) + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: SMA 100 cves: cve-2021-4104: investigated: false @@ -71597,16 +84655,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71614,16 +84670,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to address - the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional - details are available here. + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the SMA100 appliance. references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Data.com + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: SMA 1000 cves: cve-2021-4104: investigated: false @@ -71631,16 +84684,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71648,15 +84699,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Data.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Version 12.1.0 and 12.4.1 doesn't use a vulnerable version references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: DataLoader + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: SonicCore cves: cve-2021-4104: investigated: false @@ -71664,16 +84713,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '>=53.0.2' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '>=53.0.2' + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71681,15 +84728,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.2 - notes: This version is for use with Salesforce Winter '22 or higher release through - Salesforce Force Partner API and Force WSC v53.0.0. It contains the fix for - CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 by upgrading to log4j 2.17.0. + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: SonicCore doesn't use a Log4j2 references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Datorama + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: SonicWall Switch cves: cve-2021-4104: investigated: false @@ -71697,16 +84742,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71714,15 +84757,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the SonicWall Switch. references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Evergage (Interaction Studio) + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: WAF cves: cve-2021-4104: investigated: false @@ -71730,16 +84771,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71747,15 +84786,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to address - the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Experience (Community) Cloud + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: WNM cves: cve-2021-4104: investigated: false @@ -71763,16 +84800,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71780,15 +84815,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the WNM. references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Force.com + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: WXA cves: cve-2021-4104: investigated: false @@ -71796,16 +84829,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71813,18 +84844,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. The Data Loader tool has been - patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. - Make sure that you are using Data Loader version 53.0.2 or later. Follow the - steps described here to download the latest version of Data Loader. + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: WXA doesn't use a vulnerable version references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Heroku + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Cloud Optix cves: cve-2021-4104: investigated: false @@ -71832,31 +84858,30 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Heroku is reported to not be affected by the issues currently identified - in CVE-2021-44228 or CVE-2021-45046. + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Users may have noticed a brief outage around 12:30 GMT as updates were + deployed. There was no evidence that the vulnerability was exploited and to + our knowledge no customers are impacted. references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Marketing Cloud + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Reflexion cves: cve-2021-4104: investigated: false @@ -71864,16 +84889,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71881,16 +84904,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Salesforce-owned services within Marketing Cloud are not affected by the - issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party - vendors have been patched to address the security issues currently identified - in CVE-2021-44228 or CVE-2021-45046. + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Reflexion does not run an exploitable configuration. references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: MuleSoft (Cloud) + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: SG UTM (all versions) cves: cve-2021-4104: investigated: false @@ -71898,16 +84918,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71915,16 +84933,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft - services, including dataloader.io, have been updated to mitigate the issues - currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional - details here. + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos SG UTM does not use Log4j. references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: MuleSoft (On-Premise) + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: SG UTM Manager (SUM) (all versions) cves: cve-2021-4104: investigated: false @@ -71934,14 +84949,13 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All versions cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71949,17 +84963,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors, including Private Cloud Edition - (PCE) and Anypoint Studio, have a mitigation in place to address the issues - currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional - details here. + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: SUM does not use Log4j. references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Pardot + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Central cves: cve-2021-4104: investigated: false @@ -71967,16 +84977,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71984,15 +84992,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos Central does not run an exploitable configuration. references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Sales Cloud + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Firewall (all versions) cves: cve-2021-4104: investigated: false @@ -72000,16 +85006,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -72017,15 +85021,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos Firewall does not use Log4j. references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Service Cloud + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Home cves: cve-2021-4104: investigated: false @@ -72033,16 +85035,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -72050,15 +85050,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos Home does not use Log4j. references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Slack + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Mobile cves: cve-2021-4104: investigated: false @@ -72066,16 +85064,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -72083,16 +85079,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are - available here. + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos Mobile (in Central, SaaS, and on-premises) does not run an exploitable + configuration. references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Social Studio + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Mobile EAS Proxy cves: cve-2021-4104: investigated: false @@ -72101,15 +85095,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - All + affected_versions: + - < 9.7.2 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -72117,15 +85110,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: The Sophos Mobile EAS Proxy, running in Traffic Mode, is affected. Customers + will need to download and install version 9.7.2, available from Monday December + 13, 2021, on the same machine where it is currently running. PowerShell mode + is not affected. Customers can download the Standalone EAS Proxy Installer version + 9.7.2 from the Sophos website. references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Tableau (On-Premise) + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos ZTNA cves: cve-2021-4104: investigated: false @@ -72133,10 +85128,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - < 2021.4.1 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -72149,16 +85143,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell - notes: Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. - Patches to address the issues currently identified in both CVE-2021-44228 and - CVE-2021-45046 are available for download. Additional details are available - here. + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos ZTNA does not use Log4j. references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Salesforce - product: Tableau (Online) + last_updated: '2021-12-12T00:00:00' + - vendor: SOS Berlin + product: '' cves: cve-2021-4104: investigated: false @@ -72166,16 +85157,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -72183,15 +85172,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services - have been patched to mitigate the issues currently identified in both CVE-2021-44228 - and CVE-2021-45046. + - https://www.sos-berlin.com/en/news-mitigation-log4j-vulnerability + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Samsung Electronics America - product: Knox Admin Portal + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Spacelabs Healthcare + product: ABP cves: cve-2021-4104: investigated: false @@ -72203,26 +85190,27 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - OnTrak + - 90217A + - and 90207 cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Asset Intelligence + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: CardioExpress cves: cve-2021-4104: investigated: false @@ -72234,26 +85222,27 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - SL6A + - SL12A + - and SL18A cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Configure + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: DM3 and DM4 Monitors cves: cve-2021-4104: investigated: false @@ -72261,30 +85250,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox E-FOTA One + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Eclipse Pro cves: cve-2021-4104: investigated: false @@ -72292,30 +85279,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Guard + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: EVO cves: cve-2021-4104: investigated: false @@ -72323,30 +85308,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox License Management + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Intesys Clinical Suite (ICS) cves: cve-2021-4104: investigated: false @@ -72354,30 +85337,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Manage + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Intesys Clinical Suite (ICS) Clinical Access Workstations cves: cve-2021-4104: investigated: false @@ -72385,16 +85366,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -72402,13 +85381,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Managed Services Provider (MSP) + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Lifescreen Pro cves: cve-2021-4104: investigated: false @@ -72416,30 +85395,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Mobile Enrollment + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Pathfinder SL cves: cve-2021-4104: investigated: false @@ -72447,30 +85424,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Reseller Portal + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Qube cves: cve-2021-4104: investigated: false @@ -72480,14 +85455,13 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Cloud - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '91390' cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -72495,13 +85469,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Sangoma - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Qube Mini cves: cve-2021-4104: investigated: false @@ -72509,10 +85483,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91389' cve-2021-45046: investigated: false affected_versions: [] @@ -72524,13 +85499,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.sangoma.com/community/s/article/Log4Shell + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SAP - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: SafeNSound cves: cve-2021-4104: investigated: false @@ -72538,9 +85513,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -72553,14 +85529,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.sap.com/content/dam/support/en_us/library/ssp/my-support/trust-center/sap-tc-01-5025.pdf - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: Version >4.3.1 - Not Affected references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: SAP Advanced Platform - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Sentinel cves: cve-2021-4104: investigated: false @@ -72583,14 +85558,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://launchpad.support.sap.com/#/notes/3130698 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: SAP BusinessObjects - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Spacelabs Cloud cves: cve-2021-4104: investigated: false @@ -72613,14 +85587,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blogs.sap.com/2021/12/16/cve-2021-44228-impact-of-log4j-vulnerability-on-sap-businessobjects/ - notes: The support document is available to customers only and has not been reviewed - by CISA + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: SAS - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Ultraview SL cves: cve-2021-4104: investigated: false @@ -72628,10 +85601,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91367' + - '91369' + - '91370' + - and 91387 cve-2021-45046: investigated: false affected_versions: [] @@ -72643,13 +85620,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SASSAFRAS - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Xhibit Telemetry Receiver (XTR) cves: cve-2021-4104: investigated: false @@ -72657,10 +85634,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '96280' cve-2021-45046: investigated: false affected_versions: [] @@ -72672,13 +85650,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sassafras.com/log4j-vulnerability-cve-2021-44228/ + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Savignano software solutions - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Xhibit, XC4 cves: cve-2021-4104: investigated: false @@ -72686,10 +85664,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Xhibit 96102 + - XC4 96501 cve-2021-45046: investigated: false affected_versions: [] @@ -72701,13 +85681,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://savignano.atlassian.net/wiki/spaces/SNOTIFY/blog/2021/12/13/2839740417/No+Log4j+Vulnerability+in+S+Notify + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SBT - product: SBT + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: XprezzNet cves: cve-2021-4104: investigated: false @@ -72716,10 +85696,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <1.5.6 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '96190' cve-2021-45046: investigated: false affected_versions: [] @@ -72731,13 +85711,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/sbt/sbt/releases/tag/v1.5.7 + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: ScaleComputing - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Xprezzon cves: cve-2021-4104: investigated: false @@ -72745,10 +85725,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91393' cve-2021-45046: investigated: false affected_versions: [] @@ -72760,13 +85741,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.scalecomputing.com/s/article/Apache-Log4j-Vulnerability - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ScaleFusion MobileLock Pro + last_updated: '2022-01-05T00:00:00' + - vendor: Spambrella product: '' cves: cve-2021-4104: @@ -72790,13 +85770,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mobilock.in/article/t9sx43yg44-scalefusion-security-advisory-for-apache-log-4-j-vulnerability-cve-2021-44228 + - https://www.spambrella.com/faq/status-of-spambrella-products-with-cve-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Schneider Electric - product: EASYFIT + - vendor: Spigot + product: '' cves: cve-2021-4104: investigated: false @@ -72804,9 +85784,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72820,13 +85799,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.spigotmc.org/threads/spigot-security-releases-%E2%80%94-1-8-8%E2%80%931-18.537204/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Ecoreal XL + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Splunk + product: Data Stream Processor cves: cve-2021-4104: investigated: false @@ -72836,7 +85815,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - DSP 1.0.x + - DSP 1.1.x + - DSP 1.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72850,13 +85831,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: EcoStruxure IT Expert + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: IT Essentials Work [App ID 5403](https://splunkbase.splunk.com/app/5403/) cves: cve-2021-4104: investigated: false @@ -72865,39 +85846,12 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - Cloud - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: [] - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: EcoStruxure IT Gateway - cves: - cve-2021-4104: - investigated: false - affected_versions: [] + affected_versions: + - '4.11' + - 4.10.x (Cloud only) + - 4.9.x fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - V1.5.0 to V1.13.0 - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -72909,13 +85863,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ecostruxureit.com/download-and-set-upecostruxureit-gateway/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Eurotherm Data Reviewer + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: IT Service Intelligence (ITSI) [App ID 1841](https://splunkbase.splunk.com/app/1841/) cves: cve-2021-4104: investigated: false @@ -72925,7 +85879,13 @@ software: cve-2021-44228: investigated: true affected_versions: - - V3.0.2 and prior + - 4.11.0 + - 4.10.x (Cloud only) + - 4.9.x + - 4.8.x (Cloud only) + - 4.7.x + - 4.6.x + - 4.5.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72939,13 +85899,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Facility Expert Small Business + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Add-On for Java Management Extensions [App ID 2647](https://splunkbase.splunk.com/app/2647) cves: cve-2021-4104: investigated: false @@ -72954,9 +85914,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - Cloud + affected_versions: + - 5.2.0 and older + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -72969,13 +85929,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: MSE + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Add-On for Tomcat [App ID 2911](https://splunkbase.splunk.com/app/2911/) cves: cve-2021-4104: investigated: false @@ -72985,7 +85945,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - 3.0.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72999,13 +85959,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: NetBotz750/755 + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Application Performance Monitoring cves: cve-2021-4104: investigated: false @@ -73015,7 +85975,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Software versions 5.0 through 5.3.0 + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73029,13 +85989,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: NEW630 + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Connect for Kafka cves: cve-2021-4104: investigated: false @@ -73045,7 +86005,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - All versions prior to 2.0.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73059,13 +86019,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK BOM + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Enterprise (including instance types like Heavy Forwarders) cves: cve-2021-4104: investigated: false @@ -73075,7 +86035,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - All supported non-Windows versions of 8.1.x and 8.2.x only if DFS is used. + See Removing Log4j from Splunk Enterprise below for guidance on unsupported + versions. fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73089,13 +86051,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK-Docgen + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Enterprise Amazon Machine Image (AMI) cves: cve-2021-4104: investigated: false @@ -73105,7 +86067,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - See Splunk Enterprise fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73119,13 +86081,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK-TNC + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Enterprise Docker Container cves: cve-2021-4104: investigated: false @@ -73135,7 +86097,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - See Splunk Enterprise fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73149,13 +86111,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK-UMS + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Infrastructure Monitoring cves: cve-2021-4104: investigated: false @@ -73165,7 +86127,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73179,13 +86141,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK3D2DRenderer + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Log Observer cves: cve-2021-4104: investigated: false @@ -73195,7 +86157,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73209,13 +86171,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK3D360Widget + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Logging Library for Java cves: cve-2021-4104: investigated: false @@ -73225,7 +86187,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - 1.11.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73239,13 +86201,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Select and Config DATA + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk On-call / VictorOps cves: cve-2021-4104: investigated: false @@ -73255,7 +86217,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73269,13 +86231,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SNC-API + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk OVA for VMWare [App ID 3216](https://splunkbase.splunk.com/app/3216/) cves: cve-2021-4104: investigated: false @@ -73285,7 +86247,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - 4.0.3 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73299,13 +86261,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SNC-CMM + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk OVA for VMWare Metrics [App ID 5096](https://splunkbase.splunk.com/app/5096/) cves: cve-2021-4104: investigated: false @@ -73315,7 +86277,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - 4.2.1 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73329,13 +86291,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SNCSEMTECH + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Real User Monitoring cves: cve-2021-4104: investigated: false @@ -73345,7 +86307,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73359,13 +86321,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SPIMV3 + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Splunk Add-On for JBoss [App ID 2954](https://splunkbase.splunk.com/app/2954/) cves: cve-2021-4104: investigated: false @@ -73375,7 +86337,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - 3.0.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73389,13 +86351,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SWBEditor + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Synthetics cves: cve-2021-4104: investigated: false @@ -73405,7 +86367,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73419,13 +86381,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SWBEngine + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk UBA OVA Software cves: cve-2021-4104: investigated: false @@ -73435,7 +86397,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - 5.0.3a + - 5.0.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73449,13 +86412,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Wiser by SE platform + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) cves: cve-2021-4104: investigated: false @@ -73464,9 +86427,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - Cloud + affected_versions: + - 1.1.1 and older + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -73478,12 +86441,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schweitzer Engineering Laboratories + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Sprecher Automation product: '' cves: cve-2021-4104: @@ -73507,13 +86471,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://selinc.com/support/security-notifications/ + - https://www.sprecher-automation.com/en/it-security/security-alerts notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: SCM Manager - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Spring + product: Spring Boot cves: cve-2021-4104: investigated: false @@ -73536,12 +86500,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://scm-manager.org/blog/posts/2021-12-13-log4shell/ - notes: '' + - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot + notes: Spring Boot users are only affected by this vulnerability if they have + switched the default logging system to Log4J2 references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ScreenBeam + - vendor: Spring Boot product: '' cves: cve-2021-4104: @@ -73565,12 +86530,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://customersupport.screenbeam.com/hc/en-us/articles/4416468085389-December-2021-Security-Alert-Log4j-CVE-2021-44228 + - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SDL worldServer + - vendor: StarDog product: '' cves: cve-2021-4104: @@ -73594,13 +86559,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://gateway.sdl.com/apex/communityknowledge?articleName=000017707 + - https://community.stardog.com/t/stardog-7-8-1-available/3411 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Seagull Scientific - product: '' + - vendor: STERIS + product: Advantage cves: cve-2021-4104: investigated: false @@ -73623,13 +86588,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.seagullscientific.com/hc/en-us/articles/4415794235543-Apache-Log4Shell-Vulnerability + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SecurePoint - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Advantage Plus cves: cve-2021-4104: investigated: false @@ -73652,13 +86617,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securepoint.de/news/details/sicherheitsluecke-log4j-securepoint-loesungen-nicht-betroffen.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Security Onion - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO 2000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -73681,13 +86646,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Securonix - product: Extended Detection and Response (XDR) + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO 3000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -73695,41 +86660,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 - references: - - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Securonix - product: Next Gen SIEM - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -73741,13 +86675,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Securonix - product: Security Analytics and Operations Platform (SOAR) + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO 400 MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -73755,9 +86689,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73771,13 +86704,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Securonix - product: SNYPR Application + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO 400 SMALL STEAM STERILIZERS cves: cve-2021-4104: investigated: false @@ -73800,13 +86733,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-OnPrem-Customer-Update.pdf + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Securonix - product: User and Entity Behavior Analytics(UEBA) + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO 5000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -73814,9 +86747,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73830,13 +86762,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Seeburger - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO 600 MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -73859,14 +86791,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://servicedesk.seeburger.de/portal/en-US/Knowledge/Article/?defId=101040&id=25486312&COMMAND=Open - notes: This advisory is available to customers only and has not been reviewed - by CISA. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SentinelOne - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO 7000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -73889,13 +86820,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sentinelone.com/blog/cve-2021-44228-staying-secure-apache-log4j-vulnerability/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Sentry - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO CENTURY MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -73918,13 +86849,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.sentry.io/2021/12/15/sentrys-response-to-log4j-vulnerability-cve-2021-44228 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SEP - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO CENTURY SMALL STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -73947,13 +86878,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.sep.de/otrs/public.pl?Action=PublicFAQZoom;ItemID=132 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Server Eye - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO EAGLE 3000 SERIES STAGE 3 STEAM STERILIZERS cves: cve-2021-4104: investigated: false @@ -73976,13 +86907,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.server-eye.de/blog/sicherheitsluecke-log4j-server-eye-systeme-sind-nicht-betroffen/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ServiceNow - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO EVOLUTION FLOOR LOADER STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -74005,13 +86936,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Shibboleth - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO EVOLUTION MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -74034,13 +86965,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://shibboleth.net/pipermail/announce/2021-December/000253.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Shibboleth - product: All Products + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Canexis 1.0 cves: cve-2021-4104: investigated: false @@ -74048,12 +86979,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Identity Provider>=3.0 - - All other software versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -74065,13 +86994,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://shibboleth.net/pipermail/announce/2021-December/000253.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Shopify - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: CELERITY HP INCUBATOR cves: cve-2021-4104: investigated: false @@ -74094,13 +87023,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.shopify.com/c/technical-q-a/is-shopify-affected-by-the-log4j-vulnerability/td-p/1417625 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Siebel - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: CELERITY STEAM INCUBATOR cves: cve-2021-4104: investigated: false @@ -74123,43 +87052,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siebelhub.com/main/2021/12/log4j-vulnerability-cve-2021-44228-and-siebel-crm.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Siemens - product: Affected Products - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens - product: Affected Products + - vendor: STERIS + product: CER Optima cves: cve-2021-4104: investigated: false @@ -74182,14 +87081,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Siemens Energy - product: Affected Products + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Clarity Software cves: cve-2021-4104: investigated: false @@ -74212,14 +87110,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Siemens Energy - product: Affected Products + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Connect Software cves: cve-2021-4104: investigated: false @@ -74242,14 +87139,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Siemens Energy - product: Affected Products + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: ConnectAssure Technology cves: cve-2021-4104: investigated: false @@ -74272,14 +87168,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Siemens Healthineers - product: ATELLICA DATA MANAGER v1.1.1 / v1.2.1 / v1.3.1 + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: ConnectoHIS cves: cve-2021-4104: investigated: false @@ -74302,15 +87197,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: If you have determined that your Atellica Data Manager has a “Java communication - engine” service, and you require an immediate mitigation, then please contact - your Siemens Customer Care Center or your local Siemens technical support representative. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: CENTRALINK v16.0.2 / v16.0.3 + - vendor: STERIS + product: CS-iQ Sterile Processing Workflow cves: cve-2021-4104: investigated: false @@ -74333,15 +87226,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: If you have determined that your CentraLink has a “Java communication engine” - service, and you require a mitigation, then please contact your Siemens Customer - Care Center or your local Siemens technical support representative. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Cios Flow S1 / Alpha / Spin VA30 + - vendor: STERIS + product: DSD Edge cves: cve-2021-4104: investigated: false @@ -74364,13 +87255,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Cios Select FD/I.I. VA21 / VA21-S3P + - vendor: STERIS + product: DSD-201, cves: cve-2021-4104: investigated: false @@ -74393,13 +87284,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: DICOM Proxy VB10A + - vendor: STERIS + product: EndoDry cves: cve-2021-4104: investigated: false @@ -74422,13 +87313,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.All, Som10 VA20 / VA30 / VA40 + - vendor: STERIS + product: Endora cves: cve-2021-4104: investigated: false @@ -74451,14 +87342,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Fit, Som10 VA30 + - vendor: STERIS + product: Harmony iQ Integration Systems cves: cve-2021-4104: investigated: false @@ -74481,14 +87371,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Now, Som10 VA10 / VA20 / VA30 / VA40 + - vendor: STERIS + product: Harmony iQ Perspectives Image Management System cves: cve-2021-4104: investigated: false @@ -74511,14 +87400,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Open Pro, Som10 VA30 / VA40 + - vendor: STERIS + product: HexaVue cves: cve-2021-4104: investigated: false @@ -74541,14 +87429,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Sim, Som10 VA30 / VA40 + - vendor: STERIS + product: HexaVue Integration System cves: cve-2021-4104: investigated: false @@ -74571,14 +87458,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Top, Som10 VA20 / VA20A_SP5 / VA30 / VA40 + - vendor: STERIS + product: IDSS Integration System cves: cve-2021-4104: investigated: false @@ -74601,14 +87487,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Up, Som10 VA10 / VA20 / VA30 / VA40 + - vendor: STERIS + product: RapidAER cves: cve-2021-4104: investigated: false @@ -74631,15 +87516,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM AERA 1,5T, MAGNETOM PRISMA, MAGNETOM PRISMA FIT, MAGNETOM SKYRA - 3T NUMARIS/X VA30A + - vendor: STERIS + product: ReadyTracker cves: cve-2021-4104: investigated: false @@ -74662,15 +87545,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Altea NUMARIS/X VA20A + - vendor: STERIS + product: RealView Visual Workflow Management System cves: cve-2021-4104: investigated: false @@ -74693,16 +87574,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM ALTEA, MAGNETOM LUMINA, MAGNETOM SOLA, MAGNETOM VIDA NUMARIS/X - VA31A + - vendor: STERIS + product: RELIANCE 444 WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -74725,15 +87603,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Amira NUMARIS/X VA12M + - vendor: STERIS + product: RELIANCE SYNERGY WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -74756,15 +87632,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Free.Max NUMARIS/X VA40 + - vendor: STERIS + product: RELIANCE VISION 1300 SERIES CART AND UTENSIL WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -74787,15 +87661,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Lumina NUMARIS/X VA20A + - vendor: STERIS + product: RELIANCE VISION MULTI- CHAMBER WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -74818,15 +87690,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Sempra NUMARIS/X VA12M + - vendor: STERIS + product: RELIANCE VISION SINGLE CHAMBER WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -74849,15 +87719,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Sola fit NUMARIS/X VA20A + - vendor: STERIS + product: Renatron cves: cve-2021-4104: investigated: false @@ -74880,15 +87748,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Sola NUMARIS/X VA20A + - vendor: STERIS + product: ScopeBuddy+ cves: cve-2021-4104: investigated: false @@ -74911,15 +87777,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Vida fit NUMARIS/X VA20A + - vendor: STERIS + product: SecureCare ProConnect Technical Support Services cves: cve-2021-4104: investigated: false @@ -74942,15 +87806,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Vida NUMARIS/X VA10A* / VA20A + - vendor: STERIS + product: Situational Awareness for Everyone Display (S.A.F.E.) cves: cve-2021-4104: investigated: false @@ -74973,15 +87835,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A + - vendor: STERIS + product: SPM Surgical Asset Tracking Software cves: cve-2021-4104: investigated: false @@ -75004,13 +87864,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Somatom Emotion Som5 VC50 + - vendor: STERIS + product: SYSTEM 1 endo LIQUID CHEMICAL STERILANT PROCESSING SYSTEM cves: cve-2021-4104: investigated: false @@ -75033,13 +87893,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Somatom Scope Som5 VC50 + - vendor: STERIS + product: V-PRO 1 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -75062,13 +87922,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A + - vendor: STERIS + product: V-PRO 1 PLUS LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -75091,13 +87951,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Syngo MobileViewer VA10A + - vendor: STERIS + product: V-PRO MAX 2 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -75120,14 +87980,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: The vulnerability will be patch/mitigated in upcoming releases\patches. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 - / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 + - vendor: STERIS + product: V-PRO MAX LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -75150,14 +88009,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 - - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 + - vendor: STERIS + product: V-PRO S2 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -75180,16 +88038,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: Please contact your Customer Service to get support on mitigating the vulnerability. + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 - - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B - / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 - / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 + - vendor: STERIS + product: VERIFY INCUBATOR FOR ASSERT SELF-CONTAINED BIOLOGICAL INDICATORS cves: cve-2021-4104: investigated: false @@ -75212,13 +88067,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: syngo.via WebViewer VA13B / VA20A / VA20B + - vendor: Sterling Order IBM + product: '' cves: cve-2021-4104: investigated: false @@ -75241,13 +88096,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://www.ibm.com/support/pages/node/6525544 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: X.Ceed Somaris 10 VA40* + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Storagement + product: '' cves: cve-2021-4104: investigated: false @@ -75270,14 +88125,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://www.storagement.de/index.php?action=topicofthemonth&site=log4j + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: X.Cite Somaris 10 VA30*/VA40* + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: StormShield + product: '' cves: cve-2021-4104: investigated: false @@ -75300,13 +88154,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://www.stormshield.com/news/log4shell-security-alert-stormshield-product-response/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Sierra Wireless + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: StrangeBee TheHive & Cortex product: '' cves: cve-2021-4104: @@ -75330,13 +88183,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/ + - https://blog.strangebee.com/apache-log4j-cve-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Sierra Wireless - product: AirVantage and Octave cloud platforms + - vendor: Stratodesk + product: '' cves: cve-2021-4104: investigated: false @@ -75359,14 +88212,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs - notes: These systems do not operate with the specific non-standard configuration - required for CVE-2021-25046 and hence were not vulnerable to it. + - http://cdn.stratodesk.com/repository/notouch-center/10/4.5.231/0/ReleaseNotes-Stratodesk-NoTouch_Center-4.5.231.html + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Sierra Wireless - product: AM/AMM servers + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Strimzi + product: '' cves: cve-2021-4104: investigated: false @@ -75389,12 +88241,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs + - https://strimzi.io/blog/2021/12/14/strimzi-and-log4shell/ notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Signald + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Stripe product: '' cves: cve-2021-4104: @@ -75418,13 +88270,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://gitlab.com/signald/signald/-/issues/259 + - https://support.stripe.com/questions/update-for-apache-log4j-vulnerability-(cve-2021-44228) notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Silver Peak - product: Orchestrator, Silver Peak GMS + - vendor: Styra + product: '' cves: cve-2021-4104: investigated: false @@ -75447,15 +88299,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arubanetworks.com/website/techdocs/sdwan/docs/advisories/media/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf - notes: Customer managed Orchestrator and legacy GMS products are affected by this - vulnerability. This includes on-premise and customer managed instances running - in public cloud services such as AWS, Azure, Google, or Oracle Cloud. See Corrective - Action Required for details about how to mitigate this exploit. + - https://blog.styra.com/blog/newest-log4j-security-vulnerability-cve-2021-44228-log4shell + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: SingleWire + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sumologic product: '' cves: cve-2021-4104: @@ -75479,13 +88328,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.singlewire.com/s/article/Apache-Log4j2-vulnerability-CVE-2021-44228 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://docs.google.com/document/d/e/2PACX-1vSdeODZ2E5k0aZgHm06OJWhDQWgtxxB0ZIrTsuQjg5xaoxlogmTVGdOWoSFtDlZBdHzY6ET6k6Sk-g1/pub + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SISCO + - vendor: SumoLogic product: '' cves: cve-2021-4104: @@ -75509,12 +88357,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sisconet.com/sisco-news/log4j/ + - https://help.sumologic.com/Release-Notes/Collector-Release-Notes#december-11-2021-19-361-12 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Sitecore + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Superna EYEGLASS product: '' cves: cve-2021-4104: @@ -75538,12 +88386,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001391 + - https://manuals.supernaeyeglass.com/project-technical-advisories-all-products/HTML/technical-advisories.html#h2__1912345025 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Skillable + - vendor: Suprema Inc product: '' cves: cve-2021-4104: @@ -75567,12 +88415,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://skillable.com/log4shell/ + - https://www.supremainc.com/en/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SLF4J + - vendor: SUSE product: '' cves: cve-2021-4104: @@ -75596,42 +88444,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://slf4j.org/log4shell.html + - https://www.suse.com/c/suse-statement-on-log4j-log4shell-cve-2021-44228-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Slurm - product: Slurm - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 20.11.8 - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://slurm.schedmd.com/documentation.html - notes: '' - references: - - '' - last_updated: '2021-12-21T00:00:00' - - vendor: SMA Solar Technology AG + - vendor: Sweepwidget product: '' cves: cve-2021-4104: @@ -75655,12 +88473,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://files.sma.de/downloads/HK_Log4j-en-10.pdf?_ga=2.237963714.352491368.1640298543-2015796445.1640298540 + - https://sweepwidget.com/view/23032-v9f40ns1/4zow83-23032 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: SmartBear + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Swyx product: '' cves: cve-2021-4104: @@ -75684,12 +88502,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://smartbear.com/security/cve-2021-44228/ + - https://service.swyx.net/hc/de/articles/4412323539474 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SmileCDR + - vendor: Synchro MSP product: '' cves: cve-2021-4104: @@ -75713,12 +88531,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228 + - https://community.syncromsp.com/t/log4j-rce-cve-2021-4428/1350 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Sn0m + - vendor: Syncplify product: '' cves: cve-2021-4104: @@ -75742,13 +88560,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.snom.com/en/press/log4j-poses-no-threat-snom-phones/ + - https://blog.syncplify.com/no-we-are-not-affected-by-log4j-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Snakemake - product: Snakemake + - vendor: Synology + product: '' cves: cve-2021-4104: investigated: false @@ -75756,11 +88574,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 6.12.1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -75772,13 +88589,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://snakemake.readthedocs.io/en/stable/ + - https://www.synology.com/en-global/security/advisory/Synology_SA_21_30 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Snow Software - product: Snow Commander + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Synopsys + product: '' cves: cve-2021-4104: investigated: false @@ -75786,10 +88603,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 8.1 to 8.10.2 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -75802,13 +88618,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS + - https://community.synopsys.com/s/article/SIG-Security-Advisory-for-Apache-Log4J2-CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Snow Software - product: VM Access Proxy + - vendor: Syntevo + product: '' cves: cve-2021-4104: investigated: false @@ -75816,10 +88632,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - v3.1 to v3.6 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -75832,12 +88647,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS + - https://www.syntevo.com/blog/?p=5240 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Snowflake + - vendor: SysAid product: '' cves: cve-2021-4104: @@ -75861,13 +88676,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.snowflake.com/s/article/No-Snowflake-exposure-to-Apache-Log4j-vulnerability-CVE-2021-44228 + - https://www.sysaid.com/lp/important-update-regarding-apache-log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Snyk - product: Cloud Platform + - vendor: Sysdig + product: '' cves: cve-2021-4104: investigated: false @@ -75890,13 +88705,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://updates.snyk.io/snyk%27s-cloud-platform-all-clear-from-log4j-exploits-216499 + - https://sysdig.com/blog/cve-critical-vulnerability-log4j/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Software AG - product: '' + - vendor: Tableau + product: Tableau Bridge cves: cve-2021-4104: investigated: false @@ -75904,8 +88719,21 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'The following versions and lower: 20214.21.1109.1748' + - 20213.21.1112.1434 + - 20212.21.0818.1843 + - 20211.21.0617.1133 + - 20204.21.0217.1203 + - 20203.20.0913.2112 + - 20202.20.0721.1350 + - 20201.20.0614.2321 + - 20194.20.0614.2307 + - 20193.20.0614.2306 + - 20192.19.0917.1648 + - 20191.19.0402.1911 + - 20183.19.0115.1143 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -75919,13 +88747,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tech.forums.softwareag.com/t/log4j-zero-day-vulnerability/253849 + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SolarWinds - product: Database Performance Analyzer (DPA) + last_updated: '2021-12-22T00:00:00' + - vendor: Tableau + product: Tableau Desktop cves: cve-2021-4104: investigated: false @@ -75935,9 +88763,19 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2021.1.x - - 2021.3.x - - 2022.1.x + - 'The following versions and lower: 2021.4' + - 2021.3.4 + - 2021.2.5 + - 2021.1.8 + - 2020.4.11 + - 2020.3.14 + - 2020.2.19 + - 2020.1.22 + - 2019.4.25 + - 2019.3.26 + - 2019.2.29 + - 2019.1.29 + - 2018.3.29 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -75951,13 +88789,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 - notes: 'For more information, please see the following KB article: [link](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US)' + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: SolarWinds - product: Orion Platform + last_updated: '2021-12-22T00:00:00' + - vendor: Tableau + product: Tableau Prep Builder cves: cve-2021-4104: investigated: false @@ -75965,8 +88803,21 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'The following versions and lower: 22021.4.1' + - 2021.3.2 + - 2021.2.2 + - 2021.1.4 + - 2020.4.1 + - 2020.3.3 + - 2020.2.3 + - 2020.1.5 + - 2019.4.2 + - 2019.3.2 + - 2019.2.3 + - 2019.1.4 + - 2018.3.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -75980,13 +88831,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: SolarWinds - product: Server & Application Monitor (SAM) + last_updated: '2021-12-22T00:00:00' + - vendor: Tableau + product: Tableau Public Desktop Client cves: cve-2021-4104: investigated: false @@ -75996,7 +88847,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - SAM 2020.2.6 and later + - 'The following versions and lower: 2021.4' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -76010,14 +88861,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 - notes: 'For more information, please see the following KB article for the latest - details specific to the SAM hotfix: [link](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US)' + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: SonarSource - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Tableau + product: Tableau Reader cves: cve-2021-4104: investigated: false @@ -76025,8 +88875,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'The following versions and lower: 2021.4' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -76040,13 +88891,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721 + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Sonatype - product: All Products + last_updated: '2021-12-22T00:00:00' + - vendor: Tableau + product: Tableau Server cves: cve-2021-4104: investigated: false @@ -76055,10 +88906,22 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 'The following versions and lower: 2021.4' + - 2021.3.4 + - 2021.2.5 + - 2021.1.8 + - 2020.4.11 + - 2020.3.14 + - 2020.2.19 + - 2020.1.22 + - 2019.4.25 + - 2019.3.26 + - 2019.2.29 + - 2019.1.29 + - 2018.3.29 fixed_versions: [] - unaffected_versions: - - All Versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -76070,17 +88933,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.sonatype.com/docs/important-announcements/sonatype-product-log4j-vulnerability-status - notes: Sonatype uses logback as the default logging solution as opposed to log4j. - This means our software including Nexus Lifecycle, Nexus Firewall, Nexus Repository - OSS and Nexus Repository Pro in versions 2.x and 3.x are NOT affected by the - reported log4j vulnerabilities. We still advise keeping your software upgraded - at the latest version. + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + notes: '' references: - '' - last_updated: '2021-12-29T00:00:00' - - vendor: SonicWall - product: Access Points + last_updated: '2021-12-22T00:00:00' + - vendor: Talend + product: '' cves: cve-2021-4104: investigated: false @@ -76103,13 +88962,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the SonicWall Access Points + - https://jira.talendforge.org/browse/TCOMP-2054 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Analytics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tanium + product: All cves: cve-2021-4104: investigated: false @@ -76117,10 +88976,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -76132,13 +88992,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://tanium.my.salesforce.com/sfc/p/#60000000IYkG/a/7V000000PeT8/8C98AHl7wP5_lpUwp3qmY5sSdwXx6wG6LE4gPYlxO8c + notes: Tanium does not use Log4j. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Analyzer + last_updated: '2021-12-21T00:00:00' + - vendor: TealiumIQ + product: '' cves: cve-2021-4104: investigated: false @@ -76161,13 +89021,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://community.tealiumiq.com/t5/Announcements-Blog/Update-on-Log4j-Security-Vulnerability/ba-p/36824 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Capture Client & Capture Client Portal + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: TeamPasswordManager + product: '' cves: cve-2021-4104: investigated: false @@ -76190,13 +89050,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the Capture Client. + - https://teampasswordmanager.com/blog/log4j-vulnerability/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Capture Security Appliance + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Teamviewer + product: '' cves: cve-2021-4104: investigated: false @@ -76219,13 +89079,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the Capture Security appliance. + - https://www.teamviewer.com/en/trust-center/security-bulletins/hotfix-log4j2-issue/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: CAS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tech Software + product: OneAegis (f/k/a IRBManager) cves: cve-2021-4104: investigated: false @@ -76233,10 +89093,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -76248,13 +89109,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://support.techsoftware.com/hc/en-us/articles/4412825948179 + notes: OneAegis does not use Log4j. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Email Security + last_updated: '2021-12-15T00:00:00' + - vendor: Tech Software + product: SMART cves: cve-2021-4104: investigated: false @@ -76262,10 +89123,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -76277,13 +89139,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: ES 10.0.11 and earlier versions are impacted + - https://support.techsoftware.com/hc/en-us/articles/4412825948179 + notes: SMART does not use Log4j. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: SonicWall - product: Gen5 Firewalls (EOS) + last_updated: '2021-12-15T00:00:00' + - vendor: Tech Software + product: Study Binders cves: cve-2021-4104: investigated: false @@ -76291,10 +89153,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -76306,13 +89169,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the appliance. + - https://support.techsoftware.com/hc/en-us/articles/4412825948179 + notes: Study Binders does not use Log4j. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Gen6 Firewalls + last_updated: '2021-12-15T00:00:00' + - vendor: TechSmith + product: '' cves: cve-2021-4104: investigated: false @@ -76335,13 +89198,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the appliance. + - https://support.techsmith.com/hc/en-us/articles/4416620527885?input_string=log4j + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Gen7 Firewalls + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Telestream + product: '' cves: cve-2021-4104: investigated: false @@ -76364,13 +89227,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the appliance. + - http://www.telestream.net/telestream-support/Apache-Log4j2-Bulletin.htm + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: GMS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tenable + product: Tenable.io / Nessus cves: cve-2021-4104: investigated: false @@ -76393,13 +89256,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://www.tenable.com/log4j + notes: None of Tenable’s products are running the version of Log4j vulnerable + to CVE-2021-44228 or CVE-2021-45046 at this time references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: MSW + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Thales + product: CADP/SafeNet Protect App (PA) - JCE cves: cve-2021-4104: investigated: false @@ -76422,13 +89286,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Mysonicwall service doesn't use Log4j + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: NSM + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Application Data Protection (CADP) – CAPI.net & Net Core cves: cve-2021-4104: investigated: false @@ -76451,13 +89315,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: NSM On-Prem and SaaS doesn't use a vulnerable version + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: SMA 100 + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Batch Data Transformation (BDT) 2.3 cves: cve-2021-4104: investigated: false @@ -76480,13 +89344,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the SMA100 appliance. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: SMA 1000 + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Cloud Key Manager (CCKM) Appliance cves: cve-2021-4104: investigated: false @@ -76509,13 +89373,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Version 12.1.0 and 12.4.1 doesn't use a vulnerable version + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: SonicCore + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Cloud Key Manager (CCKM) Embedded cves: cve-2021-4104: investigated: false @@ -76538,13 +89402,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: SonicCore doesn't use a Log4j2 + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: SonicWall Switch + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Database Protection cves: cve-2021-4104: investigated: false @@ -76567,13 +89431,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the SonicWall Switch. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: WAF + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Manager cves: cve-2021-4104: investigated: false @@ -76596,13 +89460,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: WNM + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Transparent Encryption (CTE/VTE/CTE-U) cves: cve-2021-4104: investigated: false @@ -76625,13 +89489,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the WNM. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: WXA + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Vaulted Tokenization (CT-V) / SafeNet Tokenization Manager cves: cve-2021-4104: investigated: false @@ -76654,13 +89518,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: WXA doesn't use a vulnerable version + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Cloud Optix + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Vaultless Tokenization (CTS, CT-VL) cves: cve-2021-4104: investigated: false @@ -76683,15 +89547,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Users may have noticed a brief outage around 12:30 GMT as updates were - deployed. There was no evidence that the vulnerability was exploited and to - our knowledge no customers are impacted. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Reflexion + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust/SafeNet PDBCTL cves: cve-2021-4104: investigated: false @@ -76714,13 +89576,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Reflexion does not run an exploitable configuration. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: SG UTM (all versions) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Crypto Command Center (CCC) cves: cve-2021-4104: investigated: false @@ -76743,43 +89605,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos SG UTM does not use Log4j. - references: - - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: SG UTM Manager (SUM) (all versions) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All versions - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: SUM does not use Log4j. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Central + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Data Protection on Demand cves: cve-2021-4104: investigated: false @@ -76802,13 +89634,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos Central does not run an exploitable configuration. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Firewall (all versions) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Data Security Manager (DSM) cves: cve-2021-4104: investigated: false @@ -76831,13 +89663,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos Firewall does not use Log4j. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Home + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: KeySecure cves: cve-2021-4104: investigated: false @@ -76860,13 +89692,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos Home does not use Log4j. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Mobile + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Luna EFT cves: cve-2021-4104: investigated: false @@ -76889,48 +89721,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos Mobile (in Central, SaaS, and on-premises) does not run an exploitable - configuration. - references: - - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Mobile EAS Proxy - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - < 9.7.2 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: The Sophos Mobile EAS Proxy, running in Traffic Mode, is affected. Customers - will need to download and install version 9.7.2, available from Monday December - 13, 2021, on the same machine where it is currently running. PowerShell mode - is not affected. Customers can download the Standalone EAS Proxy Installer version - 9.7.2 from the Sophos website. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos ZTNA + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Luna Network, PCIe, Luna USB HSM and backup devices cves: cve-2021-4104: investigated: false @@ -76953,13 +89750,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos ZTNA does not use Log4j. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SOS Berlin - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Luna SP cves: cve-2021-4104: investigated: false @@ -76982,13 +89779,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sos-berlin.com/en/news-mitigation-log4j-vulnerability + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Spacelabs Healthcare - product: ABP + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: payShield Monitor cves: cve-2021-4104: investigated: false @@ -76996,45 +89793,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - OnTrak - - 90217A - - and 90207 - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: '' - references: - - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: CardioExpress - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - SL6A - - SL12A - - and SL18A cve-2021-45046: investigated: false affected_versions: [] @@ -77046,13 +89808,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: DM3 and DM4 Monitors + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: ProtectServer HSMs cves: cve-2021-4104: investigated: false @@ -77075,13 +89837,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Eclipse Pro + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet Authentication Client cves: cve-2021-4104: investigated: false @@ -77104,13 +89866,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: EVO + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet eToken (all products) cves: cve-2021-4104: investigated: false @@ -77133,13 +89895,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Intesys Clinical Suite (ICS) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet IDPrime Virtual cves: cve-2021-4104: investigated: false @@ -77162,13 +89924,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Intesys Clinical Suite (ICS) Clinical Access Workstations + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet IDPrime(all products) cves: cve-2021-4104: investigated: false @@ -77191,13 +89953,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Lifescreen Pro + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet LUKS cves: cve-2021-4104: investigated: false @@ -77220,13 +89982,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Pathfinder SL + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet PKCS#11 and TDE cves: cve-2021-4104: investigated: false @@ -77249,13 +90011,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Qube + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet ProtectApp (PA) CAPI, .Net & Net Core cves: cve-2021-4104: investigated: false @@ -77263,41 +90025,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '91390' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: '' - references: - - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Qube Mini - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '91389' cve-2021-45046: investigated: false affected_versions: [] @@ -77309,13 +90040,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: SafeNSound + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet ProtectDB (PDB) cves: cve-2021-4104: investigated: false @@ -77323,10 +90054,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 4.3.1 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -77339,13 +90069,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: Version >4.3.1 - Not Affected + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Sentinel + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Safenet ProtectFile and ProtectFile- Fuse cves: cve-2021-4104: investigated: false @@ -77368,13 +90098,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Spacelabs Cloud + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet ProtectV cves: cve-2021-4104: investigated: false @@ -77397,13 +90127,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Ultraview SL + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet SQL EKM cves: cve-2021-4104: investigated: false @@ -77411,14 +90141,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91367' - - '91369' - - '91370' - - and 91387 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77430,13 +90156,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Xhibit Telemetry Receiver (XTR) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet Transform Utility (TU) cves: cve-2021-4104: investigated: false @@ -77444,11 +90170,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '96280' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77460,13 +90185,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Xhibit, XC4 + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet Trusted Access (STA) cves: cve-2021-4104: investigated: false @@ -77474,12 +90199,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Xhibit 96102 - - XC4 96501 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77491,13 +90214,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: XprezzNet + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet Vaultless Tokenization cves: cve-2021-4104: investigated: false @@ -77505,11 +90228,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '96190' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77521,13 +90243,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Xprezzon + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SAS on Prem (SPE/PCE) cves: cve-2021-4104: investigated: false @@ -77535,11 +90257,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91393' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77551,13 +90272,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spambrella - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel Connect cves: cve-2021-4104: investigated: false @@ -77580,13 +90301,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spambrella.com/faq/status-of-spambrella-products-with-cve-2021-44228/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Spigot - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel EMS Enterprise aaS cves: cve-2021-4104: investigated: false @@ -77609,13 +90330,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spigotmc.org/threads/spigot-security-releases-%E2%80%94-1-8-8%E2%80%931-18.537204/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Splunk - product: Data Stream Processor + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel EMS Enterprise OnPremise cves: cve-2021-4104: investigated: false @@ -77623,11 +90344,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - DSP 1.0.x - - DSP 1.1.x - - DSP 1.2.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77641,13 +90359,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: IT Essentials Work [App ID 5403](https://splunkbase.splunk.com/app/5403/) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel Envelope cves: cve-2021-4104: investigated: false @@ -77655,11 +90373,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '4.11' - - 4.10.x (Cloud only) - - 4.9.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77673,13 +90388,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: IT Service Intelligence (ITSI) [App ID 1841](https://splunkbase.splunk.com/app/1841/) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel ESDaaS cves: cve-2021-4104: investigated: false @@ -77687,15 +90402,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 4.11.0 - - 4.10.x (Cloud only) - - 4.9.x - - 4.8.x (Cloud only) - - 4.7.x - - 4.6.x - - 4.5.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77709,13 +90417,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Add-On for Java Management Extensions [App ID 2647](https://splunkbase.splunk.com/app/2647) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel HASP, Legacy dog, Maze, Hardlock cves: cve-2021-4104: investigated: false @@ -77723,9 +90431,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 5.2.0 and older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77739,13 +90446,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Add-On for Tomcat [App ID 2911](https://splunkbase.splunk.com/app/2911/) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel LDK EMS (LDK-EMS) cves: cve-2021-4104: investigated: false @@ -77753,9 +90460,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 3.0.0 and older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77769,13 +90475,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Application Performance Monitoring + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel LDKaas (LDK-EMS) cves: cve-2021-4104: investigated: false @@ -77783,9 +90489,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77799,13 +90504,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Connect for Kafka + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel Professional Services components (both Thales hosted & hosted + on-premises by customers) cves: cve-2021-4104: investigated: false @@ -77813,9 +90519,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions prior to 2.0.4 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77829,13 +90534,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Enterprise (including instance types like Heavy Forwarders) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel RMS cves: cve-2021-4104: investigated: false @@ -77843,11 +90548,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All supported non-Windows versions of 8.1.x and 8.2.x only if DFS is used. - See Removing Log4j from Splunk Enterprise below for guidance on unsupported - versions. + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77861,13 +90563,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Enterprise Amazon Machine Image (AMI) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel SCL cves: cve-2021-4104: investigated: false @@ -77875,9 +90577,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - See Splunk Enterprise + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77891,13 +90592,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Enterprise Docker Container + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel Superdog, SuperPro, UltraPro, SHK cves: cve-2021-4104: investigated: false @@ -77905,9 +90606,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - See Splunk Enterprise + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77921,13 +90621,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Infrastructure Monitoring + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel Up cves: cve-2021-4104: investigated: false @@ -77935,9 +90635,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77951,13 +90650,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Log Observer + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Thales Data Platform (TDP)(DDC) cves: cve-2021-4104: investigated: false @@ -77965,9 +90664,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77981,13 +90679,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Logging Library for Java + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Thales payShield 10k cves: cve-2021-4104: investigated: false @@ -77995,9 +90693,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 1.11.0 and older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78011,13 +90708,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk On-call / VictorOps + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Thales payShield 9000 cves: cve-2021-4104: investigated: false @@ -78025,9 +90722,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78041,13 +90737,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk OVA for VMWare [App ID 3216](https://splunkbase.splunk.com/app/3216/) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Thales payShield Manager cves: cve-2021-4104: investigated: false @@ -78055,9 +90751,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 4.0.3 and older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78071,13 +90766,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk OVA for VMWare Metrics [App ID 5096](https://splunkbase.splunk.com/app/5096/) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Vormetirc Key Manager (VKM) cves: cve-2021-4104: investigated: false @@ -78085,9 +90780,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 4.2.1 and older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78101,13 +90795,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Real User Monitoring + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Vormetric Application Encryption (VAE) cves: cve-2021-4104: investigated: false @@ -78115,9 +90809,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78131,13 +90824,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Splunk Add-On for JBoss [App ID 2954](https://splunkbase.splunk.com/app/2954/) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Vormetric Protection for Terradata Database (VPTD) cves: cve-2021-4104: investigated: false @@ -78145,9 +90838,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 3.0.0 and older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78161,13 +90853,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Synthetics + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Vormetric Tokenization Server (VTS) cves: cve-2021-4104: investigated: false @@ -78175,9 +90867,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78191,13 +90882,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk UBA OVA Software + last_updated: '2021-12-17T00:00:00' + - vendor: Thermo Fisher Scientific + product: '' cves: cve-2021-4104: investigated: false @@ -78205,10 +90896,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 5.0.3a - - 5.0.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78222,13 +90911,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://corporate.thermofisher.com/us/en/index/about/information-security/Protecting-Our-Products.html notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) + last_updated: '2021-12-22T00:00:00' + - vendor: Thermo-Calc + product: Thermo-Calc cves: cve-2021-4104: investigated: false @@ -78237,10 +90926,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.1.1 and older + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2022a cve-2021-45046: investigated: false affected_versions: [] @@ -78252,13 +90941,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html - notes: '' + - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ + notes: Use the program as normal, Install the 2022a patch when available references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Sprecher Automation - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Thermo-Calc + product: Thermo-Calc cves: cve-2021-4104: investigated: false @@ -78266,10 +90955,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2021b cve-2021-45046: investigated: false affected_versions: [] @@ -78281,13 +90971,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sprecher-automation.com/en/it-security/security-alerts - notes: '' + - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ + notes: Use the program as normal references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Spring - product: Spring Boot + last_updated: '2021-12-22T00:00:00' + - vendor: Thermo-Calc + product: Thermo-Calc cves: cve-2021-4104: investigated: false @@ -78295,10 +90985,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2018b to 2021a cve-2021-45046: investigated: false affected_versions: [] @@ -78310,14 +91001,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot - notes: Spring Boot users are only affected by this vulnerability if they have - switched the default logging system to Log4J2 + - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ + notes: Use the program as normal, delete the Log4j 2 files in the program installation + if required, see advisory for instructions. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Spring Boot - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Thermo-Calc + product: Thermo-Calc cves: cve-2021-4104: investigated: false @@ -78325,10 +91016,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2018a and earlier cve-2021-45046: investigated: false affected_versions: [] @@ -78340,13 +91032,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot - notes: '' + - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ + notes: Use the program as normal references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: StarDog - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Thomson Reuters + product: HighQ Appliance cves: cve-2021-4104: investigated: false @@ -78354,8 +91046,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <3.5 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78369,13 +91062,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.stardog.com/t/stardog-7-8-1-available/3411 - notes: '' + - https://highqsolutions.zendesk.com + notes: Reported by vendor - Documentation is in vendor's client portal (login + required). This advisory is available to customer only and has not been reviewed + by CISA. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: STERIS - product: Advantage + last_updated: '2021-12-20T00:00:00' + - vendor: ThreatLocker + product: '' cves: cve-2021-4104: investigated: false @@ -78398,13 +91093,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://threatlocker.kb.help/log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Advantage Plus + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ThycoticCentrify + product: Account Lifecycle Manager cves: cve-2021-4104: investigated: false @@ -78412,10 +91107,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -78427,13 +91123,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO 2000 SERIES WASHER DISINFECTORS + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Cloud Suite cves: cve-2021-4104: investigated: false @@ -78441,10 +91137,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -78456,13 +91153,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO 3000 SERIES WASHER DISINFECTORS + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Connection Manager cves: cve-2021-4104: investigated: false @@ -78470,10 +91167,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -78485,13 +91183,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO 400 MEDIUM STEAM STERILIZER + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: DevOps Secrets Vault cves: cve-2021-4104: investigated: false @@ -78499,10 +91197,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -78514,13 +91213,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO 400 SMALL STEAM STERILIZERS + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Password Reset Server cves: cve-2021-4104: investigated: false @@ -78528,10 +91227,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -78543,13 +91243,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO 5000 SERIES WASHER DISINFECTORS + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Privilege Manager cves: cve-2021-4104: investigated: false @@ -78557,10 +91257,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -78572,13 +91273,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO 600 MEDIUM STEAM STERILIZER + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Privileged Behavior Analytics cves: cve-2021-4104: investigated: false @@ -78586,10 +91287,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -78601,13 +91303,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO 7000 SERIES WASHER DISINFECTORS + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Secret Server cves: cve-2021-4104: investigated: false @@ -78615,10 +91317,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -78630,13 +91333,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO CENTURY MEDIUM STEAM STERILIZER + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Server Suite cves: cve-2021-4104: investigated: false @@ -78644,10 +91347,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -78659,13 +91363,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO CENTURY SMALL STEAM STERILIZER + last_updated: '2021-12-10T00:00:00' + - vendor: Tibco + product: '' cves: cve-2021-4104: investigated: false @@ -78688,13 +91392,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.tibco.com/support/notices/2021/12/apache-log4j-vulnerability-update notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO EAGLE 3000 SERIES STAGE 3 STEAM STERILIZERS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Top Gun Technology (TGT) + product: '' cves: cve-2021-4104: investigated: false @@ -78717,13 +91421,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.topgun-tech.com/technical-bulletin-apache-software-log4j-security-vulnerability-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO EVOLUTION FLOOR LOADER STEAM STERILIZER + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: TopDesk + product: '' cves: cve-2021-4104: investigated: false @@ -78746,13 +91450,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://my.topdesk.com/tas/public/ssp/content/detail/knowledgeitem?unid=74952771dfab4b0794292e63b0409314 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: AMSCO EVOLUTION MEDIUM STEAM STERILIZER + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Topicus Security + product: Topicus KeyHub cves: cve-2021-4104: investigated: false @@ -78760,10 +91464,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -78775,13 +91480,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://blog.topicus-keyhub.com/topicus-keyhub-is-not-vulnerable-to-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Canexis 1.0 + last_updated: '2021-12-20T00:00:00' + - vendor: Topix + product: '' cves: cve-2021-4104: investigated: false @@ -78804,13 +91509,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.topix.de/de/technik/systemfreigaben.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: CELERITY HP INCUBATOR + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tosibox + product: '' cves: cve-2021-4104: investigated: false @@ -78833,13 +91538,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://helpdesk.tosibox.com/support/solutions/articles/2100050946-security-advisory-on-vulnerability-in-apache-log4j-library-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: CELERITY STEAM INCUBATOR + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: TPLink + product: Omega Controller cves: cve-2021-4104: investigated: false @@ -78847,8 +91552,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Linux/Windows(all) fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78862,13 +91568,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' + - https://www.tp-link.com/us/support/faq/3255 + notes: 'Update is Beta. Reddit: overwritten vulnerable log4j with 2.15 files as + potential workaround. Though that should now be done with 2.16' references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: CER Optima + - '[Tp Community Link](https://community.tp-link.com/en/business/forum/topic/514452),[Reddit + Link](https://www.reddit.com/r/TPLink_Omada/comments/rdzvlp/updating_the_sdn_to_protect_against_the_log4j)' + last_updated: '2021-12-15T00:00:00' + - vendor: TrendMicro + product: All cves: cve-2021-4104: investigated: false @@ -78891,13 +91599,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://success.trendmicro.com/solution/000289940 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Clarity Software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tricentis Tosca + product: '' cves: cve-2021-4104: investigated: false @@ -78920,42 +91628,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://support-hub.tricentis.com/open?number=NEW0001148&id=post notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Connect Software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tridium + product: '' cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' + - https://docs.niagara-community.com/bundle/TechBulletin2021/resource/Dec_13_2021_NiagaraNotExposed_Apache_log4j.pdf + notes: Document access requires authentication. CISA is not able to validate vulnerability + status. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: ConnectAssure Technology + last_updated: '2022-01-19T00:00:00' + - vendor: Trimble + product: eCognition cves: cve-2021-4104: investigated: false @@ -78963,8 +91672,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 10.2.0 Build 4618 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78977,14 +91687,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' + vendor_links: [] + notes: Remediation steps provided by Trimble references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: ConnectoHIS + last_updated: '2021-12-23T00:00:00' + - vendor: Tripp Lite + product: LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, + SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) cves: cve-2021-4104: investigated: false @@ -79007,13 +91717,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: CS-iQ Sterile Processing Workflow + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: PowerAlert Local (PAL) cves: cve-2021-4104: investigated: false @@ -79036,13 +91746,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 + vulnerability. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: DSD Edge + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: PowerAlert Network Management System (PANMS) cves: cve-2021-4104: investigated: false @@ -79065,13 +91776,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 + vulnerability. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: DSD-201, + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: PowerAlert Network Shutdown Agent (PANSA) cves: cve-2021-4104: investigated: false @@ -79094,13 +91806,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + notes: Some versions of PANSA use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 + vulnerability. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: EndoDry + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: PowerAlertElement Manager (PAEM) cves: cve-2021-4104: investigated: false @@ -79108,8 +91821,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.0.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -79123,13 +91837,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + notes: Tripp Lite will soon be issuing a patch in the form of PAEM 1.0.1 which + will contain a patched version of Log4j2 references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Endora + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: SNMPWEBCARD, SRCOOLNET, SRCOOLNET2 and devices with pre-installed or + embedded SNMPWEBCARD cves: cve-2021-4104: investigated: false @@ -79152,13 +91868,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Harmony iQ Integration Systems + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: TLNETCARD and associated software cves: cve-2021-4104: investigated: false @@ -79181,13 +91897,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Harmony iQ Perspectives Image Management System + last_updated: '2022-01-04T00:00:00' + - vendor: Tripwire + product: '' cves: cve-2021-4104: investigated: false @@ -79210,71 +91926,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: HexaVue - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: HexaVue Integration System - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.tripwire.com/log4j notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: IDSS Integration System + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: TrueNAS + product: '' cves: cve-2021-4104: investigated: false @@ -79297,13 +91955,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.truenas.com/community/threads/log4j-vulnerability.97359/post-672559 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RapidAER + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tufin + product: '' cves: cve-2021-4104: investigated: false @@ -79326,13 +91984,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://portal.tufin.com/articles/SecurityAdvisories/Apache-Log4Shell-Vulnerability-12-12-2021 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: ReadyTracker + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: TYPO3 + product: '' cves: cve-2021-4104: investigated: false @@ -79355,13 +92013,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://typo3.org/article/typo3-psa-2021-004 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RealView Visual Workflow Management System + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ubiquiti + product: UniFi Network Application cves: cve-2021-4104: investigated: false @@ -79369,8 +92027,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.5.53 & lower versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -79384,13 +92043,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RELIANCE 444 WASHER DISINFECTOR + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ubiquiti + product: UniFi Network Controller cves: cve-2021-4104: investigated: false @@ -79398,8 +92057,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.5.54 & lower versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -79413,13 +92073,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e notes: '' references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RELIANCE SYNERGY WASHER DISINFECTOR + - 6.5.54 is reported to still be vulnerable. 6.5.55 is the new recommendation + for mitigatin log4j vulnerabilities by updating to log4j 2.16.0 + last_updated: '2021-12-15T00:00:00' + - vendor: Ubuntu + product: '' cves: cve-2021-4104: investigated: false @@ -79442,13 +92103,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://ubuntu.com/security/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RELIANCE VISION 1300 SERIES CART AND UTENSIL WASHER DISINFECTORS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: UiPath + product: InSights cves: cve-2021-4104: investigated: false @@ -79456,8 +92117,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '20.10' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -79471,13 +92133,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.uipath.com/legal/trust-and-security/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RELIANCE VISION MULTI- CHAMBER WASHER DISINFECTOR + last_updated: '2021-12-15T00:00:00' + - vendor: Umbraco + product: '' cves: cve-2021-4104: investigated: false @@ -79500,13 +92162,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RELIANCE VISION SINGLE CHAMBER WASHER DISINFECTOR + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: UniFlow + product: '' cves: cve-2021-4104: investigated: false @@ -79529,13 +92191,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.uniflow.global/en/security/security-and-maintenance/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Renatron + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Unify ATOS + product: '' cves: cve-2021-4104: investigated: false @@ -79558,13 +92220,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://networks.unify.com/security/advisories/OBSO-2112-01.pdf notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: ScopeBuddy+ + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Unimus + product: '' cves: cve-2021-4104: investigated: false @@ -79587,13 +92249,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://forum.unimus.net/viewtopic.php?f=7&t=1390#top notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: SecureCare ProConnect Technical Support Services + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: USSIGNAL MSP + product: '' cves: cve-2021-4104: investigated: false @@ -79616,13 +92278,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://ussignal.com/blog/apache-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Situational Awareness for Everyone Display (S.A.F.E.) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Varian + product: Acuity cves: cve-2021-4104: investigated: false @@ -79631,7 +92293,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -79645,13 +92308,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: SPM Surgical Asset Tracking Software + - vendor: Varian + product: ARIA Connect (Cloverleaf) cves: cve-2021-4104: investigated: false @@ -79659,10 +92322,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -79674,13 +92338,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: SYSTEM 1 endo LIQUID CHEMICAL STERILANT PROCESSING SYSTEM + - vendor: Varian + product: ARIA eDOC cves: cve-2021-4104: investigated: false @@ -79688,10 +92352,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -79703,13 +92368,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: V-PRO 1 LOW TEMPERATURE STERILIZATION SYSTEM + - vendor: Varian + product: ARIA oncology information system for Medical Oncology cves: cve-2021-4104: investigated: false @@ -79717,10 +92382,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -79732,13 +92398,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: V-PRO 1 PLUS LOW TEMPERATURE STERILIZATION SYSTEM + - vendor: Varian + product: ARIA oncology information system for Radiation Oncology cves: cve-2021-4104: investigated: false @@ -79746,10 +92412,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -79761,13 +92428,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: V-PRO MAX 2 LOW TEMPERATURE STERILIZATION SYSTEM + - vendor: Varian + product: ARIA Radiation Therapy Management System (RTM) cves: cve-2021-4104: investigated: false @@ -79775,10 +92442,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -79790,13 +92458,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: V-PRO MAX LOW TEMPERATURE STERILIZATION SYSTEM + - vendor: Varian + product: Bravos Console cves: cve-2021-4104: investigated: false @@ -79804,10 +92472,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -79819,13 +92488,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: V-PRO S2 LOW TEMPERATURE STERILIZATION SYSTEM + - vendor: Varian + product: Clinac cves: cve-2021-4104: investigated: false @@ -79834,7 +92503,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -79848,13 +92518,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: VERIFY INCUBATOR FOR ASSERT SELF-CONTAINED BIOLOGICAL INDICATORS + - vendor: Varian + product: Cloud Planner cves: cve-2021-4104: investigated: false @@ -79862,10 +92532,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -79877,13 +92548,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Sterling Order IBM - product: '' + - vendor: Varian + product: DITC cves: cve-2021-4104: investigated: false @@ -79892,7 +92563,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -79906,13 +92578,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/support/pages/node/6525544 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Storagement - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: DoseLab cves: cve-2021-4104: investigated: false @@ -79920,10 +92592,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -79935,13 +92608,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.storagement.de/index.php?action=topicofthemonth&site=log4j + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: StormShield - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Eclipse treatment planning software cves: cve-2021-4104: investigated: false @@ -79949,10 +92622,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -79964,13 +92638,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.stormshield.com/news/log4shell-security-alert-stormshield-product-response/ + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: StrangeBee TheHive & Cortex - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: ePeerReview cves: cve-2021-4104: investigated: false @@ -79979,7 +92653,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -79993,13 +92668,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.strangebee.com/apache-log4j-cve-2021-44228/ + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Stratodesk - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Ethos cves: cve-2021-4104: investigated: false @@ -80007,10 +92682,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -80022,13 +92698,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://cdn.stratodesk.com/repository/notouch-center/10/4.5.231/0/ReleaseNotes-Stratodesk-NoTouch_Center-4.5.231.html + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Strimzi - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: FullScale oncology IT solutions cves: cve-2021-4104: investigated: false @@ -80037,7 +92713,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -80051,13 +92728,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://strimzi.io/blog/2021/12/14/strimzi-and-log4shell/ + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Stripe - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Halcyon system cves: cve-2021-4104: investigated: false @@ -80066,7 +92743,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -80080,13 +92758,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.stripe.com/questions/update-for-apache-log4j-vulnerability-(cve-2021-44228) + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Styra - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: ICAP cves: cve-2021-4104: investigated: false @@ -80094,10 +92772,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -80109,13 +92788,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.styra.com/blog/newest-log4j-security-vulnerability-cve-2021-44228-log4shell + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Sumologic - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Identify cves: cve-2021-4104: investigated: false @@ -80123,10 +92802,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -80138,13 +92818,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.google.com/document/d/e/2PACX-1vSdeODZ2E5k0aZgHm06OJWhDQWgtxxB0ZIrTsuQjg5xaoxlogmTVGdOWoSFtDlZBdHzY6ET6k6Sk-g1/pub + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SumoLogic - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Information Exchange Manager (IEM) cves: cve-2021-4104: investigated: false @@ -80152,10 +92832,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -80167,13 +92848,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.sumologic.com/Release-Notes/Collector-Release-Notes#december-11-2021-19-361-12 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Superna EYEGLASS - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: InSightive Analytics cves: cve-2021-4104: investigated: false @@ -80182,7 +92863,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -80196,13 +92878,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://manuals.supernaeyeglass.com/project-technical-advisories-all-products/HTML/technical-advisories.html#h2__1912345025 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Suprema Inc - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Large Integrated Oncology Network (LION) cves: cve-2021-4104: investigated: false @@ -80210,10 +92892,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -80225,13 +92908,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.supremainc.com/en/ + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SUSE - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Mobius3D platform cves: cve-2021-4104: investigated: false @@ -80239,10 +92922,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -80254,13 +92938,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.suse.com/c/suse-statement-on-log4j-log4shell-cve-2021-44228-vulnerability/ + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Sweepwidget - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: PaaS cves: cve-2021-4104: investigated: false @@ -80268,10 +92952,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -80283,13 +92968,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sweepwidget.com/view/23032-v9f40ns1/4zow83-23032 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Swyx - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: ProBeam cves: cve-2021-4104: investigated: false @@ -80297,10 +92982,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -80312,13 +92998,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://service.swyx.net/hc/de/articles/4412323539474 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Synchro MSP - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Qumulate cves: cve-2021-4104: investigated: false @@ -80326,10 +93012,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -80341,13 +93028,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.syncromsp.com/t/log4j-rce-cve-2021-4428/1350 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Syncplify - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Real-time Position Management (RPM) cves: cve-2021-4104: investigated: false @@ -80355,10 +93042,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -80370,13 +93058,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.syncplify.com/no-we-are-not-affected-by-log4j-vulnerability/ + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Synology - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Respiratory Gating for Scanners (RGSC) cves: cve-2021-4104: investigated: false @@ -80384,10 +93072,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -80399,13 +93088,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.synology.com/en-global/security/advisory/Synology_SA_21_30 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Synopsys - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: SmartConnect solution cves: cve-2021-4104: investigated: false @@ -80413,8 +93102,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -80428,13 +93118,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.synopsys.com/s/article/SIG-Security-Advisory-for-Apache-Log4J2-CVE-2021-44228 - notes: '' + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: 'See Knowledge Article: 000038850 on MyVarian' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Syntevo - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: SmartConnect solution Policy Server cves: cve-2021-4104: investigated: false @@ -80442,8 +93132,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -80457,13 +93148,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.syntevo.com/blog/?p=5240 - notes: '' + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: 'See Knowledge Articles: 000038831 and 000038832 on MyVarian' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SysAid - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: TrueBeam radiotherapy system cves: cve-2021-4104: investigated: false @@ -80471,10 +93162,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -80486,13 +93178,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sysaid.com/lp/important-update-regarding-apache-log4j + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Sysdig - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: UNIQUE system cves: cve-2021-4104: investigated: false @@ -80501,7 +93193,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -80515,13 +93208,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sysdig.com/blog/cve-critical-vulnerability-log4j/ + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tableau - product: Tableau Bridge + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Varian Authentication and Identity Server (VAIS) cves: cve-2021-4104: investigated: false @@ -80530,22 +93223,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 'The following versions and lower: 20214.21.1109.1748' - - 20213.21.1112.1434 - - 20212.21.0818.1843 - - 20211.21.0617.1133 - - 20204.21.0217.1203 - - 20203.20.0913.2112 - - 20202.20.0721.1350 - - 20201.20.0614.2321 - - 20194.20.0614.2307 - - 20193.20.0614.2306 - - 20192.19.0917.1648 - - 20191.19.0402.1911 - - 20183.19.0115.1143 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -80557,13 +93238,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Tableau - product: Tableau Desktop + - vendor: Varian + product: Varian Managed Services Cloud cves: cve-2021-4104: investigated: false @@ -80571,21 +93252,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: - - 'The following versions and lower: 2021.4' - - 2021.3.4 - - 2021.2.5 - - 2021.1.8 - - 2020.4.11 - - 2020.3.14 - - 2020.2.19 - - 2020.1.22 - - 2019.4.25 - - 2019.3.26 - - 2019.2.29 - - 2019.1.29 - - 2018.3.29 + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -80599,13 +93268,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Tableau - product: Tableau Prep Builder + - vendor: Varian + product: Varian Mobile App cves: cve-2021-4104: investigated: false @@ -80614,22 +93283,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 'The following versions and lower: 22021.4.1' - - 2021.3.2 - - 2021.2.2 - - 2021.1.4 - - 2020.4.1 - - 2020.3.3 - - 2020.2.3 - - 2020.1.5 - - 2019.4.2 - - 2019.3.2 - - 2019.2.3 - - 2019.1.4 - - 2018.3.3 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '2.0' + - '2.5' cve-2021-45046: investigated: false affected_versions: [] @@ -80641,13 +93299,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Tableau - product: Tableau Public Desktop Client + - vendor: Varian + product: VariSeed cves: cve-2021-4104: investigated: false @@ -80656,10 +93314,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 'The following versions and lower: 2021.4' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -80671,13 +93329,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Tableau - product: Tableau Reader + - vendor: Varian + product: Velocity cves: cve-2021-4104: investigated: false @@ -80686,10 +93344,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 'The following versions and lower: 2021.4' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -80701,13 +93359,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Tableau - product: Tableau Server + - vendor: Varian + product: VitalBeam radiotherapy system cves: cve-2021-4104: investigated: false @@ -80716,22 +93374,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 'The following versions and lower: 2021.4' - - 2021.3.4 - - 2021.2.5 - - 2021.1.8 - - 2020.4.11 - - 2020.3.14 - - 2020.2.19 - - 2020.1.22 - - 2019.4.25 - - 2019.3.26 - - 2019.2.29 - - 2019.1.29 - - 2018.3.29 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -80743,13 +93389,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Talend - product: '' + - vendor: Varian + product: Vitesse cves: cve-2021-4104: investigated: false @@ -80757,10 +93403,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -80772,13 +93419,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://jira.talendforge.org/browse/TCOMP-2054 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tanium - product: All + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: XMediusFax for ARIA oncology information system for Medical Oncology cves: cve-2021-4104: investigated: false @@ -80786,11 +93433,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] + investigated: false + affected_versions: + - All fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -80802,13 +93449,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tanium.my.salesforce.com/sfc/p/#60000000IYkG/a/7V000000PeT8/8C98AHl7wP5_lpUwp3qmY5sSdwXx6wG6LE4gPYlxO8c - notes: Tanium does not use Log4j. + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: TealiumIQ - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: XMediusFax for ARIA oncology information system for Radiation Oncology cves: cve-2021-4104: investigated: false @@ -80817,7 +93464,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -80831,12 +93479,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.tealiumiq.com/t5/Announcements-Blog/Update-on-Log4j-Security-Vulnerability/ba-p/36824 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: TeamPasswordManager + last_updated: '2021-12-22T00:00:00' + - vendor: VArmour product: '' cves: cve-2021-4104: @@ -80860,12 +93508,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://teampasswordmanager.com/blog/log4j-vulnerability/ + - https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Teamviewer + - vendor: Varnish Software product: '' cves: cve-2021-4104: @@ -80889,13 +93537,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.teamviewer.com/en/trust-center/security-bulletins/hotfix-log4j2-issue/ + - https://docs.varnish-software.com/security/CVE-2021-44228-45046/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tech Software - product: OneAegis (f/k/a IRBManager) + - vendor: Varonis + product: '' cves: cve-2021-4104: investigated: false @@ -80903,11 +93551,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -80919,13 +93566,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.techsoftware.com/hc/en-us/articles/4412825948179 - notes: OneAegis does not use Log4j. + - https://help.varonis.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Tech Software - product: SMART + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Veeam + product: '' cves: cve-2021-4104: investigated: false @@ -80933,11 +93580,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -80949,13 +93595,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.techsoftware.com/hc/en-us/articles/4412825948179 - notes: SMART does not use Log4j. + - https://www.veeam.com/kb4254 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Tech Software - product: Study Binders + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Venafi + product: '' cves: cve-2021-4104: investigated: false @@ -80963,11 +93609,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -80979,12 +93624,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.techsoftware.com/hc/en-us/articles/4412825948179 - notes: Study Binders does not use Log4j. + - https://support.venafi.com/hc/en-us/articles/4416213022733-Log4j-Zero-Day-Vulnerability-notice + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: TechSmith + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Veritas NetBackup product: '' cves: cve-2021-4104: @@ -81008,12 +93653,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.techsmith.com/hc/en-us/articles/4416620527885?input_string=log4j + - https://www.veritas.com/content/support/en_US/article.100052070 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Telestream + - vendor: Vertica product: '' cves: cve-2021-4104: @@ -81037,43 +93682,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://www.telestream.net/telestream-support/Apache-Log4j2-Bulletin.htm + - https://forum.vertica.com/discussion/242512/vertica-security-bulletin-a-potential-vulnerability-has-been-identified-apache-log4j-library-used notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tenable - product: Tenable.io / Nessus + last_updated: '2022-01-12T07:18:56+00:00' + - vendor: Video Insight Inc. + product: Video Insight cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.tenable.com/log4j - notes: None of Tenable’s products are running the version of Log4j vulnerable - to CVE-2021-44228 or CVE-2021-45046 at this time + - https://i-pro.com/eu/en/surveillance/news/i-pro-products-and-log4j-2x-vulnerability + notes: Video Insight is a part of Panasonic I-Pro. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Thales - product: CADP/SafeNet Protect App (PA) - JCE + last_updated: '2022-01-19T00:00:00' + - vendor: Viso Trust + product: '' cves: cve-2021-4104: investigated: false @@ -81096,13 +93741,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://blog.visotrust.com/viso-trust-statement-re-cve-2021-44228-log4j-a4b9b5767492 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Application Data Protection (CADP) – CAPI.net & Net Core + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: VMware + product: API Portal for VMware Tanzu cves: cve-2021-4104: investigated: false @@ -81110,8 +93755,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81125,13 +93771,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Batch Data Transformation (BDT) 2.3 + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: App Metrics cves: cve-2021-4104: investigated: false @@ -81139,8 +93785,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81154,13 +93801,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Cloud Key Manager (CCKM) Appliance + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: Healthwatch for Tanzu Application Service cves: cve-2021-4104: investigated: false @@ -81168,8 +93815,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.x + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81183,13 +93832,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Cloud Key Manager (CCKM) Embedded + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: Single Sign-On for VMware Tanzu Application Service cves: cve-2021-4104: investigated: false @@ -81197,8 +93846,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81212,13 +93862,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Database Protection + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: Spring Cloud Gateway for Kubernetes cves: cve-2021-4104: investigated: false @@ -81226,8 +93876,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81241,13 +93892,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Manager + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: Spring Cloud Gateway for VMware Tanzu cves: cve-2021-4104: investigated: false @@ -81255,8 +93906,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81270,13 +93922,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Transparent Encryption (CTE/VTE/CTE-U) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: Spring Cloud Services for VMware Tanzu cves: cve-2021-4104: investigated: false @@ -81284,8 +93936,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81299,13 +93952,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Vaulted Tokenization (CT-V) / SafeNet Tokenization Manager + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: vCenter Server - OVA cves: cve-2021-4104: investigated: false @@ -81313,8 +93966,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 7.x + - 6.7.x + - 6.5.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81328,13 +93984,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '[Workaround @ KB87081 (vmware.com)](https://kb.vmware.com/s/article/87081 + )' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust Vaultless Tokenization (CTS, CT-VL) + - vendor: VMware + product: vCenter Server - Windows cves: cve-2021-4104: investigated: false @@ -81342,8 +93999,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.7.x + - 6.5.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81357,13 +94016,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '[Workaround @ KB87096 (vmware.com)](https://kb.vmware.com/s/article/87096 + )' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: CipherTrust/SafeNet PDBCTL + - vendor: VMware + product: VMware Carbon Black Cloud Workload Appliance cves: cve-2021-4104: investigated: false @@ -81371,8 +94031,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81386,13 +94047,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Crypto Command Center (CCC) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Carbon Black EDR Server cves: cve-2021-4104: investigated: false @@ -81400,8 +94061,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 7.x + - 6.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81415,13 +94078,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Data Protection on Demand + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Cloud Foundation cves: cve-2021-4104: investigated: false @@ -81429,8 +94092,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.x + - 3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81444,13 +94109,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Data Security Manager (DSM) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware HCX cves: cve-2021-4104: investigated: false @@ -81458,8 +94123,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.x + - 3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81473,13 +94140,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: KeySecure + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Horizon cves: cve-2021-4104: investigated: false @@ -81487,8 +94154,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.x + - 7.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81502,13 +94171,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - - '' + - '[VMware KB 87073 (vmware.com)](https://kb.vmware.com/s/article/87073)' last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Luna EFT + - vendor: VMware + product: VMware Horizon Cloud Connector cves: cve-2021-4104: investigated: false @@ -81516,8 +94185,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.x + - 2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81531,13 +94202,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Luna Network, PCIe, Luna USB HSM and backup devices + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Horizon DaaS cves: cve-2021-4104: investigated: false @@ -81545,8 +94216,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 9.1.x + - 9.0.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81560,13 +94233,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Luna SP + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Identity Manager cves: cve-2021-4104: investigated: false @@ -81574,8 +94247,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81589,13 +94263,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: payShield Monitor + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware NSX-T Data Centern cves: cve-2021-4104: investigated: false @@ -81603,8 +94277,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.x + - 2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81618,13 +94294,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: ProtectServer HSMs + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Site Recovery Manager cves: cve-2021-4104: investigated: false @@ -81632,8 +94308,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81647,13 +94324,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet Authentication Client + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu Application Service for VMs cves: cve-2021-4104: investigated: false @@ -81661,8 +94338,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81676,13 +94354,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet eToken (all products) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu GemFire cves: cve-2021-4104: investigated: false @@ -81690,8 +94368,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 9.x + - 8.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81705,13 +94385,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet IDPrime Virtual + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu Greenplum cves: cve-2021-4104: investigated: false @@ -81719,8 +94399,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81734,13 +94415,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet IDPrime(all products) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu Kubernetes Grid Integrated Edition cves: cve-2021-4104: investigated: false @@ -81748,8 +94429,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81763,13 +94445,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet LUKS + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu Observability by Wavefront Nozzle cves: cve-2021-4104: investigated: false @@ -81777,8 +94459,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.x + - 2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81792,13 +94476,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet PKCS#11 and TDE + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu Operations Manager cves: cve-2021-4104: investigated: false @@ -81806,8 +94490,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81821,13 +94506,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet ProtectApp (PA) CAPI, .Net & Net Core + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu SQL with MySQL for VMs cves: cve-2021-4104: investigated: false @@ -81835,8 +94520,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.x + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81850,13 +94537,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet ProtectDB (PDB) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Telco Cloud Automation cves: cve-2021-4104: investigated: false @@ -81864,8 +94551,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.x + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81879,13 +94568,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Safenet ProtectFile and ProtectFile- Fuse + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Unified Access Gateway cves: cve-2021-4104: investigated: false @@ -81893,8 +94582,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 21.x + - 20.x + - 3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81908,13 +94600,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet ProtectV + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vCenter Cloud Gateway cves: cve-2021-4104: investigated: false @@ -81922,8 +94614,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81937,13 +94630,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet SQL EKM + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Automation cves: cve-2021-4104: investigated: false @@ -81951,8 +94644,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.x + - 7.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81966,13 +94661,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet Transform Utility (TU) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Lifecycle Manager cves: cve-2021-4104: investigated: false @@ -81980,8 +94675,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81995,13 +94691,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet Trusted Access (STA) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Log Insight cves: cve-2021-4104: investigated: false @@ -82009,8 +94705,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82024,13 +94721,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet Vaultless Tokenization + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Operations cves: cve-2021-4104: investigated: false @@ -82038,8 +94735,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82053,13 +94751,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SAS on Prem (SPE/PCE) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Operations Cloud Proxy cves: cve-2021-4104: investigated: false @@ -82067,8 +94765,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Any fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82082,13 +94781,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel Connect + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Orchestrator cves: cve-2021-4104: investigated: false @@ -82096,8 +94795,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 8.x + - 7.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82111,13 +94812,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel EMS Enterprise aaS + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Workspace ONE Access cves: cve-2021-4104: investigated: false @@ -82125,8 +94826,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 21.x + - 20.10.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82140,13 +94843,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel EMS Enterprise OnPremise + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Workspace ONE Access Connector (VMware Identity Manager Connector) cves: cve-2021-4104: investigated: false @@ -82154,8 +94857,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 21.x + - 20.10.x + - 19.03.0.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82169,42 +94875,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel Envelope + last_updated: '2021-12-12T00:00:00' + - vendor: VTScada + product: All cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://www.vtscada.com/vtscada-unaffected-by-log4j/ + notes: Java is not utilized within VTScada software, and thus our users are unaffected. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel ESDaaS + last_updated: '2022-01-17T00:00:00' + - vendor: Vyaire + product: '' cves: cve-2021-4104: investigated: false @@ -82227,13 +94934,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.vyaire.com/sites/us/files/2021-12/2021-12-15-product-security-bulletin-for-log4shell-vulnerability.pdf notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel HASP, Legacy dog, Maze, Hardlock + last_updated: '2021-12-22T00:00:00' + - vendor: WAGO + product: WAGO Smart Script cves: cve-2021-4104: investigated: false @@ -82241,9 +94948,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.2.x < 4.8.1.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -82256,13 +94964,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.wago.com/de/automatisierungstechnik/psirt#log4j notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel LDK EMS (LDK-EMS) + - vendor: Wallarm + product: All cves: cve-2021-4104: investigated: false @@ -82285,13 +94993,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://lab.wallarm.com/cve-2021-44228-mitigation-update/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel LDKaas (LDK-EMS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wallix + product: Access Manager cves: cve-2021-4104: investigated: false @@ -82299,9 +95007,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -82314,14 +95023,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://www.wallix.com/fr/support/alerts/ + notes: Customer Portal for patch found in advisory. This patch is available to + customer only and has not been reviewed by CISA. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel Professional Services components (both Thales hosted & hosted - on-premises by customers) + - vendor: Wasp Barcode technologies + product: All cves: cve-2021-4104: investigated: false @@ -82344,13 +95052,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel RMS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Watcher + product: All cves: cve-2021-4104: investigated: false @@ -82358,10 +95066,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -82373,13 +95082,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://twitter.com/felix_hrn/status/1470387338001977344 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel SCL + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: AuthPoint cves: cve-2021-4104: investigated: false @@ -82387,9 +95096,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -82402,13 +95112,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel Superdog, SuperPro, UltraPro, SHK + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Dimension cves: cve-2021-4104: investigated: false @@ -82416,10 +95126,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -82431,13 +95142,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel Up + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: EDPR and Panda AD360 cves: cve-2021-4104: investigated: false @@ -82445,10 +95156,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -82460,13 +95172,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Thales Data Platform (TDP)(DDC) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Firebox cves: cve-2021-4104: investigated: false @@ -82474,10 +95186,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -82489,13 +95202,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Thales payShield 10k + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: System Manager, Dimension, and Panda AD360 cves: cve-2021-4104: investigated: false @@ -82503,10 +95216,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -82518,13 +95232,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Thales payShield 9000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Threat Detection and Response cves: cve-2021-4104: investigated: false @@ -82532,9 +95246,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -82547,13 +95262,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Thales payShield Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Wi-Fi Cloud cves: cve-2021-4104: investigated: false @@ -82561,9 +95276,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -82576,13 +95292,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Vormetirc Key Manager (VKM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Western Digital + product: '' cves: cve-2021-4104: investigated: false @@ -82605,13 +95321,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Vormetric Application Encryption (VAE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WIBU Systems + product: CodeMeter Cloud Lite cves: cve-2021-4104: investigated: false @@ -82619,9 +95335,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2.2 and prior unaffected_versions: [] cve-2021-45046: investigated: false @@ -82634,13 +95351,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Vormetric Protection for Terradata Database (VPTD) + last_updated: '2021-12-22T00:00:00' + - vendor: WIBU Systems + product: CodeMeter Keyring for TIA Portal cves: cve-2021-4104: investigated: false @@ -82648,9 +95365,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.30 and prior unaffected_versions: [] cve-2021-45046: investigated: false @@ -82663,283 +95381,322 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf + notes: Only the Password Manager is affected references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Vormetric Tokenization Server (VTS) + last_updated: '2021-12-22T00:00:00' + - vendor: WildFly + product: All cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - < 22 + - '> 26.0.0.Final' + - '>= 22' + - <= 26.0.0.Beta1 cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thermo Fisher Scientific - product: '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS17 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://corporate.thermofisher.com/us/en/index/about/information-security/Protecting-Our-Products.html + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Thermo-Calc - product: Thermo-Calc + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS18 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 2022a + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal, Install the 2022a patch when available + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Thermo-Calc - product: Thermo-Calc + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS19 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 2021b + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Thermo-Calc - product: Thermo-Calc + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS21 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 2018b to 2021a + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal, delete the Log4j 2 files in the program installation - if required, see advisory for instructions. + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Thermo-Calc - product: Thermo-Calc + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wind River + product: WRL-6 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 2018a and earlier + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Thomson Reuters - product: HighQ Appliance + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-7 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true - affected_versions: - - <3.5 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://highqsolutions.zendesk.com - notes: Reported by vendor - Documentation is in vendor's client portal (login - required). This advisory is available to customer only and has not been reviewed - by CISA. + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: ThreatLocker - product: '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-8 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://threatlocker.kb.help/log4j-vulnerability/ - notes: '' + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ThycoticCentrify - product: Account Lifecycle Manager + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-9 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Cloud Suite + last_updated: '2022-01-21T00:00:00' + - vendor: WireShark + product: All cves: cve-2021-4104: investigated: false @@ -82951,7 +95708,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -82963,13 +95720,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://www.wireshark.org/news/20211215.html notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Connection Manager + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Wistia + product: All cves: cve-2021-4104: investigated: false @@ -82977,11 +95734,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -82993,13 +95749,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://status.wistia.com/incidents/jtg0dfl5l224 notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: DevOps Secrets Vault + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WitFoo + product: Precinct cves: cve-2021-4104: investigated: false @@ -83007,11 +95763,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - 6.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -83023,13 +95779,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md - notes: '' + - https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ + notes: WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See + advisory. references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Password Reset Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WordPress + product: All cves: cve-2021-4104: investigated: false @@ -83041,7 +95798,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -83053,13 +95810,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/ notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Privilege Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Worksphere + product: All cves: cve-2021-4104: investigated: false @@ -83067,11 +95824,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -83083,13 +95839,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Privileged Behavior Analytics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wowza + product: Streaming Engine cves: cve-2021-4104: investigated: false @@ -83099,9 +95855,10 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - 4.7.8 + - 4.8.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -83113,13 +95870,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Secret Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WSO2 + product: API Manager cves: cve-2021-4104: investigated: false @@ -83129,9 +95886,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '>= 3.0.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -83143,13 +95900,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Server Suite + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: API Manager Analytics cves: cve-2021-4104: investigated: false @@ -83159,9 +95916,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '>= 2.6.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -83173,13 +95930,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Tibco - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator cves: cve-2021-4104: investigated: false @@ -83187,9 +95944,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>= 6.1.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -83202,13 +95960,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.tibco.com/support/notices/2021/12/apache-log4j-vulnerability-update - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Top Gun Technology (TGT) - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator Analytics cves: cve-2021-4104: investigated: false @@ -83216,9 +95974,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>= 6.6.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -83231,13 +95990,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.topgun-tech.com/technical-bulletin-apache-software-log4j-security-vulnerability-cve-2021-44228/ - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: TopDesk - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server cves: cve-2021-4104: investigated: false @@ -83245,9 +96004,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>= 5.9.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -83260,13 +96020,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.topdesk.com/tas/public/ssp/content/detail/knowledgeitem?unid=74952771dfab4b0794292e63b0409314 - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Topicus Security - product: Topicus KeyHub + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server Analytics cves: cve-2021-4104: investigated: false @@ -83276,9 +96036,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '>= 5.7.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -83290,13 +96050,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.topicus-keyhub.com/topicus-keyhub-is-not-vulnerable-to-cve-2021-44228/ - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Topix - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server as Key Manager cves: cve-2021-4104: investigated: false @@ -83304,9 +96064,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>= 5.9.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -83319,13 +96080,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.topix.de/de/technik/systemfreigaben.html - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tosibox - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Gateway cves: cve-2021-4104: investigated: false @@ -83333,9 +96094,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>= 3.2.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -83348,13 +96110,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.tosibox.com/support/solutions/articles/2100050946-security-advisory-on-vulnerability-in-apache-log4j-library-cve-2021-44228 - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: TPLink - product: Omega Controller + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator cves: cve-2021-4104: investigated: false @@ -83363,9 +96125,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Linux/Windows(all) - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '>= 1.1.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -83378,15 +96140,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.tp-link.com/us/support/faq/3255 - notes: 'Update is Beta. Reddit: overwritten vulnerable log4j with 2.15 files as - potential workaround. Though that should now be done with 2.16' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - - '[Tp Community Link](https://community.tp-link.com/en/business/forum/topic/514452),[Reddit - Link](https://www.reddit.com/r/TPLink_Omada/comments/rdzvlp/updating_the_sdn_to_protect_against_the_log4j)' - last_updated: '2021-12-15T00:00:00' - - vendor: TrendMicro - product: All + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Dashboard cves: cve-2021-4104: investigated: false @@ -83394,9 +96154,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>= 4.0.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -83409,13 +96170,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.trendmicro.com/solution/000289940 - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tricentis Tosca - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Monitoring Dashboard cves: cve-2021-4104: investigated: false @@ -83423,9 +96184,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>= 1.0.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -83438,43 +96200,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support-hub.tricentis.com/open?number=NEW0001148&id=post - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tridium - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking AM cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: '' + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>= 2.0.0' unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.niagara-community.com/bundle/TechBulletin2021/resource/Dec_13_2021_NiagaraNotExposed_Apache_log4j.pdf - notes: Document access requires authentication. CISA is not able to validate vulnerability - status. + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-19T00:00:00' - - vendor: Trimble - product: eCognition + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking BI cves: cve-2021-4104: investigated: false @@ -83483,9 +96245,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 10.2.0 Build 4618 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '>= 1.3.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -83497,14 +96259,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: Remediation steps provided by Trimble + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Tripp Lite - product: LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, - SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking KM cves: cve-2021-4104: investigated: false @@ -83512,9 +96274,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>= 2.0.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -83527,13 +96290,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: PowerAlert Local (PAL) + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator cves: cve-2021-4104: investigated: false @@ -83541,9 +96304,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>= 1.0.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -83556,14 +96320,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 - vulnerability. + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: PowerAlert Network Management System (PANMS) + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator Tooling cves: cve-2021-4104: investigated: false @@ -83571,9 +96334,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>= 1.0.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -83586,14 +96350,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 - vulnerability. + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: PowerAlert Network Shutdown Agent (PANSA) + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Processor cves: cve-2021-4104: investigated: false @@ -83601,9 +96364,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>= 4.0.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -83616,14 +96380,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Some versions of PANSA use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 - vulnerability. + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: PowerAlertElement Manager (PAEM) + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: XCP-ng + product: All cves: cve-2021-4104: investigated: false @@ -83632,10 +96395,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.0.0 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -83647,15 +96410,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Tripp Lite will soon be issuing a patch in the form of PAEM 1.0.1 which - will contain a patched version of Log4j2 + - https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact + notes: '' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: SNMPWEBCARD, SRCOOLNET, SRCOOLNET2 and devices with pre-installed or - embedded SNMPWEBCARD + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: XenForo + product: '' cves: cve-2021-4104: investigated: false @@ -83678,13 +96439,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + - https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/ notes: '' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: TLNETCARD and associated software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: AltaLink Products cves: cve-2021-4104: investigated: false @@ -83692,10 +96453,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -83707,13 +96469,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripwire - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: CareAR cves: cve-2021-4104: investigated: false @@ -83721,10 +96483,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -83736,13 +96499,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.tripwire.com/log4j + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: TrueNAS - product: '' + - vendor: Xerox + product: ColorQube 8700 cves: cve-2021-4104: investigated: false @@ -83750,10 +96513,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -83765,13 +96529,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.truenas.com/community/threads/log4j-vulnerability.97359/post-672559 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tufin - product: '' + - vendor: Xerox + product: ColorQube 8870 cves: cve-2021-4104: investigated: false @@ -83779,10 +96543,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -83794,13 +96559,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.tufin.com/articles/SecurityAdvisories/Apache-Log4Shell-Vulnerability-12-12-2021 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: TYPO3 - product: '' + - vendor: Xerox + product: ColorQube 8880 cves: cve-2021-4104: investigated: false @@ -83808,10 +96573,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -83823,13 +96589,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://typo3.org/article/typo3-psa-2021-004 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ubiquiti - product: UniFi Network Application + - vendor: Xerox + product: ColorQube 9201 cves: cve-2021-4104: investigated: false @@ -83838,10 +96604,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.5.53 & lower versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -83853,13 +96619,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ubiquiti - product: UniFi Network Controller + - vendor: Xerox + product: ColorQube 9301 cves: cve-2021-4104: investigated: false @@ -83868,10 +96634,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.5.54 & lower versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -83883,14 +96649,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - - 6.5.54 is reported to still be vulnerable. 6.5.55 is the new recommendation - for mitigatin log4j vulnerabilities by updating to log4j 2.16.0 - last_updated: '2021-12-15T00:00:00' - - vendor: Ubuntu - product: '' + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: DocuCentre SC2020 cves: cve-2021-4104: investigated: false @@ -83898,10 +96663,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -83913,13 +96679,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ubuntu.com/security/CVE-2021-44228 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: UiPath - product: InSights + - vendor: Xerox + product: ElemX cves: cve-2021-4104: investigated: false @@ -83928,10 +96694,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '20.10' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -83943,13 +96709,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.uipath.com/legal/trust-and-security/cve-2021-44228 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Umbraco - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Core cves: cve-2021-4104: investigated: false @@ -83957,10 +96723,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -83972,13 +96739,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/ + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: UniFlow - product: '' + - vendor: Xerox + product: FreeFlow Express to Print cves: cve-2021-4104: investigated: false @@ -83986,10 +96753,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84001,13 +96769,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.uniflow.global/en/security/security-and-maintenance/ + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Unify ATOS - product: '' + - vendor: Xerox + product: FreeFlow Makeready cves: cve-2021-4104: investigated: false @@ -84015,10 +96783,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84030,13 +96799,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://networks.unify.com/security/advisories/OBSO-2112-01.pdf + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Unimus - product: '' + - vendor: Xerox + product: FreeFlow Output Manager cves: cve-2021-4104: investigated: false @@ -84044,10 +96813,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84059,13 +96829,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.unimus.net/viewtopic.php?f=7&t=1390#top + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: USSIGNAL MSP - product: '' + - vendor: Xerox + product: FreeFlow Print Manager - APP cves: cve-2021-4104: investigated: false @@ -84073,10 +96843,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84088,13 +96859,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ussignal.com/blog/apache-log4j-vulnerability + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Varian - product: Acuity + - vendor: Xerox + product: FreeFlow Variable Information Suite cves: cve-2021-4104: investigated: false @@ -84102,11 +96873,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84118,13 +96889,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ARIA Connect (Cloverleaf) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Nuvera EA Perfecting Production Systems cves: cve-2021-4104: investigated: false @@ -84136,7 +96907,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84148,13 +96919,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ARIA eDOC + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Nuvera EA Production Systems cves: cve-2021-4104: investigated: false @@ -84166,7 +96937,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84178,13 +96949,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ARIA oncology information system for Medical Oncology + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3300 cves: cve-2021-4104: investigated: false @@ -84196,7 +96967,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84208,13 +96979,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ARIA oncology information system for Radiation Oncology + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3320 cves: cve-2021-4104: investigated: false @@ -84226,7 +96997,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84238,13 +97009,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ARIA Radiation Therapy Management System (RTM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3330 cves: cve-2021-4104: investigated: false @@ -84256,7 +97027,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84268,13 +97039,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Bravos Console + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3435 cves: cve-2021-4104: investigated: false @@ -84286,7 +97057,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84298,13 +97069,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Clinac + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3600 cves: cve-2021-4104: investigated: false @@ -84312,11 +97083,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84328,13 +97099,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Cloud Planner + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3610 cves: cve-2021-4104: investigated: false @@ -84346,7 +97117,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84358,13 +97129,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: DITC + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3635 cves: cve-2021-4104: investigated: false @@ -84372,11 +97143,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84388,13 +97159,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: DoseLab + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 4510 cves: cve-2021-4104: investigated: false @@ -84406,7 +97177,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84418,13 +97189,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Eclipse treatment planning software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 4622 cves: cve-2021-4104: investigated: false @@ -84436,7 +97207,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84448,13 +97219,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ePeerReview + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6000 cves: cve-2021-4104: investigated: false @@ -84462,11 +97233,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84478,13 +97249,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Ethos + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6020 cves: cve-2021-4104: investigated: false @@ -84496,7 +97267,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84508,13 +97279,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: FullScale oncology IT solutions + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6022 cves: cve-2021-4104: investigated: false @@ -84522,11 +97293,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84538,13 +97309,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Halcyon system + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6280 cves: cve-2021-4104: investigated: false @@ -84552,11 +97323,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84568,13 +97339,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ICAP + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6510 cves: cve-2021-4104: investigated: false @@ -84586,7 +97357,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84598,13 +97369,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Identify + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6600 cves: cve-2021-4104: investigated: false @@ -84616,7 +97387,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84628,13 +97399,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Information Exchange Manager (IEM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6700 cves: cve-2021-4104: investigated: false @@ -84646,7 +97417,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84658,13 +97429,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: InSightive Analytics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 7800 cves: cve-2021-4104: investigated: false @@ -84672,11 +97443,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84688,13 +97459,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Large Integrated Oncology Network (LION) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 8860 cves: cve-2021-4104: investigated: false @@ -84706,7 +97477,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84718,13 +97489,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Mobius3D platform + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: PrimeLink Products cves: cve-2021-4104: investigated: false @@ -84736,7 +97507,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84748,13 +97519,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: PaaS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Versalink Products cves: cve-2021-4104: investigated: false @@ -84766,7 +97537,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84778,13 +97549,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ProBeam + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 33xx cves: cve-2021-4104: investigated: false @@ -84796,7 +97567,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84808,13 +97579,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Qumulate + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 3615 cves: cve-2021-4104: investigated: false @@ -84826,7 +97597,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84838,13 +97609,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Real-time Position Management (RPM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 4260 cves: cve-2021-4104: investigated: false @@ -84856,7 +97627,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84868,13 +97639,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Respiratory Gating for Scanners (RGSC) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 4265 cves: cve-2021-4104: investigated: false @@ -84886,7 +97657,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84898,13 +97669,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: SmartConnect solution + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5135 cves: cve-2021-4104: investigated: false @@ -84913,10 +97684,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84928,13 +97699,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: 'See Knowledge Article: 000038850 on MyVarian' + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: SmartConnect solution Policy Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5150 cves: cve-2021-4104: investigated: false @@ -84943,10 +97714,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84958,13 +97729,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: 'See Knowledge Articles: 000038831 and 000038832 on MyVarian' + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: TrueBeam radiotherapy system + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5225 cves: cve-2021-4104: investigated: false @@ -84976,7 +97747,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -84988,13 +97759,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: UNIQUE system + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5230 cves: cve-2021-4104: investigated: false @@ -85002,11 +97773,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85018,13 +97789,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Varian Authentication and Identity Server (VAIS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 53XX cves: cve-2021-4104: investigated: false @@ -85036,7 +97807,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85048,13 +97819,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Varian Managed Services Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5645 cves: cve-2021-4104: investigated: false @@ -85062,11 +97833,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85078,13 +97849,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Varian Mobile App + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5655 cves: cve-2021-4104: investigated: false @@ -85096,8 +97867,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '2.0' - - '2.5' + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85109,13 +97879,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: VariSeed + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5740 cves: cve-2021-4104: investigated: false @@ -85127,7 +97897,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85139,13 +97909,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Velocity + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5745 cves: cve-2021-4104: investigated: false @@ -85157,7 +97927,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85169,13 +97939,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: VitalBeam radiotherapy system + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5755 cves: cve-2021-4104: investigated: false @@ -85187,7 +97957,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85199,13 +97969,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Vitesse + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5765 cves: cve-2021-4104: investigated: false @@ -85217,7 +97987,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85229,13 +97999,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: XMediusFax for ARIA oncology information system for Medical Oncology + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 58XX cves: cve-2021-4104: investigated: false @@ -85243,11 +98013,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85259,13 +98029,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: XMediusFax for ARIA oncology information system for Radiation Oncology + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5945 cves: cve-2021-4104: investigated: false @@ -85273,11 +98043,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85289,13 +98059,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: VArmour - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5955 cves: cve-2021-4104: investigated: false @@ -85303,10 +98073,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85318,13 +98089,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Varnish Software - product: '' + - vendor: Xerox + product: WorkCentre 6025 cves: cve-2021-4104: investigated: false @@ -85332,10 +98103,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85347,13 +98119,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.varnish-software.com/security/CVE-2021-44228-45046/ + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Varonis - product: '' + - vendor: Xerox + product: WorkCentre 6400 cves: cve-2021-4104: investigated: false @@ -85361,10 +98133,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85376,13 +98149,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.varonis.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-CVE-2021-44228 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Veeam - product: '' + - vendor: Xerox + product: WorkCentre 6515 cves: cve-2021-4104: investigated: false @@ -85390,10 +98163,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85405,13 +98179,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.veeam.com/kb4254 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Venafi - product: '' + - vendor: Xerox + product: WorkCentre 6605 cves: cve-2021-4104: investigated: false @@ -85419,10 +98193,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85434,13 +98209,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.venafi.com/hc/en-us/articles/4416213022733-Log4j-Zero-Day-Vulnerability-notice + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Veritas NetBackup - product: '' + - vendor: Xerox + product: WorkCentre 6655 cves: cve-2021-4104: investigated: false @@ -85448,10 +98223,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85463,13 +98239,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.veritas.com/content/support/en_US/article.100052070 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Vertica - product: '' + - vendor: Xerox + product: WorkCentre 7425 cves: cve-2021-4104: investigated: false @@ -85477,10 +98253,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85492,16 +98269,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.vertica.com/discussion/242512/vertica-security-bulletin-a-potential-vulnerability-has-been-identified-apache-log4j-library-used + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Video Insight Inc. - product: Video Insight + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7435 cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -85510,25 +98287,25 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://i-pro.com/eu/en/surveillance/news/i-pro-products-and-log4j-2x-vulnerability - notes: Video Insight is a part of Panasonic I-Pro. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-19T00:00:00' - - vendor: Viso Trust - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7525 cves: cve-2021-4104: investigated: false @@ -85536,10 +98313,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85551,13 +98329,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.visotrust.com/viso-trust-statement-re-cve-2021-44228-log4j-a4b9b5767492 + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: VMware - product: API Portal for VMware Tanzu + - vendor: Xerox + product: WorkCentre 7535 cves: cve-2021-4104: investigated: false @@ -85566,10 +98344,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85581,13 +98359,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: App Metrics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7556 cves: cve-2021-4104: investigated: false @@ -85596,10 +98374,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85611,13 +98389,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: Healthwatch for Tanzu Application Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7830 cves: cve-2021-4104: investigated: false @@ -85626,11 +98404,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85642,13 +98419,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: Single Sign-On for VMware Tanzu Application Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7835 cves: cve-2021-4104: investigated: false @@ -85657,10 +98434,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85672,13 +98449,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: Spring Cloud Gateway for Kubernetes + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7855 cves: cve-2021-4104: investigated: false @@ -85687,10 +98464,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85702,13 +98479,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: Spring Cloud Gateway for VMware Tanzu + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7970i cves: cve-2021-4104: investigated: false @@ -85717,10 +98494,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85732,13 +98509,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: Spring Cloud Services for VMware Tanzu + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre ECXX cves: cve-2021-4104: investigated: false @@ -85747,10 +98524,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85762,13 +98539,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: vCenter Server - OVA + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Account Payable Services cves: cve-2021-4104: investigated: false @@ -85777,12 +98554,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 7.x - - 6.7.x - - 6.5.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85794,14 +98569,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '[Workaround @ KB87081 (vmware.com)](https://kb.vmware.com/s/article/87081 - )' + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: VMware - product: vCenter Server - Windows + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox App Gallery cves: cve-2021-4104: investigated: false @@ -85810,11 +98584,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.7.x - - 6.5.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85826,14 +98599,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '[Workaround @ KB87096 (vmware.com)](https://kb.vmware.com/s/article/87096 - )' + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: VMware - product: VMware Carbon Black Cloud Workload Appliance + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B1022/25 cves: cve-2021-4104: investigated: false @@ -85842,10 +98614,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85857,13 +98629,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Carbon Black EDR Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B225 cves: cve-2021-4104: investigated: false @@ -85872,11 +98644,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 7.x - - 6.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85888,13 +98659,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Cloud Foundation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B230 cves: cve-2021-4104: investigated: false @@ -85903,11 +98674,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.x - - 3.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85919,13 +98689,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware HCX + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B235 cves: cve-2021-4104: investigated: false @@ -85934,11 +98704,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.x - - 3.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85950,13 +98719,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Horizon + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B310 cves: cve-2021-4104: investigated: false @@ -85965,11 +98734,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x - - 7.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85981,13 +98749,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - - '[VMware KB 87073 (vmware.com)](https://kb.vmware.com/s/article/87073)' - last_updated: '2021-12-17T00:00:00' - - vendor: VMware - product: VMware Horizon Cloud Connector + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Baltoro HF Inkjet Press cves: cve-2021-4104: investigated: false @@ -85996,11 +98764,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x - - 2.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86012,13 +98779,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Horizon DaaS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Branded ConnectKey Applications cves: cve-2021-4104: investigated: false @@ -86027,11 +98794,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 9.1.x - - 9.0.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86043,13 +98809,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Identity Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C230 cves: cve-2021-4104: investigated: false @@ -86058,10 +98824,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.3.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86073,13 +98839,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware NSX-T Data Centern + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C235 cves: cve-2021-4104: investigated: false @@ -86088,11 +98854,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.x - - 2.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86104,13 +98869,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Site Recovery Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C310 cves: cve-2021-4104: investigated: false @@ -86119,10 +98884,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86134,13 +98899,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu Application Service for VMs + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Campaigns on Demand cves: cve-2021-4104: investigated: false @@ -86149,10 +98914,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86164,13 +98929,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu GemFire + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Color EC70 Printer cves: cve-2021-4104: investigated: false @@ -86179,11 +98944,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 9.x - - 8.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86195,13 +98959,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu Greenplum + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D110 cves: cve-2021-4104: investigated: false @@ -86210,10 +98974,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86225,13 +98989,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu Kubernetes Grid Integrated Edition + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D125 cves: cve-2021-4104: investigated: false @@ -86240,10 +99004,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86255,13 +99019,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu Observability by Wavefront Nozzle + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D95A cves: cve-2021-4104: investigated: false @@ -86270,11 +99034,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.x - - 2.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86286,13 +99049,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu Operations Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Digital Mailroom Services cves: cve-2021-4104: investigated: false @@ -86301,10 +99064,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86316,13 +99079,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu SQL with MySQL for VMs + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ECXX cves: cve-2021-4104: investigated: false @@ -86331,11 +99094,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86347,13 +99109,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Telco Cloud Automation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ED125 cves: cve-2021-4104: investigated: false @@ -86362,11 +99124,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86378,13 +99139,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Unified Access Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ED95A cves: cve-2021-4104: investigated: false @@ -86393,12 +99154,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 21.x - - 20.x - - 3.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86410,13 +99169,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vCenter Cloud Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox iGen 5 cves: cve-2021-4104: investigated: false @@ -86425,10 +99184,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86440,13 +99199,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Automation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Instant Print Kiosk cves: cve-2021-4104: investigated: false @@ -86455,11 +99214,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x - - 7.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86471,13 +99229,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Lifecycle Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Intelligent Workplace Services (All Including XDM, XDA, CWW) cves: cve-2021-4104: investigated: false @@ -86486,10 +99244,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86501,13 +99259,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Log Insight + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Iridesse Production Press cves: cve-2021-4104: investigated: false @@ -86516,10 +99274,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86531,13 +99289,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Operations + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox J75 cves: cve-2021-4104: investigated: false @@ -86546,10 +99304,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86561,13 +99319,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Operations Cloud Proxy + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Print and Scan Experience cves: cve-2021-4104: investigated: false @@ -86576,10 +99334,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Any + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86591,13 +99349,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Orchestrator + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Team Availability Application cves: cve-2021-4104: investigated: false @@ -86606,11 +99364,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x - - 7.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86622,13 +99379,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Workspace ONE Access + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 180 cves: cve-2021-4104: investigated: false @@ -86637,11 +99394,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 21.x - - 20.10.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86653,13 +99409,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Workspace ONE Access Connector (VMware Identity Manager Connector) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 280 cves: cve-2021-4104: investigated: false @@ -86668,12 +99424,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 21.x - - 20.10.x - - 19.03.0.1 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86685,16 +99439,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VTScada - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 3100 cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -86703,25 +99457,25 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vtscada.com/vtscada-unaffected-by-log4j/ - notes: Java is not utilized within VTScada software, and thus our users are unaffected. + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Vyaire - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 4100 cves: cve-2021-4104: investigated: false @@ -86729,10 +99483,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86744,13 +99499,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vyaire.com/sites/us/files/2021-12/2021-12-15-product-security-bulletin-for-log4shell-vulnerability.pdf + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: WAGO - product: WAGO Smart Script + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workflow Central Platform cves: cve-2021-4104: investigated: false @@ -86759,10 +99514,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.2.x < 4.8.1.3 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86774,13 +99529,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.wago.com/de/automatisierungstechnik/psirt#log4j + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Wallarm - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workplace Kiosk cves: cve-2021-4104: investigated: false @@ -86788,10 +99543,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86803,13 +99559,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://lab.wallarm.com/cve-2021-44228-mitigation-update/ + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Wasp Barcode technologies - product: '' + - vendor: Xerox + product: Xerox Workplace Suite cves: cve-2021-4104: investigated: false @@ -86817,10 +99573,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86832,13 +99589,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: WatchGuard - product: Secplicity + - vendor: Xerox + product: Xerox Workspace Cloud cves: cve-2021-4104: investigated: false @@ -86846,10 +99603,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86861,13 +99619,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/ + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Western Digital - product: '' + - vendor: Xerox + product: XMPie Data-Driven Print and VDP cves: cve-2021-4104: investigated: false @@ -86875,10 +99633,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86890,13 +99649,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: WIBU Systems - product: CodeMeter Cloud Lite + - vendor: Xerox + product: XMPie Omnichannel Communications cves: cve-2021-4104: investigated: false @@ -86905,10 +99664,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.2 and prior + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86920,13 +99679,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: WIBU Systems - product: CodeMeter Keyring for TIA Portal + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: XMPie Web to Print cves: cve-2021-4104: investigated: false @@ -86935,10 +99694,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.30 and prior + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86950,286 +99709,245 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf - notes: Only the Password Manager is affected + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Wind River - product: LTS17 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: XPertDoc + product: '' cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + - https://kb.xpertdoc.com/pages/viewpage.action?pageId=87622727 notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: Wind River - product: LTS18 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: XPLG + product: '' cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + - https://www.xplg.com/log4j-vulnerability-exploit-log4shell-xplg-secure/ notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: Wind River - product: LTS19 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: XWIKI + product: '' cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + - https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-zero-day-vulnerability/9557 notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: Wind River - product: LTS21 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xylem + product: Aquatalk cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Wind River - product: WRL-6 + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Avensor cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 - and JMSAppender components, however, JMSAppender is deactivated in the release - package and not affected by CVE-2021-4104 customers are advised to NOT manually - activate the JMSAppender component. + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: Wind River - product: WRL-7 + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Configuration change complete cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 - and JMSAppender components, however, JMSAppender is deactivated in the release - package and not affected by CVE-2021-4104 customers are advised to NOT manually - activate the JMSAppender component. + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: Wind River - product: WRL-8 + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus Analytics cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 - and JMSAppender components, however, JMSAppender is deactivated in the release - package and not affected by CVE-2021-4104 customers are advised to NOT manually - activate the JMSAppender component. + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: Wind River - product: WRL-9 + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus Automation Control Configuration change complete cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: WireShark - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus Cathodic Protection Mitigation in process Mitigation in process cves: cve-2021-4104: investigated: false @@ -87252,13 +99970,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://gitlab.com/wireshark/wireshark/-/issues/17783 + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Wistia - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus FieldLogic LogServer cves: cve-2021-4104: investigated: false @@ -87281,13 +99999,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.wistia.com/incidents/jtg0dfl5l224 + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: WitFoo - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus Lighting Control cves: cve-2021-4104: investigated: false @@ -87310,13 +100028,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: WordPress - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus NetMetrics Configuration change complete cves: cve-2021-4104: investigated: false @@ -87339,13 +100057,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/ + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Worksphere - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus RNI On Prem cves: cve-2021-4104: investigated: false @@ -87353,8 +100071,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.7 through 4.10 + - 4.4 through 4.6 + - '4.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -87368,13 +100089,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228 + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Wowza - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus RNI Saas cves: cve-2021-4104: investigated: false @@ -87382,8 +100103,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.7 through 4.10 + - 4.4 through 4.6 + - '4.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -87397,13 +100121,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: WSO2 - product: WSO2 Enterprise Integrator + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus SCS cves: cve-2021-4104: investigated: false @@ -87411,9 +100135,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 6.1.0 and above + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -87427,13 +100150,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: XCP-ng - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Smart Irrigation cves: cve-2021-4104: investigated: false @@ -87456,13 +100179,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: XenForo - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Water Loss Management (Visenti) cves: cve-2021-4104: investigated: false @@ -87485,13 +100208,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/ + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Xerox - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Xylem Cloud cves: cve-2021-4104: investigated: false @@ -87514,13 +100237,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://securitydocs.business.xerox.com/wp-content/uploads/2021/12/Xerox-Special-Bulletin-XRX21-021-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.6.pdf + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: XPertDoc - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Xylem Edge Gateway (xGW) cves: cve-2021-4104: investigated: false @@ -87543,12 +100266,46 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.xpertdoc.com/pages/viewpage.action?pageId=87622727 + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Yahoo + product: Vespa + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://blog.vespa.ai/log4j-vulnerability/ + notes: Your Vespa application may still be affected if log4j is included in your + application package. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: XPLG + - vendor: Yellowbrick product: '' cves: cve-2021-4104: @@ -87572,13 +100329,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xplg.com/log4j-vulnerability-exploit-log4shell-xplg-secure/ + - https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: XWIKI - product: '' + - vendor: YellowFin + product: All cves: cve-2021-4104: investigated: false @@ -87586,10 +100343,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 8.0.10.3, 9.7.0.2 + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 + notes: v7 and v6 releases are not affected unless you have manually upgraded to + Log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Yenlo + product: Connext + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 2.x cve-2021-45046: investigated: false affected_versions: [] @@ -87601,13 +100390,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-zero-day-vulnerability/9557 - notes: '' + - https://www.yenlo.com/news/vulnerability-code-log4shell-log4j2/ + notes: Connext Platform (Managed WSO2 Cloud) and all underlying middleware components + are not vulnerable. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Xylem - product: Aquatalk + - vendor: YOKOGAWA + product: CENTUM VP cves: cve-2021-4104: investigated: false @@ -87630,13 +100420,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf - notes: '' + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier. references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Avensor + - vendor: YOKOGAWA + product: CENTUM VP (other components) cves: cve-2021-4104: investigated: false @@ -87644,10 +100434,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87659,13 +100450,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf - notes: '' + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier is + still under investigation. references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Configuration change complete + - vendor: YOKOGAWA + product: CI Server cves: cve-2021-4104: investigated: false @@ -87673,10 +100465,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87688,13 +100481,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus Analytics + - vendor: YOKOGAWA + product: Exaopc cves: cve-2021-4104: investigated: false @@ -87702,10 +100495,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87717,13 +100511,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus Automation Control Configuration change complete + - vendor: YOKOGAWA + product: Exaplog cves: cve-2021-4104: investigated: false @@ -87731,10 +100525,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87746,13 +100541,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus Cathodic Protection Mitigation in process Mitigation in process + - vendor: YOKOGAWA + product: Exaquantum cves: cve-2021-4104: investigated: false @@ -87760,10 +100555,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87775,13 +100571,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus FieldLogic LogServer + - vendor: YOKOGAWA + product: FAST/TOOLS cves: cve-2021-4104: investigated: false @@ -87789,10 +100585,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87804,13 +100601,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus Lighting Control + - vendor: YOKOGAWA + product: PRM cves: cve-2021-4104: investigated: false @@ -87818,10 +100615,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87833,13 +100631,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus NetMetrics Configuration change complete + - vendor: YOKOGAWA + product: ProSafe-RS cves: cve-2021-4104: investigated: false @@ -87847,10 +100645,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87862,13 +100661,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus RNI On Prem + - vendor: YOKOGAWA + product: ProSafe-RS Lite cves: cve-2021-4104: investigated: false @@ -87877,12 +100676,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.7 through 4.10 - - 4.4 through 4.6 - - '4.2' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87894,13 +100691,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus RNI Saas + - vendor: YOKOGAWA + product: STARDOM cves: cve-2021-4104: investigated: false @@ -87909,12 +100706,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.7 through 4.10 - - 4.4 through 4.6 - - '4.2' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87926,13 +100721,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus SCS + - vendor: YOKOGAWA + product: VTSPortal cves: cve-2021-4104: investigated: false @@ -87940,10 +100735,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87955,13 +100751,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Smart Irrigation + - vendor: YSoft + product: SAFEQ 4 cves: cve-2021-4104: investigated: false @@ -87969,10 +100765,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87984,13 +100781,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Water Loss Management (Visenti) + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 5 cves: cve-2021-4104: investigated: false @@ -87998,10 +100795,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 6 + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - <=6.0.63 + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -88013,13 +100842,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Xylem Cloud + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Zabbix + product: '' cves: cve-2021-4104: investigated: false @@ -88042,13 +100871,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://blog.zabbix.com/zabbix-not-affected-by-the-log4j-exploit/17873/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Xylem Edge Gateway (xGW) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ZAMMAD + product: '' cves: cve-2021-4104: investigated: false @@ -88071,12 +100900,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Yellowbrick + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Zaproxy product: '' cves: cve-2021-4104: @@ -88100,12 +100929,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability + - https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: YellowFin + - vendor: Zebra product: '' cves: cve-2021-4104: @@ -88129,23 +100958,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 + - https://www.zebra.com/us/en/support-downloads/lifeguard-security/cve-2021-442280-dubbed-log4shell-or-logjam-vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: YOKOGAWA - product: '' + - vendor: Zeiss + product: Cataract Suite cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -88158,23 +100989,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ - notes: '' + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: YSoft SAFEQ - product: '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: EQ Workplace cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.6, 1.8 unaffected_versions: [] cve-2021-45046: investigated: false @@ -88187,23 +101020,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf - notes: '' + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Zabbix - product: '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: FORUM cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.2.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -88216,23 +101051,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.zabbix.com/zabbix-not-affected-by-the-log4j-exploit/17873/ - notes: '' + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ZAMMAD - product: '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Glaucoma Workplace cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.5.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -88245,23 +101082,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256 - notes: '' + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Zaproxy - product: '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Laser Treatment Workplace cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -88274,23 +101113,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/ - notes: '' + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Zebra - product: '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Retina Workplace cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2.5.x, 2.6.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -88303,11 +101144,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.zebra.com/us/en/support-downloads/lifeguard-security/cve-2021-442280-dubbed-log4shell-or-logjam-vulnerability.html - notes: '' + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-02-01T00:00:00' - vendor: Zendesk product: All Products cves: @@ -88400,34 +101241,137 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Zerto - product: '' + product: Cloud Appliance cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://help.zerto.com/kb/000004822 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Cloud Manager + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zerto.com/kb/000004822 + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Virtual Manager + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zerto.com/kb/000004822 + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Virtual Replication Appliance + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zerto.com/kb/000004822 + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' - vendor: Zesty product: '' cves: @@ -88515,29 +101459,66 @@ software: references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: Zoom - product: '' + - vendor: Zoho + product: Online cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zoho.com/portal/en/community/topic/update-on-the-recent-apache-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zoom + product: '' + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' vendor_links: - https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache notes: '' @@ -88632,13 +101613,80 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zyxel - product: Security Firewall/Gateways + product: All other products cves: cve-2021-4104: - investigated: false + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Zyxel + product: Netlas Element Management System (EMS) + cves: + cve-2021-4104: + investigated: true affected_versions: [] fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability + notes: Hotfix availibility Dec. 20 2021. Patch availability in end of Feb. 2022. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Zyxel + product: Security Firewall/Gateways + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] @@ -88647,15 +101695,17 @@ software: - ZLD Firmware Security Services - Nebula cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability notes: '' diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index f569214..17499a2 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -475,6 +475,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Advanced Micro Devices (AMD) + product: All + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' - vendor: Advanced Systems Concepts (formally Jscape) product: Active MFT cves: diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 5cb247d..8368b2e 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -216,10 +216,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -235,7 +236,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software cves: @@ -245,9 +246,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -264,7 +266,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Outlook® Safety Infusion System Pump family cves: @@ -274,10 +276,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -293,7 +296,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Pinnacle® Compounder cves: @@ -303,10 +306,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -322,7 +326,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Pump, SpaceStation, and Space® Wireless Battery) cves: @@ -332,10 +336,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -351,7 +356,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® Space® Infusion @@ -362,10 +367,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -381,7 +387,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BD product: Arctic Sun™ Analytics cves: @@ -760,7 +766,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Beckman Coulter - product: '' + product: Access 2 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -768,10 +774,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T 5diff (Hematology) + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -787,7 +824,2018 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T Family (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU2700 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU480 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5400 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5800 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU640 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU680 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1200 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1250 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2500 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2550 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 Fit (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 500 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 520 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 560 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 600 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 690T (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 800 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 900 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS II (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM Autoplak (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1040 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1096 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Command Central (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Customers can follow instructions to remove log4j + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Insights (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Patch has been applied. + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Inventory Manager (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Workflow Manager (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxU Workcell (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUc (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUm (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HighFlexX Software (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX AL (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iChemVELOCITY (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: IMMAGE 800 (Nephelometry) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Intelligent Sample Banking ISB (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ipaw (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ Workcell (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ200 (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iRICELL (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LabPro Workstation and Database Computers Provided by Beckman Coulter + (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: The only known instance of vulnerability due to Log4J is using Axeda services + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH 500 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidemaker (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidestraine (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH750 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH780 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH785 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: MicroScan autoSCAN-4 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7300 (Blood Bank) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7400 (Blood Bank) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Express (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Link (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Processor (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PROService (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: RAP Box (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: REMISOL ADVANCE (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Sorting Drive (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 600 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 800 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 600 (Immunoassay System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 800 (Immunoassay System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 plus (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 SI (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 plus (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 SI (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' - vendor: Beijer Electronics product: acirro+ cves: diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index 696782e..ab59ef7 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -121,7 +121,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: Alphenix (Angio Workstation) + product: Canon DR Products CXDI_NE) cves: cve-2021-4104: investigated: false @@ -129,10 +129,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -145,10 +146,10 @@ software: unaffected_versions: [] vendor_links: - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability - notes: '' + notes: Such as Omnera, FlexPro, Soltus references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: CT Medical Imaging Products cves: @@ -158,10 +159,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -177,9 +179,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: Infinix-i (Angio Workstation) + product: Eye-Care Products cves: cve-2021-4104: investigated: false @@ -187,10 +189,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -206,7 +209,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: MR Medical Imaging Products cves: @@ -216,10 +219,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -235,7 +239,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: NM Medical Imaging Products cves: @@ -245,10 +249,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -264,7 +269,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: UL Medical Imaging Products cves: @@ -274,10 +279,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -293,7 +299,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: Vitrea Advanced 7.x cves: @@ -303,10 +309,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: VL Alphenix Angio Workstation (AWS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -322,9 +359,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: XR Medical Imaging Products + product: VL Infinix-i Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -332,10 +369,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: XR Medical Imaging Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -351,7 +419,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: CapStorm product: Copystorm cves: diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index f8738da..3bd65f6 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -89,8 +89,8 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: 'DWP-1000: Not present in our codebase, but awaiting confirmation from - LG re: webOS platform.' + notes: DWP-1000 is not present in our codebase, but awaiting confirmation from + LG re webOS platform. references: - '' last_updated: '2022-01-06T00:00:00' @@ -244,8 +244,8 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: 'DMS Web Player: Not present in our codebase, but awaiting confirmation - from LG re: webOS platform.' + notes: DMS Web Player not present in our codebase, but awaiting confirmation from + LG re webOS platform. references: - '' last_updated: '2022-01-06T00:00:00' @@ -588,7 +588,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: DarkTrace - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -612,12 +612,13 @@ software: unaffected_versions: [] vendor_links: - https://customerportal.darktrace.com/inside-the-soc/get-article/201 - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dassault Systèmes - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -641,12 +642,13 @@ software: unaffected_versions: [] vendor_links: - https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Databricks - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -678,10 +680,11 @@ software: product: Datadog Agent cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] @@ -703,12 +706,75 @@ software: unaffected_versions: [] vendor_links: - https://www.datadoghq.com/log4j-vulnerability/ - notes: '' + notes: JMX monitoring component leverages an impacted version of log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datadog + product: datadog-kafka-connect-logs + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 1.0.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.datadoghq.com/log4j-vulnerability/ + notes: Version 1.0.2 of the library uses version 2.16.0 of Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datadog + product: datadog-lambda-java + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 1.0.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.datadoghq.com/log4j-vulnerability/ + notes: Following AWS recommendation, library updated using the latest version + of amazon-lambda-java-log4j2 (1.4.0). references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dataminer - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -766,7 +832,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Datto - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -794,8 +860,41 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: DBeaver + product: All + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dcache.org/post/log4j-vulnerability/ + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: dCache.org - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -824,18 +923,20 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Debian - product: '' + product: Apache-log4j.1.2 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - stretch, buster, bullseye cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - stretch, buster, bullseye cve-2021-45046: investigated: false affected_versions: [] @@ -852,19 +953,21 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Deepinstinct - product: '' + - vendor: Debian + product: Apache-log4j2 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - stretch, buster, bullseye cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - stretch, buster, bullseye cve-2021-45046: investigated: false affected_versions: [] @@ -876,55 +979,191 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-what-you-need-to-know + - https://security-tracker.debian.org/tracker/CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Dell - product: '"Dell EMC PowerMax VMAX VMAX3 and VMAX AFA"' + - vendor: Decos + product: Cloud cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: '"Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC"' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: EvenementenAssistent + InkomensAssistent + Leerlingenvervoer + AIM online cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: Fixi + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: Integrations (StUF/ZGW/Doclogic-DataIntegrator) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: JOIN Klant Contact + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: JOIN Zaak &I Document (on-premise) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -936,35 +1175,529 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: The solution contains Elasticsearch (vulnerable). Mitigating actions available + on our WIKI. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware Command Center + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: JOIN Zaak &I Document (on-premise) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: The SaaS hosted solution contains Logstash + Elasticsearch (vulnerable). + Mitigating actions taken. + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Deepinstinct + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-what-you-need-to-know + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Dell + product: Alienware Command Center + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Alienware OC Controls + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Alienware On Screen Display + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Alienware Update + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: APEX Console + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Cloud environment patched. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: APEX Data Storage Services + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Cloud environment patch in progress. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Atmos + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Avamar vproxy + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: CalMAN Powered Calibration Firmware + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: CalMAN Ready for Dell + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Centera + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Chameleon Linux Based Diagnostics + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Chassis Management Controller (CMC) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: China HDD Deluxe cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -972,7 +1705,8 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Alienware OC Controls + product: Client Platforms (Latitude, OptiPlex, Alienware, Inspiron, Precision, + XPS, Vostro, ChengMing) BIOS cves: cve-2021-4104: investigated: false @@ -984,7 +1718,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1002,59 +1736,65 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Alienware On Screen Display + product: Cloud IQ cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Cloud environment patched. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Alienware Update + product: Cloud Mobility for Dell EMC Storage cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1062,88 +1802,98 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: APEX Console + product: Cloud Tiering Appliance cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - N/A - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: APEX Data Storage Services + product: CloudIQ Collector cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patch in progress + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Atmos + product: Common Event Enabler cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1151,29 +1901,32 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Azure Stack HCI + product: Connectrix (Cisco MDS 9000 switches) cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1181,70 +1934,71 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CalMAN Powered Calibration Firmware + product: Connectrix (Cisco MDS DCNM) cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: Versions prior to 11.5(1x) fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/23/21. references: - - '' + - '[DSA-2021-302](https://www.dell.com/support/kbdoc/en-us/000194797/dsa-2021-302-dell-connectrix-mds-dcnm-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CalMAN Ready for Dell + product: Connectrix B-Series SANnav cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.1.1 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 2/28/2022. references: - - '' + - '[DSA-2021-266](https://www.dell.com/support/kbdoc/en-us/000194461/dsa-2021-266-dell-emc-connectrix-b-series-sannav-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Centera + product: Connextrix B Series cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -1253,14 +2007,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -1271,7 +2025,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Chameleon Linux Based Diagnostics + product: CyberSecIQ Application cves: cve-2021-4104: investigated: false @@ -1283,7 +2037,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1301,7 +2055,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Chassis Management Controller (CMC) + product: CyberSense for PowerProtect Cyber Recovery cves: cve-2021-4104: investigated: false @@ -1313,7 +2067,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1331,7 +2085,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: China HDD Deluxe + product: Data Domain OS cves: cve-2021-4104: investigated: false @@ -1340,10 +2094,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions from 7.3.0.5 to 7.7.0.6 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1356,12 +2110,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-274 references: - - '' + - '[DSA-2021-274](https://www.dell.com/support/kbdoc/en-us/000194503/dsa-2021-274-dell-emc-data-domain-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Cloud IQ + product: Dell BSAFE Crypto-C Micro Edition cves: cve-2021-4104: investigated: false @@ -1369,10 +2123,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1385,12 +2140,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Cloud Mobility for Dell EMC Storage + product: Dell BSAFE Crypto-J cves: cve-2021-4104: investigated: false @@ -1402,7 +2157,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1420,7 +2175,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Cloud Tiering Appliance + product: Dell BSAFE Micro Edition Suite cves: cve-2021-4104: investigated: false @@ -1432,7 +2187,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1450,7 +2205,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connectrix (Cisco MDS 9000 switches) + product: Dell Calibration Assistant cves: cve-2021-4104: investigated: false @@ -1462,7 +2217,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1480,7 +2235,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connectrix (Cisco MDS DCNM) + product: Dell Cinema Color cves: cve-2021-4104: investigated: false @@ -1488,10 +2243,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1504,12 +2260,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connectrix B-Series SANnav + product: Dell Cloud Command Repository Manager cves: cve-2021-4104: investigated: false @@ -1518,10 +2274,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.1.1 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1534,12 +2290,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 3/31/2022 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connextrix B Series + product: Dell Cloud Management Agent cves: cve-2021-4104: investigated: false @@ -1551,7 +2307,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1569,7 +2325,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CyberSecIQ Application + product: Dell Color Management cves: cve-2021-4104: investigated: false @@ -1581,7 +2337,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1599,7 +2355,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CyberSense for PowerProtect Cyber Recovery + product: Dell Command Configure cves: cve-2021-4104: investigated: false @@ -1611,7 +2367,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1629,7 +2385,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Data Domain OS + product: Dell Command Integration Suite for System Center cves: cve-2021-4104: investigated: false @@ -1638,10 +2394,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions between 7.3.0.5 and 7.7.0.6;Versions before 7.6.0.30 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1654,12 +2410,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-274 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell BSAFE Crypto-C Micro Edition + product: Dell Command Intel vPro Out of Band cves: cve-2021-4104: investigated: false @@ -1671,7 +2427,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1689,7 +2445,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell BSAFE Crypto-J + product: Dell Command Monitor cves: cve-2021-4104: investigated: false @@ -1701,7 +2457,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1719,7 +2475,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell BSAFE Micro Edition Suite + product: Dell Command Power Manager cves: cve-2021-4104: investigated: false @@ -1731,7 +2487,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1749,7 +2505,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Calibration Assistant + product: Dell Command PowerShell Provider cves: cve-2021-4104: investigated: false @@ -1761,7 +2517,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1779,7 +2535,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Cinema Color + product: Dell Command Update cves: cve-2021-4104: investigated: false @@ -1791,7 +2547,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1809,7 +2565,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Cloud Command Repository Manager + product: Dell Customer Connect cves: cve-2021-4104: investigated: false @@ -1821,7 +2577,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1839,7 +2595,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Cloud Management Agent + product: Dell Data Guardian* cves: cve-2021-4104: investigated: false @@ -1851,7 +2607,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1869,7 +2625,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Color Management + product: Dell Data Protection* cves: cve-2021-4104: investigated: false @@ -1881,7 +2637,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1899,7 +2655,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Configure + product: Dell Data Recovery Environment cves: cve-2021-4104: investigated: false @@ -1911,7 +2667,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1929,7 +2685,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Integration Suite for System Center + product: Dell Data Vault cves: cve-2021-4104: investigated: false @@ -1941,7 +2697,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1959,7 +2715,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Intel vPro Out of Band + product: Dell Data Vault for Chrome OS cves: cve-2021-4104: investigated: false @@ -1971,7 +2727,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1989,7 +2745,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Monitor + product: Dell Deployment Agent cves: cve-2021-4104: investigated: false @@ -2001,7 +2757,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2019,7 +2775,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Power Manager + product: Dell Digital Delivery cves: cve-2021-4104: investigated: false @@ -2031,7 +2787,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2049,7 +2805,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command PowerShell Provider + product: Dell Direct USB Key cves: cve-2021-4104: investigated: false @@ -2061,7 +2817,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2079,7 +2835,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Update + product: Dell Display Manager 1.5 for Windows / macOS cves: cve-2021-4104: investigated: false @@ -2091,7 +2847,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2109,7 +2865,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Customer Connect + product: Dell Display Manager 2.0 for Windows / macOS cves: cve-2021-4104: investigated: false @@ -2121,7 +2877,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2139,7 +2895,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Guardian* + product: Dell EMC AppSync cves: cve-2021-4104: investigated: false @@ -2151,7 +2907,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2169,7 +2925,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Protection* + product: Dell EMC Avamar cves: cve-2021-4104: investigated: false @@ -2178,10 +2934,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '18.2' + - '19.1' + - '19.2' + - '19.3' + - '19.4' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2194,12 +2954,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21. references: - - '' + - '[DSA-2021-277](https://www.dell.com/support/kbdoc/en-us/000194480/dsa-2021-277-dell-emc-avamar-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Recovery Environment + product: Dell EMC BSN Controller Node cves: cve-2021-4104: investigated: false @@ -2209,9 +2969,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2224,12 +2984,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-305 references: - - '' + - '[DSA-2021-305](https://www.dell.com/support/kbdoc/en-us/000194631/dsa-2021-305-dell-emc-bsn-controller-node-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Vault + product: Dell EMC Cloud Disaster Recovery cves: cve-2021-4104: investigated: false @@ -2238,10 +2998,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions from 19.6 and later fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2254,12 +3014,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - - '' + - '[DSA-2021-289](https://www.dell.com/support/kbdoc/en-us/000194663/dsa-2021-289-dell-emc-cloud-disaster-recovery-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Vault for Chrome OS + product: Dell EMC Cloudboost cves: cve-2021-4104: investigated: false @@ -2271,7 +3031,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2289,7 +3049,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Deployment Agent + product: Dell EMC CloudLink cves: cve-2021-4104: investigated: false @@ -2301,7 +3061,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2319,7 +3079,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Digital Delivery + product: Dell EMC Container Storage Modules cves: cve-2021-4104: investigated: false @@ -2331,7 +3091,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2349,7 +3109,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Direct USB Key + product: Dell EMC Data Computing Appliance (DCA) cves: cve-2021-4104: investigated: false @@ -2361,7 +3121,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2379,7 +3139,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Display Manager 1.5 for Windows / macOS + product: Dell EMC Data Protection Advisor cves: cve-2021-4104: investigated: false @@ -2389,9 +3149,16 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - 18.x (or earlier) -standalone DPA is EOSL + - 18.2.x (IDPA) + - 19.1.x + - 19.2.x + - 19.3.x + - 19.4.x + - 19.5.x + - 19.6.0 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2406,10 +3173,10 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - - '' + - '[DSA-2021-309](https://www.dell.com/support/kbdoc/en-us/000194651/dsa-2021-309-dell-emc-dpa-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Display Manager 2.0 for Windows / macOS + product: Dell EMC Data Protection Central cves: cve-2021-4104: investigated: false @@ -2419,9 +3186,10 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - 18.2.x-19.4.x + - 19.5.0-19.5.0.7 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2434,12 +3202,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-269 references: - - '' + - '[DSA-2021-269](https://www.dell.com/support/kbdoc/en-us/000194557/dsa-2021-269-dell-emc-data-protection-central-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC AppSync + product: Dell EMC Data Protection Search cves: cve-2021-4104: investigated: false @@ -2448,10 +3216,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions before 19.6 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2464,12 +3232,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-279 references: - - '' + - '[DSA-2021-279](https://www.dell.com/support/kbdoc/en-us/000194629/dsa-2021-279-dell-emc-data-protection-search-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Avamar + product: Dell EMC DataIQ cves: cve-2021-4104: investigated: false @@ -2478,10 +3246,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"18.2 19.1 19.2 19.3 19.4"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2494,12 +3262,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC BSN Controller Node + product: Dell EMC Disk Library for Mainframe cves: cve-2021-4104: investigated: false @@ -2507,10 +3275,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2523,12 +3292,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-305 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Cloud Disaster Recovery + product: Dell EMC Enterprise Storage Analytics for vRealize Operations cves: cve-2021-4104: investigated: false @@ -2538,7 +3307,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - N/A + - <6.0.0 + - 6.1.0 + - 6.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2553,12 +3324,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-278 references: - - '' + - '[DSA-2021-278](https://www.dell.com/support/kbdoc/en-us/000194488/dsa-2021-278)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Cloudboost + product: Dell EMC GeoDrive cves: cve-2021-4104: investigated: false @@ -2570,7 +3341,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2588,7 +3359,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC CloudLink + product: Dell EMC Integrated System for Azure Stack HCI cves: cve-2021-4104: investigated: false @@ -2597,10 +3368,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2613,12 +3384,15 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Dell EMC Integrated System for Azure Stack HCI is not impacted by this + advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect + Gateway (SCG) were optionally installed with Dell EMC Integrated System for + Azure Stack HCI monitor the following advisories. See DSA-2021-307. references: - - '' + - '[DSA-2021-307](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Container Storage Modules + product: Dell EMC Integrated System for Microsoft Azure Stack Hub cves: cve-2021-4104: investigated: false @@ -2627,10 +3401,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2643,12 +3417,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 2022-01-31. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Computing Appliance (DCA) + product: Dell EMC Isilon InsightIQ cves: cve-2021-4104: investigated: false @@ -2660,7 +3434,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2678,7 +3452,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Protection Advisor + product: Dell EMC License Manager cves: cve-2021-4104: investigated: false @@ -2690,7 +3464,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2708,7 +3482,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Protection Central + product: Dell EMC Metro Node cves: cve-2021-4104: investigated: false @@ -2716,8 +3490,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Versions before 7.0.1 P2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2732,12 +3507,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021- 269 + notes: See DSA-2021-308 references: - - '' + - '[DSA-2021-308](https://www.dell.com/support/kbdoc/en-us/000194630/dsa-2021)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Protection Search + product: Dell EMC NetWorker cves: cve-2021-4104: investigated: false @@ -2747,7 +3522,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - Versions before 19.5.0.7 + - 19.4.x + - 19.5.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2762,12 +3538,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-279 + notes: Patch expected by 12/20/21 references: - - '' + - '[DSA-2021-280](https://www.dell.com/support/kbdoc/en-us/000194541/dsa-2021-280-dell-emc-networker-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC DataIQ + product: Dell EMC NetWorker VE cves: cve-2021-4104: investigated: false @@ -2776,10 +3552,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 19.4.x + - 19.5.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2792,12 +3569,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - - '' + - '[DSA-2021-280](https://www.dell.com/support/kbdoc/en-us/000194541/dsa-2021-280-dell-emc-networker-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Disk Library for Mainframe + product: Dell EMC Networking Onie cves: cve-2021-4104: investigated: false @@ -2809,7 +3586,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2827,7 +3604,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC ECS + product: Dell EMC Networking Virtual Edge Platform with VersaOS cves: cve-2021-4104: investigated: false @@ -2835,10 +3612,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2851,12 +3629,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Enterprise Storage Analytics for vRealize Operations + product: Dell EMC OpenManage Ansible Modules cves: cve-2021-4104: investigated: false @@ -2865,10 +3643,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"<6.0.0 6.1.0 6.2.x"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2881,12 +3659,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-278 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC GeoDrive + product: Dell EMC OpenManage Enterprise Services cves: cve-2021-4104: investigated: false @@ -2895,10 +3673,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Version 1.2 and earlier fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2911,12 +3689,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - - '' + - '[DSA-2021-276](https://www.dell.com/support/kbdoc/en-us/000194652/dsa-2021-276-dell-emc-openmanage-enterprise-services-security-update-for-apache-log4j-remote-code-execution-vulnerabilities-cve-2021-44228-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Integrated System for Azure Stack HCI + product: Dell EMC OpenManage integration for Splunk cves: cve-2021-4104: investigated: false @@ -2925,10 +3703,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2941,16 +3719,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Dell EMC Integrated System for Azure Stack HCI is not impacted by this - advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect - Gateway (SCG) were optionally installed with Dell EMC Integrated System for - Azure Stack HCI monitor the following advisories. Apply workaround guidance - and remediations as they become [available:](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Integrated System for Microsoft Azure Stack Hub + product: Dell EMC OpenManage Integration for VMware vCenter cves: cve-2021-4104: investigated: false @@ -2959,10 +3733,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2975,12 +3749,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Isilon InsightIQ + product: Dell EMC OpenManage Management pack for vRealize Operations cves: cve-2021-4104: investigated: false @@ -2992,7 +3766,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3010,7 +3784,8 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC License Manager + product: Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge + Manager cves: cve-2021-4104: investigated: false @@ -3022,7 +3797,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3040,7 +3815,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Metro Node + product: Dell EMC PowerFlex Appliance cves: cve-2021-4104: investigated: false @@ -3050,7 +3825,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 7.0.x + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3065,12 +3840,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-308 + notes: See DSA-2021-293. references: - - '' + - '[DSA-2021-293](https://www.dell.com/support/kbdoc/en-us/000194579/dsa-2021-293-dell-powerflex-appliance-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC NetWorker Server + product: Dell EMC PowerFlex Rack cves: cve-2021-4104: investigated: false @@ -3080,7 +3855,10 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + - RCM 3.3 train - all versions up to 3.3.11.0 + - RCM 3.4 train - all versions up to 3.4.6.0 + - RCM 3.5 train - all versions up to 3.5.6.0 + - RCM 3.6 train - all versions up to 3.6.2.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3095,12 +3873,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: See DSA-2021-292. references: - - '' + - '[DSA-2021-292](https://www.dell.com/support/kbdoc/en-us/000194578/dsa-2021-292-dell-powerflex-rack-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC NetWorker Virtual Edition + product: Dell EMC PowerFlex Software (SDS) cves: cve-2021-4104: investigated: false @@ -3110,7 +3888,15 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + - '3.5' + - 3.5.1 + - 3.5.1.1 + - 3.5.1.2 + - 3.5.1.3 + - 3.5.1.4 + - '3.6' + - 3.6.0.1 + - 3.6.0.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3125,12 +3911,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: See DSA-2021-272. references: - - '' + - '[DSA-2021-272](https://www.dell.com/support/kbdoc/en-us/000194548/dsa-2021-272-dell-powerflex-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Networking Onie + product: Dell EMC PowerPath cves: cve-2021-4104: investigated: false @@ -3142,7 +3928,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3160,7 +3946,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Networking Virtual Edge Platform with VersaOS + product: Dell EMC PowerPath Management Appliance cves: cve-2021-4104: investigated: false @@ -3169,10 +3955,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"with Versa Concerto with Versa Analytics with Versa Concero Director"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3185,12 +3971,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-304 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Ansible Modules + product: Dell EMC PowerProtect Cyber Recovery cves: cve-2021-4104: investigated: false @@ -3202,7 +3988,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3220,7 +4006,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage integration for Splunk + product: Dell EMC PowerProtect Data Manager cves: cve-2021-4104: investigated: false @@ -3229,10 +4015,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions 19.9 and earlier fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3245,12 +4031,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-286. references: - - '' + - '[DSA-2021-286](https://www.dell.com/support/kbdoc/en-us/000194549/dsa-2021-286-dell-emc-power-protect-data-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Integration for VMware vCenter + product: Dell EMC PowerProtect DP Series Appliance (iDPA) cves: cve-2021-4104: investigated: false @@ -3259,10 +4045,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.7.0 and earlier fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3275,12 +4061,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA 2021-285. references: - - '' + - '[DSA-2021-285](https://www.dell.com/support/kbdoc/en-us/000194532/dsa-2021-285-dell-emc-integrated-data-protection-appliance-powerprotect-dp-series-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Management pack for vRealize Operations + product: Dell EMC PowerScale OneFS cves: cve-2021-4104: investigated: false @@ -3292,7 +4078,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3310,8 +4096,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge - Manager + product: Dell EMC PowerShell for PowerMax cves: cve-2021-4104: investigated: false @@ -3323,7 +4108,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3341,7 +4126,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Appliance + product: Dell EMC PowerShell for Powerstore cves: cve-2021-4104: investigated: false @@ -3350,11 +4135,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"All versions up to Intelligent Catalog 38_356_00_r10.zip All versions - up to Intelligent Catalog 38_362_00_r7.zip"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3367,12 +4151,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Rack + product: Dell EMC PowerShell for Unity cves: cve-2021-4104: investigated: false @@ -3381,10 +4165,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3397,12 +4181,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Software (SDS) + product: Dell EMC PowerStore cves: cve-2021-4104: investigated: false @@ -3412,7 +4196,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"3.5 3.5.1 3.5.1.1 3.5.1.2 3.5.1.3 3.5.1.4 3.6 3.6.0.1 3.6.0.2"' + - Versions before 2.0.1.3-1538564 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3427,12 +4211,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-295. references: - - '' + - '[DSA-2021-295](https://www.dell.com/support/kbdoc/en-us/000194739/dsa-2021-295-dell-emc-powerstore-family-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerPath + product: Dell EMC PowerSwitch Z9264F-ON BMC cves: cve-2021-4104: investigated: false @@ -3444,7 +4228,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3462,7 +4246,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerPath Management Appliance + product: Dell EMC PowerSwitch Z9432F-ON BMC cves: cve-2021-4104: investigated: false @@ -3474,7 +4258,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3492,7 +4276,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect Cyber Recovery + product: Dell EMC PowerVault ME4 Series Storage Arrays cves: cve-2021-4104: investigated: false @@ -3504,7 +4288,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3522,7 +4306,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect Data Manager + product: Dell EMC RecoverPoint cves: cve-2021-4104: investigated: false @@ -3532,7 +4316,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - All versions 19.9 and earlier + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3547,12 +4331,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA 2021-284. references: - - '' + - '[DSA 2021-284](https://www.dell.com/support/kbdoc/en-us/000194531/dsa-2021-284-dell-emc-recoverpoint-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect DP Series Appliance (iDPA) + product: Dell EMC Repository Manager (DRM) cves: cve-2021-4104: investigated: false @@ -3561,10 +4345,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.7.0 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3577,12 +4361,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerScale OneFS + product: Dell EMC Ruckus SmartZone 100 Controller cves: cve-2021-4104: investigated: false @@ -3592,9 +4376,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3607,12 +4391,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - - '' + - '[DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for PowerMax + product: Dell EMC Ruckus SmartZone 300 Controller cves: cve-2021-4104: investigated: false @@ -3622,9 +4406,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3637,12 +4421,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - - '' + - '[DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for Powerstore + product: Dell EMC Ruckus Virtual Software cves: cve-2021-4104: investigated: false @@ -3651,10 +4435,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3667,12 +4451,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - - '' + - '[DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for Unity + product: Dell EMC SourceOne cves: cve-2021-4104: investigated: false @@ -3684,7 +4468,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3702,7 +4486,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerStore + product: Dell EMC SRM cves: cve-2021-4104: investigated: false @@ -3710,9 +4494,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Versions before 4.6.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -3726,12 +4511,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: See DSA-2021-301. references: - - '' + - '[DSA-2021-301](https://www.dell.com/support/kbdoc/en-us/000194613/dsa-2021-301)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerVault MD3 Series Storage Arrays + product: Dell EMC Streaming Data Platform cves: cve-2021-4104: investigated: false @@ -3740,10 +4525,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '1.1' + - '1.2' + - 1.2 HF1 + - '1.3' + - 1.3.1 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3756,12 +4545,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-297. references: - - '' + - '[DSA-2021-297](https://www.dell.com/support/kbdoc/en-us/000194627/dsa-2021-297-dell-emc-streaming-data-platform-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerVault ME4 Series Storage Arrays + product: Dell EMC Systems Update (DSU) cves: cve-2021-4104: investigated: false @@ -3773,7 +4562,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3791,7 +4580,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC RecoverPoint Classic + product: Dell EMC Unisphere 360 cves: cve-2021-4104: investigated: false @@ -3800,10 +4589,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All 5.1.x and later versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3816,12 +4605,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC RecoverPoint for Virtual Machine + product: Dell EMC Unity cves: cve-2021-4104: investigated: false @@ -3830,9 +4619,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All 5.0.x and later versions - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3846,12 +4635,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-294. references: - - '' + - '[DSA-2021-294](https://www.dell.com/support/kbdoc/en-us/000194826/dsa-2021-294-dell-emc-unity-dell-emc-unityvsa-and-dell-emc-unity-xt-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Repository Manager (DRM) + product: Dell EMC Virtual Storage Integrator cves: cve-2021-4104: investigated: false @@ -3863,7 +4652,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3881,7 +4670,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus SmartZone 100 Controller + product: Dell EMC VPLEX cves: cve-2021-4104: investigated: false @@ -3889,10 +4678,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3905,12 +4695,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus SmartZone 300 Controller + product: Dell EMC vProtect cves: cve-2021-4104: investigated: false @@ -3918,8 +4708,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 19.5-19.9 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3934,12 +4725,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: See DSA-2022-007. references: - - '' + - '[DSA-2022-007](https://www.dell.com/support/kbdoc/en-us/000195003/title-dsa-2022-007-dell-emc-vprotect-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus Virtual Software + product: Dell EMC VxRail cves: cve-2021-4104: investigated: false @@ -3947,8 +4738,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.5.x + - 4.7.x + - 7.0.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3963,12 +4757,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: See DSA-2021-265. references: - - '' + - '[DSA-2021-265](https://www.dell.com/support/kbdoc/en-us/000194466/dsa-2021-265-dell-emc-vxrail-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC SourceOne + product: Dell EMC XC cves: cve-2021-4104: investigated: false @@ -3977,10 +4771,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3993,12 +4787,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-311. references: - - '' + - '[DSA-2021-311](https://www.dell.com/support/kbdoc/en-us/000194822/dsa-2021-311-dell-emc-xc-series-and-core-appliance-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC SRM vApp + product: Dell EMC XtremIO cves: cve-2021-4104: investigated: false @@ -4007,10 +4801,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions before 4.6.0.2 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4023,12 +4817,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/25/2022 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Streaming Data Platform + product: Dell Encryption Enterprise* cves: cve-2021-4104: investigated: false @@ -4036,10 +4830,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4052,12 +4847,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Systems Update (DSU) + product: Dell Encryption Personal* cves: cve-2021-4104: investigated: false @@ -4069,7 +4864,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4087,7 +4882,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Unisphere 360 + product: Dell Endpoint Security Suite Enterprise* cves: cve-2021-4104: investigated: false @@ -4099,7 +4894,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4117,7 +4912,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Unity + product: Dell Hybrid Client cves: cve-2021-4104: investigated: false @@ -4125,10 +4920,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4141,12 +4937,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/29/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Virtual Storage Integrator + product: Dell ImageAssist cves: cve-2021-4104: investigated: false @@ -4158,7 +4954,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4176,7 +4972,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC VPLEX + product: Dell Insights Client cves: cve-2021-4104: investigated: false @@ -4188,7 +4984,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4206,7 +5002,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC VxRail + product: Dell Linux Assistant cves: cve-2021-4104: investigated: false @@ -4215,10 +5011,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"4.5.x 4.7.x 7.0.x"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4231,12 +5027,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC XtremIO + product: Dell Memory Solutions cves: cve-2021-4104: investigated: false @@ -4248,7 +5044,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4266,7 +5062,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Encryption Enterprise* + product: Dell Mobile Connect cves: cve-2021-4104: investigated: false @@ -4278,7 +5074,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4296,7 +5092,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Encryption Personal* + product: Dell Monitor ISP (Windows/Mac/Linux) cves: cve-2021-4104: investigated: false @@ -4308,7 +5104,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4326,7 +5122,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Endpoint Security Suite Enterprise* + product: Dell Monitor SDK cves: cve-2021-4104: investigated: false @@ -4338,7 +5134,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4356,7 +5152,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Hybrid Client + product: Dell Networking X-Series cves: cve-2021-4104: investigated: false @@ -4368,7 +5164,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4386,7 +5182,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell ImageAssist + product: Dell OpenManage Change Management cves: cve-2021-4104: investigated: false @@ -4398,7 +5194,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4416,7 +5212,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Insights Client + product: Dell OpenManage Enterprise cves: cve-2021-4104: investigated: false @@ -4425,10 +5221,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions before 3.8.2 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4441,12 +5237,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-275 references: - - '' + - '[DSA-2021-275](https://www.dell.com/support/kbdoc/en-us/000194638/dsa-2021-275-dell-emc-openmanage-enterprise-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Linux Assistant + product: Dell OpenManage Enterprise CloudIQ plugin cves: cve-2021-4104: investigated: false @@ -4458,7 +5254,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4476,7 +5272,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Mobile Connect + product: Dell OpenManage Enterprise Modular cves: cve-2021-4104: investigated: false @@ -4485,10 +5281,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions before 1.40.10 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4501,12 +5297,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-268 references: - - '' + - '[DSA-2021-268](https://www.dell.com/support/kbdoc/en-us/000194625/dsa-2021-268-dell-emc-openmanage-enterprise-modular-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Monitor ISP (Windows/Mac/Linux) + product: Dell OpenManage Enterprise Power Manager plugin cves: cve-2021-4104: investigated: false @@ -4518,7 +5314,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4536,7 +5332,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Monitor SDK + product: Dell OpenManage Mobile cves: cve-2021-4104: investigated: false @@ -4548,7 +5344,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4566,7 +5362,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Networking X-Series + product: Dell OpenManage Server Administrator cves: cve-2021-4104: investigated: false @@ -4578,7 +5374,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4596,7 +5392,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Mobile + product: Dell Optimizer cves: cve-2021-4104: investigated: false @@ -4608,7 +5404,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4626,7 +5422,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Server Administrator + product: Dell OS Recovery Tool cves: cve-2021-4104: investigated: false @@ -4638,7 +5434,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4656,7 +5452,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Management Enterprise - Modular + product: Dell Peripheral Manager 1.4 / 1.5 for Windows cves: cve-2021-4104: investigated: false @@ -4665,10 +5461,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <1.40.10 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4681,12 +5477,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-268 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Change Management + product: Dell Platform Service cves: cve-2021-4104: investigated: false @@ -4698,7 +5494,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4716,7 +5512,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Enterprise Power Manager Plugin + product: Dell Power Manager cves: cve-2021-4104: investigated: false @@ -4728,7 +5524,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4746,7 +5542,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Optimizer + product: Dell Power Manager Lite cves: cve-2021-4104: investigated: false @@ -4758,7 +5554,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4776,7 +5572,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OS Recovery Tool + product: Dell Precision Optimizer cves: cve-2021-4104: investigated: false @@ -4788,7 +5584,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4806,7 +5602,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Peripheral Manager 1.4 / 1.5 for Windows + product: Dell Precision Optimizer for Linux cves: cve-2021-4104: investigated: false @@ -4818,7 +5614,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4836,7 +5632,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Platform Service + product: Dell Premier Color cves: cve-2021-4104: investigated: false @@ -4848,7 +5644,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4866,7 +5662,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Power Manager + product: Dell Recovery (Linux) cves: cve-2021-4104: investigated: false @@ -4878,7 +5674,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4896,7 +5692,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Power Manager Lite + product: Dell Remediation Platform cves: cve-2021-4104: investigated: false @@ -4908,7 +5704,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4926,7 +5722,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Precision Optimizer + product: Dell Remote Execution Engine (DRONE) cves: cve-2021-4104: investigated: false @@ -4938,7 +5734,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4956,7 +5752,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Precision Optimizer for Linux + product: Dell Security Advisory Update - DSA-2021-088 cves: cve-2021-4104: investigated: false @@ -4968,7 +5764,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4986,7 +5782,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Premier Color + product: Dell Security Management Server & Dell Security Management Server Virtual* cves: cve-2021-4104: investigated: false @@ -4998,7 +5794,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5016,7 +5812,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Recovery (Linux) + product: Dell SupportAssist SOS cves: cve-2021-4104: investigated: false @@ -5028,7 +5824,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5046,7 +5842,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Remediation Platform + product: Dell Thin OS cves: cve-2021-4104: investigated: false @@ -5058,7 +5854,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5076,7 +5872,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Remote Execution Engine (DRONE) + product: Dell Threat Defense cves: cve-2021-4104: investigated: false @@ -5088,7 +5884,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5106,7 +5902,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Security Advisory Update - DSA-2021-088 + product: Dell True Color cves: cve-2021-4104: investigated: false @@ -5118,7 +5914,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5136,7 +5932,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Security Management Server & Dell Security Management Server Virtual* + product: Dell Trusted Device cves: cve-2021-4104: investigated: false @@ -5148,7 +5944,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5166,7 +5962,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell SupportAssist SOS + product: Dell Update cves: cve-2021-4104: investigated: false @@ -5178,7 +5974,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5196,7 +5992,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Thin OS + product: Dream Catcher cves: cve-2021-4104: investigated: false @@ -5208,7 +6004,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5226,7 +6022,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Threat Defense + product: DUP Creation Service cves: cve-2021-4104: investigated: false @@ -5238,7 +6034,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5256,7 +6052,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell True Color + product: DUP Framework (ISG) cves: cve-2021-4104: investigated: false @@ -5268,7 +6064,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5286,7 +6082,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Trusted Device + product: ECS cves: cve-2021-4104: investigated: false @@ -5296,9 +6092,14 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - 3.3.x + - 3.4.x + - 3.5.x + - 3.6.0.x + - 3.6.1.x + - 3.6.2.0 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5311,12 +6112,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-273. references: - - '' + - '[DSA-2021-273](https://www.dell.com/support/kbdoc/en-us/000194612/dsa-2021-273-dell-emc-ecs-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Update + product: Embedded NAS cves: cve-2021-4104: investigated: false @@ -5328,7 +6129,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5346,7 +6147,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DellEMC OpenManage Enterprise Services + product: Embedded Service Enabler cves: cve-2021-4104: investigated: false @@ -5354,10 +6155,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5370,12 +6172,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dream Catcher + product: Enterprise Hybrid Cloud cves: cve-2021-4104: investigated: false @@ -5387,7 +6189,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5400,12 +6202,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-270. references: - - '' + - '[DSA-2021-270](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DUP Creation Service + product: Equallogic PS cves: cve-2021-4104: investigated: false @@ -5417,7 +6219,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5435,7 +6237,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DUP Framework (ISG) + product: Fluid FS cves: cve-2021-4104: investigated: false @@ -5447,7 +6249,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5465,7 +6267,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Embedded NAS + product: iDRAC Service Module (iSM) cves: cve-2021-4104: investigated: false @@ -5477,7 +6279,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5495,7 +6297,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Embedded Service Enabler + product: Infinity MLK (firmware) cves: cve-2021-4104: investigated: false @@ -5507,7 +6309,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5525,7 +6327,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Enterprise Hybrid Cloud + product: Integrated Dell Remote Access Controller (iDRAC) cves: cve-2021-4104: investigated: false @@ -5533,10 +6335,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5549,12 +6352,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '[link](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Equallogic PS + product: ISG Accelerators cves: cve-2021-4104: investigated: false @@ -5566,7 +6369,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5584,7 +6387,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Fluid FS + product: ISG Board & Electrical cves: cve-2021-4104: investigated: false @@ -5596,7 +6399,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5614,7 +6417,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: iDRAC Service Module (iSM) + product: ISG Drive & Storage Media cves: cve-2021-4104: investigated: false @@ -5626,7 +6429,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5644,7 +6447,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Infinity MLK (firmware) + product: IsilonSD Management Server cves: cve-2021-4104: investigated: false @@ -5656,7 +6459,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5674,7 +6477,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Integrated Dell Remote Access Controller (iDRAC) + product: IVE-WinDiag cves: cve-2021-4104: investigated: false @@ -5686,7 +6489,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5704,7 +6507,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ISG Accelerators + product: Mainframe Enablers cves: cve-2021-4104: investigated: false @@ -5716,7 +6519,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5734,7 +6537,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ISG Board & Electrical + product: MDS cves: cve-2021-4104: investigated: false @@ -5746,7 +6549,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5764,7 +6567,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: IsilonSD Management Server + product: My Dell cves: cve-2021-4104: investigated: false @@ -5776,7 +6579,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5794,7 +6597,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: IVE-WinDiag + product: MyDell Mobile cves: cve-2021-4104: investigated: false @@ -5806,7 +6609,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5824,7 +6627,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Mainframe Enablers + product: NetWorker Management Console cves: cve-2021-4104: investigated: false @@ -5836,7 +6639,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5854,7 +6657,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: My Dell + product: Networking BIOS cves: cve-2021-4104: investigated: false @@ -5866,7 +6669,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5884,7 +6687,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: MyDell Mobile + product: Networking DIAG cves: cve-2021-4104: investigated: false @@ -5896,7 +6699,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5914,7 +6717,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: NetWorker Management Console + product: Networking N-Series cves: cve-2021-4104: investigated: false @@ -5926,7 +6729,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5944,7 +6747,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking BIOS + product: Networking OS 10 cves: cve-2021-4104: investigated: false @@ -5956,7 +6759,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5974,7 +6777,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking DIAG + product: Networking OS 9 cves: cve-2021-4104: investigated: false @@ -5986,7 +6789,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6004,7 +6807,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking N-Series + product: Networking SD-WAN Edge SD-WAN cves: cve-2021-4104: investigated: false @@ -6016,7 +6819,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6034,7 +6837,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS 10 + product: Networking W-Series cves: cve-2021-4104: investigated: false @@ -6046,7 +6849,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6064,7 +6867,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS9 + product: Networking X-Series cves: cve-2021-4104: investigated: false @@ -6076,7 +6879,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6094,7 +6897,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking SD-WAN Edge SD-WAN + product: OMIMSSC (OpenManage Integration for Microsoft System Center) cves: cve-2021-4104: investigated: false @@ -6106,7 +6909,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6124,7 +6927,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking W-Series + product: OMNIA cves: cve-2021-4104: investigated: false @@ -6136,7 +6939,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6154,7 +6957,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking X-Series + product: OpenManage Connections - Nagios cves: cve-2021-4104: investigated: false @@ -6166,7 +6969,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6184,7 +6987,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OMIMSSC (OpenManage Integration for Microsoft System Center) + product: OpenManage Connections - ServiceNow cves: cve-2021-4104: investigated: false @@ -6196,7 +6999,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6214,7 +7017,8 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OMNIA + product: OpenManage Integration for Microsoft System Center for System Center + Operations Manager cves: cve-2021-4104: investigated: false @@ -6226,7 +7030,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6244,7 +7048,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Connections - Nagios + product: OpenManage Integration with Microsoft Windows Admin Center cves: cve-2021-4104: investigated: false @@ -6256,7 +7060,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6274,7 +7078,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Connections - ServiceNow + product: OpenManage Network Integration cves: cve-2021-4104: investigated: false @@ -6286,7 +7090,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6304,7 +7108,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Enterprise + product: OpenManage Power Center cves: cve-2021-4104: investigated: false @@ -6312,10 +7116,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6328,13 +7133,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Integration for Microsoft System Center for System Center - Operations Manager + product: PowerConnect N3200 cves: cve-2021-4104: investigated: false @@ -6346,7 +7150,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6364,7 +7168,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Integration with Microsoft Windows Admin Center + product: PowerConnect PC2800 cves: cve-2021-4104: investigated: false @@ -6376,7 +7180,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6394,7 +7198,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Network Integration + product: PowerConnect PC8100 cves: cve-2021-4104: investigated: false @@ -6406,7 +7210,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6424,7 +7228,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect N3200 + product: PowerEdge Accelerator Solutions cves: cve-2021-4104: investigated: false @@ -6436,7 +7240,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6454,7 +7258,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect PC2800 + product: PowerEdge BIOS cves: cve-2021-4104: investigated: false @@ -6466,7 +7270,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6484,7 +7288,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect PC8100 + product: PowerEdge Networking Solutions cves: cve-2021-4104: investigated: false @@ -6496,7 +7300,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6514,7 +7318,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerEdge BIOS + product: PowerEdge Operating Systems cves: cve-2021-4104: investigated: false @@ -6526,7 +7330,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6544,7 +7348,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerEdge Operating Systems + product: PowerEdge RAID Controller Solutions cves: cve-2021-4104: investigated: false @@ -6556,7 +7360,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6586,7 +7390,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6616,7 +7420,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6646,7 +7450,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6676,7 +7480,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6706,7 +7510,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6736,7 +7540,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6766,7 +7570,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6796,7 +7600,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6826,7 +7630,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6871,10 +7675,10 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-282 references: - - '' + - '[]' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Secure Connect Gateway (SCG) Policy Manager + product: Secure Connect Gateway (SCG) Appliance cves: cve-2021-4104: investigated: false @@ -6883,10 +7687,41 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"5.00.00.10 5.00.05.10"' + affected_versions: [] + fixed_versions: + - 5.00.00, 5.00.05, and 4.0.06 and earlier versions (OVF and VHD) + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-282 + references: + - '[DSA-2021-282](https://www.dell.com/support/kbdoc/en-us/000194624/dsa-2021-282-dell-emc-secure-connect-gateway-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Secure Connect Gateway (SCG) Policy Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.00.00.10 + - 5.00.05.10 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -6901,7 +7736,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-281 references: - - '' + - '[DSA-2021-281](https://www.dell.com/support/kbdoc/en-us/000194539/dsa-2021-281-dell-emc-policy-manager-for-secure-connect-gateway-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Server Storage @@ -6916,7 +7751,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6946,7 +7781,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6976,7 +7811,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7006,7 +7841,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7036,7 +7871,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7066,7 +7901,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7096,7 +7931,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7126,7 +7961,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7153,9 +7988,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '7' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '7.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -7169,9 +8004,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-287. references: - - '' + - '[DSA-2021-287](https://www.dell.com/support/kbdoc/en-us/000194544/dsa-2021-287-dell-emc-srs-policy-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: SRS VE @@ -7186,7 +8021,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7212,8 +8047,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 16.x + - 17.x + - 18.x + - 19.x + - 20.1.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7228,9 +8068,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-310. references: - - '' + - '[DSA-2021-310](https://www.dell.com/support/kbdoc/en-us/000194790/dsa-2021-310-storage-center-dell-storage-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Storage Center OS and additional SC applications unless otherwise noted @@ -7245,7 +8085,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7275,7 +8115,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7305,7 +8145,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7331,8 +8171,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.0.70 and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7347,9 +8188,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: See DSA-2021-283. references: - - '' + - '[DSA-2021-283](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: UCC Edge @@ -7364,7 +8205,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7390,9 +8231,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Versions before 4.0 SP 9.2 (4.0.9.1541235) unaffected_versions: [] cve-2021-45046: investigated: false @@ -7406,9 +8248,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/10/2022 + notes: See DSA-2021-296. references: - - '' + - '[DSA-2021-296](https://www.dell.com/support/kbdoc/en-us/000194874/dsa-2021-296-dell-emc-unisphere-central-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Unisphere for PowerMax @@ -7423,7 +8265,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7453,7 +8295,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7483,7 +8325,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7513,7 +8355,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7543,7 +8385,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7569,8 +8411,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7585,9 +8428,10 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending See vce6771 (requires customer login) + notes: Patch pending See vce6771 (requires customer login). This advisory is available + to customer only and has not been reviewed by CISA. references: - - '' + - '[vce6771](https://support-dellemc-com.secure.force.com/)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: ViPR Controller @@ -7602,7 +8446,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7630,7 +8474,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + - 8.2 8.3 8.4 8.5 and 8.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7660,7 +8504,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + - 8.2 8.3 8.4 8.5 and 8.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7680,7 +8524,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNX1 + product: VNX Control Station cves: cve-2021-4104: investigated: false @@ -7692,7 +8536,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7710,7 +8554,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNX2 + product: VNX1 cves: cve-2021-4104: investigated: false @@ -7722,7 +8566,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7740,7 +8584,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNXe 1600 + product: VNX2 cves: cve-2021-4104: investigated: false @@ -7749,10 +8593,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions 3.1.16.10220572 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7765,12 +8609,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNXe 3200 + product: VNXe 1600 cves: cve-2021-4104: investigated: false @@ -7779,9 +8623,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 3.1.15.10216415 and earlier - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Versions 3.1.16.10220572 and earlier unaffected_versions: [] cve-2021-45046: investigated: false @@ -7795,12 +8639,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: See DSA-2021-299 references: - - '' + - '[DSA-2021-299](https://www.dell.com/support/kbdoc/en-us/000194605/dsa-2021-299-dell-emc-vnxe1600-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228?lang=en)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VPLEX VS2/VS6 / VPLEX Witness + product: VNXe 3200 cves: cve-2021-4104: investigated: false @@ -7810,9 +8654,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - Version 3.1.15.10216415 and earlier + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -7825,12 +8669,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-298 references: - - '' + - '[DSA-2021-298](https://www.dell.com/support/kbdoc/en-us/000194606/dsa-2021-298-dell-emc-vnxe3200-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228?lang=en)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Data Protection Extension Data Management + product: VPLEX VS2/VS6 / VPLEX Witness cves: cve-2021-4104: investigated: false @@ -7838,10 +8682,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7854,12 +8699,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Data Protection Extension for vRealize Automation (vRA) 8.x + product: vRealize Data Protection Extension Data Management cves: cve-2021-4104: investigated: false @@ -7868,9 +8713,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"version 19.6 version 19.7 version 19.8 and version 19.9"' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -7884,9 +8729,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: See DSA-2021-290. references: - - '' + - '[DSA-2021-290](https://www.dell.com/support/kbdoc/en-us/000194614/dsa-2021-290-dell-emc-vrealize-data-protection-extension-for-vrealize-automation-vra-8-x-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage @@ -7898,9 +8743,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Various - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -7914,9 +8759,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: See DSA-2021-300. references: - - '' + - '[DSA-2021-300](https://www.dell.com/support/kbdoc/en-us/000194610/dsa-2021-300)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: vRO Plugin for Dell EMC PowerMax @@ -7928,9 +8773,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Version 1.2.3 or earlier - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -7958,9 +8803,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Version 1.1.0 or earlier - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -8081,7 +8926,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8107,7 +8952,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -8123,9 +8968,10 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Patch pending See vce6771 (requires customer login) "' + notes: Patch pending See vce6771 (requires customer login). This advisory is available + to customer only and has not been reviewed by CISA. references: - - '' + - '[vce6771](https://support-dellemc-com.secure.force.com/)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Warnado MLK (firmware) @@ -8140,7 +8986,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8167,9 +9013,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <3.5 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - < 3.5 unaffected_versions: [] cve-2021-45046: investigated: false @@ -8185,7 +9031,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-267 references: - - '' + - '[DSA-2021-267](https://www.dell.com/support/kbdoc/en-us/000194459/dsa-2021-267-dell-wyse-management-suite-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Wyse Proprietary OS (ThinOS) @@ -8200,7 +9046,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8230,7 +9076,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8278,7 +9124,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Denequa - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -8307,7 +9153,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Device42 - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -8315,10 +9161,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8336,7 +9183,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Devolutions - product: All products + product: All cves: cve-2021-4104: investigated: false @@ -8344,10 +9191,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8365,7 +9213,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Diebold Nixdorf - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -8402,10 +9250,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8431,10 +9280,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8460,10 +9310,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8489,10 +9340,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8518,10 +9370,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8547,10 +9400,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8576,10 +9430,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8605,10 +9460,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8634,10 +9490,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8663,10 +9520,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8692,10 +9550,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8721,10 +9580,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8750,10 +9610,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8779,10 +9640,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8808,10 +9670,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8837,10 +9700,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8866,10 +9730,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8895,10 +9760,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8924,10 +9790,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8953,10 +9820,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8982,10 +9850,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9011,10 +9880,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9040,10 +9910,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9069,10 +9940,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9098,10 +9970,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9127,10 +10000,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9156,10 +10030,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9185,10 +10060,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9214,10 +10090,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9243,10 +10120,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9272,10 +10150,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9301,10 +10180,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9330,10 +10210,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9359,10 +10240,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9388,10 +10270,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9417,10 +10300,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9446,10 +10330,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9475,10 +10360,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9504,10 +10390,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9525,7 +10412,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digicert - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -9554,7 +10441,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Digital AI - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -9611,8 +10498,38 @@ software: references: - '' last_updated: '2022-01-05T00:00:00' + - vendor: DirectAdmin + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.directadmin.com/threads/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare.65173/#post-339723 + notes: Invidivual plugins not developed as part of DirectAdmin core may be vulnerable. + references: + - '' + last_updated: '2022-01-05T00:00:00' - vendor: DNSFilter - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -9641,7 +10558,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Docker - product: '' + product: Infrastructure cves: cve-2021-4104: investigated: false @@ -9649,10 +10566,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9665,12 +10583,13 @@ software: unaffected_versions: [] vendor_links: - https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ - notes: '' + notes: Docker infrastructure not vulnerable, Docker images could be vulnerable. + For more info see source. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Docusign - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -9698,9 +10617,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: DrayTek - product: Vigor Routers, Access Points, Switches, VigorACS Central Management Software, - MyVigor Platform + - vendor: DotCMS + product: Hybrid Content Management System cves: cve-2021-4104: investigated: false @@ -9708,10 +10626,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/dotCMS/core/issues/21393 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: DrayTek + product: All + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9728,8 +10677,68 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' + - vendor: Dropwizard + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/dropwizardio/status/1469285337524580359 + notes: Only vulnerable if you manually added Log4j. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dräger + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://static.draeger.com/security + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' - vendor: DSpace - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -9766,9 +10775,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -9787,7 +10797,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: Dynatrace Extensions + product: Cloud Services cves: cve-2021-4104: investigated: false @@ -9795,10 +10805,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + notes: Please see Dynatrace Communication for details + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: Extensions + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -9824,9 +10865,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -9853,10 +10895,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9882,10 +10925,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9911,9 +10955,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -9940,9 +10985,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -9969,9 +11015,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false diff --git a/data/cisagov_E.yml b/data/cisagov_E.yml index 1578987..687ac2d 100644 --- a/data/cisagov_E.yml +++ b/data/cisagov_E.yml @@ -4524,7 +4524,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ewon - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4532,10 +4532,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4551,7 +4552,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-02-02T07:18:50+00:00' - vendor: Exabeam product: '' cves: diff --git a/data/cisagov_F.yml b/data/cisagov_F.yml index 8598911..adcaaab 100644 --- a/data/cisagov_F.yml +++ b/data/cisagov_F.yml @@ -2033,6 +2033,248 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000S series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS2000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V8 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V9 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH X1 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: TELLUS and V-Server + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 3 + - Version 4 + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: V-SFT + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 5 + - Version 6 + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' - vendor: Fujitsu product: '' cves: diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 88012b6..65b7c07 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: GE Digital - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35,7 +35,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Digital Grid - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -66,6 +66,549 @@ software: last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power product: Asset Performance Management (APM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed + in development environment and the team is currently deploying the fixes in + the production environment. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Baseline Security Center (BSC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power is still validating the workaround provided by FoxGuard in + Technical Information Notice – M1221-S01. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Baseline Security Center (BSC) 2.0 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the component of the BSC 2.0 that + is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded + from link in reference section. This update is available to customer only and + has not been reviewed by CISA. + references: + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Control Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Please see vCenter. Control Server is not directly impacted. It is impacted + through vCenter. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: MyFleet + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: OPM Performance Intelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: OPM Performance Planning + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Tag Mapping Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: vCenter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the update provided by Vmware. The + update and instructions can be downloaded from link in reference section. This + update is available to customer only and has not been reviewed by CISA. + references: + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Healthcare + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securityupdate.gehealthcare.com + notes: This advisory is not available at the time of this review, due to maintence + on the GE Healthcare website. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Gearset + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Genesys + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GeoServer + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GeoSolutions + product: GeoNetwork + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: GeoSolutions + product: GeoServer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: Gerrit Code Review + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.gerritcodereview.com/2021-12-13-log4j-statement.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GFI Software + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GFI Software + product: Kerio Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ghidra + product: All cves: cve-2021-4104: investigated: false @@ -88,13 +631,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: GE verifying workaround. + - https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Baseline Security Center (BSC) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ghisler + product: Total Commander cves: cve-2021-4104: investigated: false @@ -102,10 +645,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -117,14 +661,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details. + - https://www.ghisler.com/whatsnew.htm + notes: Third Party plugins might contain log4j. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Baseline Security Center (BSC) 2.0 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gigamon + product: Fabric Manager cves: cve-2021-4104: investigated: false @@ -132,9 +675,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - <5.13.01.02 unaffected_versions: [] cve-2021-45046: investigated: false @@ -147,14 +691,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details + - https://community.gigamon.com/gigamoncp/s/my-gigamon + notes: Updates available via the Gigamon Support Portal. This advisory available + to customers only and has not been reviewed by CISA. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Control Server + last_updated: '2021-12-21T00:00:00' + - vendor: GitHub + product: GitHub cves: cve-2021-4104: investigated: false @@ -162,9 +706,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - GitHub.com and GitHub Enterprise Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -177,14 +722,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: The Control Server is Affected via vCenter. There is a fix for vCenter. - Please see below. GE verifying the vCenter fix as proposed by the vendor. + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Tag Mapping Service + last_updated: '2021-12-17T00:00:00' + - vendor: GitHub + product: GitHub Enterprise Server cves: cve-2021-4104: investigated: false @@ -192,9 +736,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.0.22 + - 3.1.14 + - 3.2.6 + - 3.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -207,13 +755,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Healthcare - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: GitLab + product: All cves: cve-2021-4104: investigated: false @@ -221,10 +769,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -236,14 +785,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://securityupdate.gehealthcare.com - notes: This advisory is not available at the time of this review, due to maintence - on the GE Healthcare website. + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Gearset - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: DAST Analyzer cves: cve-2021-4104: investigated: false @@ -251,10 +799,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -266,13 +815,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021 + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Genesys - product: '' + - vendor: GitLab + product: Dependency Scanning cves: cve-2021-4104: investigated: false @@ -280,9 +829,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -295,13 +845,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GeoServer - product: '' + - vendor: GitLab + product: Gemnasium-Maven cves: cve-2021-4104: investigated: false @@ -309,9 +859,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -324,13 +875,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gerrit code review - product: '' + - vendor: GitLab + product: PMD OSS cves: cve-2021-4104: investigated: false @@ -338,9 +889,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -353,13 +905,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gerritcodereview.com/2021-12-13-log4j-statement.html + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GFI - product: '' + - vendor: GitLab + product: SAST cves: cve-2021-4104: investigated: false @@ -367,9 +919,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -382,13 +935,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ghidra - product: '' + - vendor: GitLab + product: Spotbugs cves: cve-2021-4104: investigated: false @@ -396,9 +949,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -411,13 +965,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gigamon - product: Fabric Manager + - vendor: Globus + product: All cves: cve-2021-4104: investigated: false @@ -425,9 +979,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <5.13.01.02 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -441,14 +994,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.gigamon.com/gigamoncp/s/my-gigamon - notes: Updates available via the Gigamon Support Portal. This advisory available - to customers only and has not been reviewed by CISA. + - https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: GitHub - product: GitHub + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GoAnywhere + product: Agents cves: cve-2021-4104: investigated: false @@ -459,7 +1011,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - GitHub.com and GitHub Enterprise Cloud + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -472,13 +1024,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: GitLab - product: '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Gateway cves: cve-2021-4104: investigated: false @@ -486,9 +1038,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Version 2.7.0 or later unaffected_versions: [] cve-2021-45046: investigated: false @@ -501,13 +1054,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763 + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Globus - product: '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: MFT cves: cve-2021-4104: investigated: false @@ -515,9 +1068,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Version 5.3.0 or later unaffected_versions: [] cve-2021-45046: investigated: false @@ -530,13 +1084,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4 + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-18T00:00:00' - vendor: GoAnywhere - product: Gateway + product: MFT Agents cves: cve-2021-4104: investigated: false @@ -546,7 +1100,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.8.4 + - 1.4.2 or later fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -561,12 +1115,12 @@ software: unaffected_versions: [] vendor_links: - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps - notes: '' + notes: Versions less than GoAnywhere Agent version 1.4.2 are not affected. references: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoAnywhere - product: MFT + product: Open PGP Studio cves: cve-2021-4104: investigated: false @@ -575,9 +1129,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 6.8.6 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -596,7 +1150,7 @@ software: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoAnywhere - product: MFT Agents + product: Suveyor/400 cves: cve-2021-4104: investigated: false @@ -605,10 +1159,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 1.6.5 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -626,7 +1180,7 @@ software: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoCD - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -666,7 +1220,8 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: true affected_versions: [] @@ -693,10 +1248,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -723,10 +1279,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -755,10 +1312,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -785,10 +1343,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -815,10 +1374,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -845,10 +1405,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -878,10 +1439,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -908,10 +1470,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -938,10 +1501,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -968,10 +1532,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -998,10 +1563,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1032,10 +1598,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1062,10 +1629,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1092,10 +1660,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1127,10 +1696,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1160,10 +1730,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1193,10 +1764,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1223,10 +1795,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1253,10 +1826,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1283,10 +1857,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1313,10 +1888,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1343,10 +1919,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1373,10 +1950,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1403,10 +1981,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1433,10 +2012,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1463,10 +2043,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1493,10 +2074,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1524,10 +2106,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1554,10 +2137,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1584,10 +2168,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1614,10 +2199,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1644,10 +2230,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1674,10 +2261,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1707,10 +2295,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1737,10 +2326,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1772,10 +2362,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1802,10 +2393,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1832,10 +2424,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1862,10 +2455,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1892,10 +2486,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1922,10 +2517,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1952,10 +2548,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1982,10 +2579,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2015,10 +2613,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2045,10 +2644,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2075,10 +2675,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2105,10 +2706,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2135,10 +2737,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2165,10 +2768,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2195,10 +2799,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2225,10 +2830,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2255,10 +2861,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2285,10 +2892,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2315,10 +2923,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2348,10 +2957,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2381,10 +2991,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2411,10 +3022,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2441,10 +3053,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2474,10 +3087,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2504,10 +3118,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2534,10 +3149,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2564,10 +3180,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2594,10 +3211,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2624,10 +3242,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2654,10 +3273,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2684,10 +3304,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2714,10 +3335,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2744,10 +3366,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2774,10 +3397,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2804,10 +3428,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2834,10 +3459,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2866,10 +3492,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2896,10 +3523,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2926,10 +3554,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2956,10 +3585,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2988,10 +3618,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3021,10 +3652,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3051,10 +3683,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3085,10 +3718,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3117,10 +3751,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3150,10 +3785,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3180,10 +3816,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3210,10 +3847,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3240,10 +3878,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3270,10 +3909,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3300,10 +3940,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3330,10 +3971,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3362,10 +4004,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3392,10 +4035,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3422,10 +4066,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3452,10 +4097,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3482,10 +4128,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3512,10 +4159,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3542,10 +4190,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3575,10 +4224,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3605,10 +4255,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3635,10 +4286,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3665,10 +4317,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3695,10 +4348,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3732,10 +4386,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3762,10 +4417,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3792,10 +4448,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3822,10 +4479,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3855,10 +4513,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3885,10 +4544,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3915,10 +4575,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3945,10 +4606,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3975,10 +4637,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4005,10 +4668,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4038,10 +4702,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4068,10 +4733,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4098,10 +4764,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4128,10 +4795,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4158,10 +4826,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4188,10 +4857,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4218,10 +4888,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4248,10 +4919,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4278,10 +4950,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4308,10 +4981,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4338,10 +5012,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4368,10 +5043,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4398,10 +5074,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4428,10 +5105,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4458,10 +5136,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4488,10 +5167,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4518,10 +5198,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4548,10 +5229,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4578,10 +5260,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4608,10 +5291,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4630,7 +5314,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Gradle - product: Gradle + product: All cves: cve-2021-4104: investigated: false @@ -4638,10 +5322,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4668,9 +5353,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - < 2021.3.6 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -4698,9 +5383,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - < 10.1 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -4728,9 +5413,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - < 1.6.2 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -4749,7 +5434,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grafana - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4757,10 +5442,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4778,7 +5464,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grandstream - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5016,8 +5702,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee.io - product: '' + - vendor: Gravwell + product: All cves: cve-2021-4104: investigated: false @@ -5025,10 +5711,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5040,13 +5727,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products + notes: Gravwell products do not use Java. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravwell - product: '' + - vendor: Graylog + product: All cves: cve-2021-4104: investigated: false @@ -5054,9 +5741,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.3.15 + - 4.0.14 + - 4.1.9 + - 4.2.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5069,8 +5760,10 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products - notes: '' + - https://www.graylog.org/post/graylog-update-for-log4j + notes: The vulnerable Log4j library is used to record GrayLogs own log information. + Vulnerability is not triggered when GrayLog stores exploitation vector from + an outer system. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -5084,9 +5777,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - All versions >= 1.2.0 and <= 4.2.2 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -5105,7 +5798,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GreenShot - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5113,10 +5806,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5162,8 +5856,38 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: GuardedBox + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 3.1.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/GuardedBox/status/1469739834117799939 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Guidewire - product: '' + product: All cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_J.yml b/data/cisagov_J.yml index d58b98c..d50fefe 100644 --- a/data/cisagov_J.yml +++ b/data/cisagov_J.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: Jamasoftware - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -34,7 +34,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jamf - product: Jamf Pro + product: Jamf Cloud cves: cve-2021-4104: investigated: false @@ -43,9 +43,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 10.31.0 – 10.34.0 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -63,8 +63,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Janitza - product: GridVis + - vendor: Jamf + product: Jamf Connect cves: cve-2021-4104: investigated: false @@ -76,7 +76,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.82 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -88,13 +88,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.janitza.com/us/gridvis-download.html + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Jaspersoft - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Data Policy cves: cve-2021-4104: investigated: false @@ -102,10 +102,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -117,13 +118,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jedox - product: '' + - vendor: Jamf + product: Jamf Health Care Listener cves: cve-2021-4104: investigated: false @@ -131,10 +132,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -146,13 +148,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.jedox.com/en/trust/ + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jenkins - product: CI/CD Core + - vendor: Jamf + product: Jamf Infrastructure Manager cves: cve-2021-4104: investigated: false @@ -160,10 +162,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -174,13 +177,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jenkins - product: Plugins + - vendor: Jamf + product: Jamf Now cves: cve-2021-4104: investigated: false @@ -188,10 +192,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -203,14 +208,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ - notes: '[Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/)' + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: JetBrains - product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, - dotCover, dotPeek) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Private Access cves: cve-2021-4104: investigated: false @@ -222,7 +226,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -234,13 +238,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jetbrains - product: Code With Me + - vendor: Jamf + product: Jamf Pro (On-Prem) cves: cve-2021-4104: investigated: false @@ -251,7 +255,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - 10.34.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -264,13 +268,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Datalore + - vendor: Jamf + product: Jamf Protect cves: cve-2021-4104: investigated: false @@ -282,7 +286,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -294,13 +298,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Floating license server + - vendor: Jamf + product: Jamf School cves: cve-2021-4104: investigated: false @@ -310,9 +314,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '30211' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -324,13 +328,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Gateway + - vendor: Jamf + product: Jamf Threat Defense cves: cve-2021-4104: investigated: false @@ -342,7 +346,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -354,13 +358,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Hub + - vendor: Janitza + product: GridVis cves: cve-2021-4104: investigated: false @@ -370,9 +374,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 2021.1.14080 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - 8.0.82 cve-2021-45046: investigated: false affected_versions: [] @@ -384,15 +388,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/ + - https://www.janitza.com/us/gridvis-download.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, - IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, - Rider, RubyMine, WebStorm) + last_updated: '2022-01-05T00:00:00' + - vendor: Jaspersoft + product: All cves: cve-2021-4104: investigated: false @@ -400,11 +402,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -416,13 +417,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Kotlin + - vendor: Java Melody + product: All cves: cve-2021-4104: investigated: false @@ -432,9 +433,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Unknown + fixed_versions: + - 1.90.0 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -446,13 +447,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://github.com/javamelody/javamelody/wiki/ReleaseNotes notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Ktor + - vendor: Jedox + product: All cves: cve-2021-4104: investigated: false @@ -460,11 +461,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -476,13 +476,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.jedox.com/en/trust/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: MPS + - vendor: Jenkins + product: CI cves: cve-2021-4104: investigated: false @@ -494,7 +494,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -506,13 +506,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Space + - vendor: Jenkins + product: CI/CD Core cves: cve-2021-4104: investigated: false @@ -524,7 +524,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -536,13 +536,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: TeamCity + - vendor: Jenkins + product: Plugins cves: cve-2021-4104: investigated: false @@ -550,11 +550,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -566,13 +565,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://youtrack.jetbrains.com/issue/TW-74298 + - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ notes: '' references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' + - '[Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/)' + last_updated: '2021-12-16T00:00:00' - vendor: JetBrains - product: ToolBox + product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, + dotCover, dotPeek) cves: cve-2021-4104: investigated: false @@ -584,7 +584,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -601,8 +601,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: UpSource + - vendor: Jetbrains + product: Code With Me cves: cve-2021-4104: investigated: false @@ -613,7 +613,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 2020.1.1952 + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -632,7 +632,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: YouTrack InCloud + product: Datalore cves: cve-2021-4104: investigated: false @@ -642,9 +642,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -662,7 +662,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: YouTrack Standalone + product: Floating License Server cves: cve-2021-4104: investigated: false @@ -673,7 +673,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 2021.4.35970 + - '30241' unaffected_versions: [] cve-2021-45046: investigated: false @@ -686,13 +686,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JFROG - product: '' + - vendor: JetBrains + product: Gateway cves: cve-2021-4104: investigated: false @@ -700,10 +700,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -715,13 +716,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jitsi - product: '' + - vendor: JetBrains + product: Hub cves: cve-2021-4104: investigated: false @@ -729,9 +730,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2021.1.14080 unaffected_versions: [] cve-2021-45046: investigated: false @@ -744,13 +746,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md + - https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jitterbit - product: '' + - vendor: JetBrains + product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, + IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, + Rider, RubyMine, WebStorm) cves: cve-2021-4104: investigated: false @@ -758,10 +762,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -773,13 +778,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Johnson Controls - product: BCPro + - vendor: JetBrains + product: Kotlin cves: cve-2021-4104: investigated: false @@ -791,7 +796,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -803,13 +808,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CEM AC2000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Ktor cves: cve-2021-4104: investigated: false @@ -821,7 +826,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -833,13 +838,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CEM Hardware Products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: MPS cves: cve-2021-4104: investigated: false @@ -851,7 +856,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -863,13 +868,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CloudVue Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Space cves: cve-2021-4104: investigated: false @@ -881,7 +886,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -893,13 +898,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CloudVue Web + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: TeamCity cves: cve-2021-4104: investigated: false @@ -911,7 +916,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -923,13 +928,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://youtrack.jetbrains.com/issue/TW-74298 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: ToolBox cves: cve-2021-4104: investigated: false @@ -941,7 +946,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.90.x (all 2.90 versions) + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -953,13 +958,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: UpSource cves: cve-2021-4104: investigated: false @@ -969,9 +974,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 2.80.x (all 2.80 versions) + fixed_versions: + - 2020.1.1952 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -983,15 +988,75 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 - cves: - cve-2021-4104: + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: YouTrack InCloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: YouTrack Standalone + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2021.4.35970 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JFrog + product: All + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] @@ -1001,7 +1066,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.70 (All versions) + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1013,13 +1078,102 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JGraph + product: DrawIO + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/jgraph/drawio/issues/2490 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jitsi + product: jitsi-videobridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v2.1-595-g3637fda42 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jitterbit + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Johnson Controls - product: C•CURE‐9000 + product: Athena cves: cve-2021-4104: investigated: false @@ -1031,7 +1185,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.60 (All versions) + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1049,7 +1203,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: DLS + product: BCPro cves: cve-2021-4104: investigated: false @@ -1061,7 +1215,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1079,7 +1233,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Entrapass + product: CEM AC2000 cves: cve-2021-4104: investigated: false @@ -1091,7 +1245,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1109,7 +1263,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: exacqVision Client + product: CEM Hardware Products cves: cve-2021-4104: investigated: false @@ -1121,7 +1275,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1139,7 +1293,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: exacqVision Server + product: CK721-A (P2000) cves: cve-2021-4104: investigated: false @@ -1151,7 +1305,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1169,7 +1323,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: exacqVision WebService + product: CloudVue Gateway cves: cve-2021-4104: investigated: false @@ -1181,7 +1335,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1199,7 +1353,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Facility Explorer + product: CloudVue Web cves: cve-2021-4104: investigated: false @@ -1211,7 +1365,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 14.x + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1229,7 +1383,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Illustra Cameras + product: Connect24 cves: cve-2021-4104: investigated: false @@ -1241,7 +1395,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1259,7 +1413,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Illustra Insight + product: Connected Equipment Gateway (CEG) cves: cve-2021-4104: investigated: false @@ -1271,7 +1425,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1289,7 +1443,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: iSTAR + product: C•CURE Client cves: cve-2021-4104: investigated: false @@ -1301,7 +1455,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1319,7 +1473,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Metasys Products and Tools + product: C•CURE Server cves: cve-2021-4104: investigated: false @@ -1331,7 +1485,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1349,7 +1503,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: PowerSeries NEO + product: C•CURE Web cves: cve-2021-4104: investigated: false @@ -1361,7 +1515,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1379,7 +1533,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: PowerSeries Pro + product: C•CURE-9000 cves: cve-2021-4104: investigated: false @@ -1391,7 +1545,10 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 2.90.x + - 2.80.x + - 2.70.x + - 2.60.x cve-2021-45046: investigated: false affected_versions: [] @@ -1409,7 +1566,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Qolsys IQ Panels + product: DataSource cves: cve-2021-4104: investigated: false @@ -1421,7 +1578,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1439,7 +1596,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Sur‐Gard Receivers + product: DLS cves: cve-2021-4104: investigated: false @@ -1469,7 +1626,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Tyco AI + product: Entrapass cves: cve-2021-4104: investigated: false @@ -1481,7 +1638,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1499,7 +1656,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: victor + product: exacqVision Client cves: cve-2021-4104: investigated: false @@ -1511,7 +1668,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 5.x + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1529,7 +1686,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: victor/ C•CURE‐9000 Unified + product: exacqVision Server cves: cve-2021-4104: investigated: false @@ -1541,7 +1698,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1559,7 +1716,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: victor/ C•CURE‐9000 Unified + product: exacqVision WebService cves: cve-2021-4104: investigated: false @@ -1571,7 +1728,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.91.x / victor 5.6.1 / C•CURE‐9000 2.90 + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1589,7 +1746,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: VideoEdge + product: Facility Explorer cves: cve-2021-4104: investigated: false @@ -1601,7 +1758,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 5.x + - 14.x cve-2021-45046: investigated: false affected_versions: [] @@ -1618,8 +1775,8 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Journyx - product: '' + - vendor: Johnson Controls + product: Illustra Cameras cves: cve-2021-4104: investigated: false @@ -1627,10 +1784,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1642,13 +1800,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228- + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: jPOS - product: (ISO-8583) bridge + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Illustra Insight cves: cve-2021-4104: investigated: false @@ -1660,7 +1818,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1672,13 +1830,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jump Desktop - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: iSTAR cves: cve-2021-4104: investigated: false @@ -1686,10 +1844,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1701,13 +1860,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Kantech Entrapass cves: cve-2021-4104: investigated: false @@ -1715,10 +1874,2196 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Metasys Products and Tools + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All versions + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Active Responder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Bridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Chiller Utility Plant Optimizer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Connected Chiller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Enterprise Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Location Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Risk Insight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Twin + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Workplace + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: P2000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: PowerSeries NEO + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: PowerSeries Pro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Qolsys IQ Panels + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: RFID Overhead360 Backend + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: S321-IP (P2000) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Analytics (STaN) - Traffic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Market Intelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Perimeter Apps + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Shopper Journey + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Video Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Sur‐Gard Receivers + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: TrueVue Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Tyco AI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All versions + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: victor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 5.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: victor/ C•CURE‐9000 Unified + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 and 3.91.x / victor 5.6.1 / C•CURE‐9000 + 2.90 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: VideoEdge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 5.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Xaap + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Journyx + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228- + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: jPOS + product: (ISO-8583) bridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jump Desktop + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Advanced Threat Prevention (JATP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: AppFormix + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Apstra System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Apstra System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Connectivity Services Director + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Networking + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Service Orchestration + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Cross Provisioning Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: CTPOS and CTPView + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: ICEAAA Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: JATP Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Juniper Identity Management Services (JIMS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Juniper Mist Edge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Juniper Sky Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Junos OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Junos OS Evolved + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Junos Space Network Management Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST - Juniper Networks Marvis Virtual Network Assistant (VNA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST - Juniper Networks Mist AI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST - Juniper Networks Wi-Fi Assurance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST - Juniper Networks Wired Assurance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Mist Access Points + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Any version on AP12, AP21, AP32, AP33, AP34, AP41, AP43, AP45, AP61, AP63 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Network Director + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Northstar Controller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Northstar Planner + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Paragon Insights + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>= 21 version 21.1 ; >= 22 version 22.2' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Paragon Pathfinder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>= 21 version 21.1 ; >= 22 version 22.2' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Paragon Planner + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>= 21 version 21.1 ; >= 22 version 22.2' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Policy Enforcer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Products using Wind River Linux in Junos OS and Junos OS Evolved + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: ScreenOS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: SecIntel + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Secure Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Security Director + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Security Director Insights + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Session Smart Router (Formerly 128T) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Space SDK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Standalone Log Collector 20.1 (as also used by Space Security Director) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: User Engagement Virtual BLE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1736,7 +4081,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Justice Systems - product: '' + product: All cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index 7149f4a..2f4d413 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: K15t - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -34,7 +34,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: K6 - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -62,8 +62,68 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn SaaS in the classic Learn experience + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v3900.28.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn Self- and Managed-Hosting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v3900.26.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' - vendor: Karakun - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -92,7 +152,37 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kaseya - product: '' + product: AuthAnvil + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: BMS cves: cve-2021-4104: investigated: false @@ -100,10 +190,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: ID Agent DarkWeb ID and BullPhish ID + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -119,9 +240,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Keeper Security - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: IT Glue cves: cve-2021-4104: investigated: false @@ -129,10 +250,341 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: MyGlue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Network Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Passly + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: RocketCyber + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spannign Salesforce Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spanning O365 Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Unitrends + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Vorex + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: VSA SaaS and VSA On-Premises + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: KeePass + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keeper + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -149,8 +601,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP - product: '' + - vendor: Kemp + product: All cves: cve-2021-4104: investigated: false @@ -175,11 +627,41 @@ software: vendor_links: - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit notes: '' + references: + - '[Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-)' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keycloak + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/keycloak/keycloak/discussions/9078 + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP 2 - product: '' + - vendor: Kofax + product: Capture cves: cve-2021-4104: investigated: false @@ -187,10 +669,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Communication Manager + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.3 - 5.5 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -202,13 +715,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228- + - https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kofax - product: '' + product: Robot File System (RFS) cves: cve-2021-4104: investigated: false @@ -216,10 +729,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=10.7' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Robotic Process Automation (RPA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '11.1' + - '11.2' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -231,13 +776,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228) + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Konica Minolta - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -266,7 +811,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kronos UKG - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -295,7 +840,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kyberna - product: '' + product: All cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_Non-Alphabet.yml b/data/cisagov_Non-Alphabet.yml index 082f969..0a182af 100644 --- a/data/cisagov_Non-Alphabet.yml +++ b/data/cisagov_Non-Alphabet.yml @@ -154,4 +154,35 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: 7Signal + product: Sapphire + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.7signal.com/info/se-release-notes + notes: Fix released 2021-12-14 + references: + - '' + last_updated: '2021-12-14T00:00:00' ... diff --git a/data/cisagov_Q.yml b/data/cisagov_Q.yml index 7062f16..5f2d36c 100644 --- a/data/cisagov_Q.yml +++ b/data/cisagov_Q.yml @@ -4,8 +4,841 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: + - vendor: Qconference + product: FaceTalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://qconferencing.com/status-vulnerability-log4j-en-qconferencing/ + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' - vendor: QF-Test - product: '' + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Qlik + product: AIS, including ARC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Attunity Visibility + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: AutoML + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Blendr + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DW + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - 6.6.1 + - '7.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.10.0 + - 4.10.1 + - 4.10.2 + - 4.11.0 + - 4.11.1 + - 4.12.0 + - 4.12.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2021.2' + - '2021.5' + - '2021.8' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Lakes + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6.6' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869987 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Wharehouses + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6.6' + - 6.6.1 + - '7.0' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869990 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Plus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.26.5 + - 5.27.5 - 5.28.2 + - 5.29.4 - 5.30.1 + - 5.31.1 + - 5.31.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.19.1 - 4.27.3 + - 4.23.4 + - 4.32.3 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nodegraph + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nprinting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: ODBC Connector Package + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: QEM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Alerting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - May 2021 release and after + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Data Transfer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Enterprise Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869994 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Forts + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik RepliWeb and ARC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Business + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise SaaS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik View cves: cve-2021-4104: investigated: false @@ -13,10 +846,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Web Connectors + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -28,13 +892,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: Qlik - product: '' + product: Replicate cves: cve-2021-4104: investigated: false @@ -42,10 +906,44 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: REST Connectors + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -61,7 +959,37 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Salesforce and SAP Connectors + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: Connectos are not affected. + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: QMATIC product: Appointment Booking cves: @@ -72,9 +1000,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 2.4+ - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -102,9 +1030,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Cloud/Managed Service - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -132,9 +1060,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Cloud - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -183,7 +1111,67 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: QNAP - product: '' + product: QES Operating System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: Qsirch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QTS Operating System cves: cve-2021-4104: investigated: false @@ -191,10 +1179,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QuTS Hero Operating System + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -212,7 +1231,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: QOPPA - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -240,8 +1259,37 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QOS.ch + product: SLF4J Simple Logging Facade for Java + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.slf4j.org/log4shell.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: QSC Q-SYS - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -270,7 +1318,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: QT - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -298,8 +1346,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Quest Global - product: '' + - vendor: Quest + product: Foglight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '5.9' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Foglight cves: cve-2021-4104: investigated: false @@ -307,10 +1385,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Quest KACE SMA + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index b2629d1..74a2c36 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -14,9 +14,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 4.2.x < 4.8.1.3 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -35,7 +35,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Wallarm - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -63,8 +63,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wallix + product: Access Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.wallix.com/fr/support/alerts/ + notes: Customer Portal for patch found in advisory. This patch is available to + customer only and has not been reviewed by CISA. + references: + - '' - vendor: Wasp Barcode technologies - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -92,8 +122,158 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Watcher + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/felix_hrn/status/1470387338001977344 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: AuthPoint + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Dimension + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: EDPR and Panda AD360 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Firebox + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WatchGuard - product: Secplicity + product: System Manager, Dimension, and Panda AD360 cves: cve-2021-4104: investigated: false @@ -101,10 +281,71 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Threat Detection and Response + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Wi-Fi Cloud + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -116,7 +357,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/ + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' @@ -160,9 +401,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 2.2 and prior - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -190,9 +431,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 1.30 and prior - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -210,6 +451,42 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: WildFly + product: All + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - < 22 + - '> 26.0.0.Final' + - '>= 22' + - <= 26.0.0.Beta1 + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/ + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' - vendor: Wind River product: LTS17 cves: @@ -484,7 +761,7 @@ software: - '' last_updated: '2022-01-21T00:00:00' - vendor: WireShark - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -492,10 +769,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -507,13 +785,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://gitlab.com/wireshark/wireshark/-/issues/17783 + - https://www.wireshark.org/news/20211215.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: Wistia - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -542,7 +820,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: WitFoo - product: '' + product: Precinct cves: cve-2021-4104: investigated: false @@ -552,7 +830,8 @@ software: cve-2021-44228: investigated: false affected_versions: [] - fixed_versions: [] + fixed_versions: + - 6.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -566,12 +845,13 @@ software: unaffected_versions: [] vendor_links: - https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ - notes: '' + notes: WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See + advisory. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: WordPress - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -579,10 +859,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -600,7 +881,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Worksphere - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -629,7 +910,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Wowza - product: '' + product: Streaming Engine cves: cve-2021-4104: investigated: false @@ -637,9 +918,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.7.8 + - 4.8.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -658,7 +941,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: WSO2 - product: WSO2 Enterprise Integrator + product: API Manager cves: cve-2021-4104: investigated: false @@ -667,10 +950,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.1.0 and above + affected_versions: [] + fixed_versions: + - '>= 3.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: API Manager Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 2.6.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -683,8 +996,458 @@ software: unaffected_versions: [] vendor_links: - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 6.1.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 6.6.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.9.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.7.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server as Key Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.9.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 3.2.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.1.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Dashboard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 4.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Monitoring Dashboard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking AM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 2.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking BI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.3.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking KM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 2.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator Tooling + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Processor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 4.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' ... diff --git a/data/cisagov_X.yml b/data/cisagov_X.yml index b107a72..b24b300 100644 --- a/data/cisagov_X.yml +++ b/data/cisagov_X.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: XCP-ng - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -13,10 +13,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -63,7 +64,277 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: '' + product: AltaLink Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: CareAR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 8700 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 8870 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 8880 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 9201 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 9301 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: DocuCentre SC2020 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ElemX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Core cves: cve-2021-4104: investigated: false @@ -71,10 +342,2981 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Express to Print + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Makeready + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Output Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Print Manager - APP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Variable Information Suite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Nuvera EA Perfecting Production Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Nuvera EA Production Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3300 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3320 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3330 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3435 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3600 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3610 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3635 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 4510 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 4622 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6020 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6022 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6280 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6510 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6600 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6700 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 7800 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 8860 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: PrimeLink Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Versalink Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 33xx + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 3615 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 4260 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 4265 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5135 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5150 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5225 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5230 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 53XX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5645 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5655 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5740 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5745 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5755 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5765 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 58XX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5945 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5955 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6025 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6400 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6515 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6605 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6655 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7425 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7435 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7525 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7535 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7556 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7830 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7835 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7855 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7970i + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre ECXX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Account Payable Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox App Gallery + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B1022/25 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B225 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B230 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B235 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B310 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Baltoro HF Inkjet Press + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Branded ConnectKey Applications + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C230 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C235 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C310 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Campaigns on Demand + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Color EC70 Printer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D110 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D125 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D95A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Digital Mailroom Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ECXX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ED125 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ED95A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox iGen 5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Instant Print Kiosk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Intelligent Workplace Services (All Including XDM, XDA, CWW) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Iridesse Production Press + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox J75 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Print and Scan Experience + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Team Availability Application + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 180 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 280 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 3100 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 4100 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workflow Central Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workplace Kiosk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workplace Suite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workspace Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: XMPie Data-Driven Print and VDP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: XMPie Omnichannel Communications + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: XMPie Web to Print + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86,7 +3328,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://securitydocs.business.xerox.com/wp-content/uploads/2021/12/Xerox-Special-Bulletin-XRX21-021-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.6.pdf + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' diff --git a/data/cisagov_Y.yml b/data/cisagov_Y.yml index cc2fe73..006fd08 100644 --- a/data/cisagov_Y.yml +++ b/data/cisagov_Y.yml @@ -4,6 +4,40 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: + - vendor: Yahoo + product: Vespa + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://blog.vespa.ai/log4j-vulnerability/ + notes: Your Vespa application may still be affected if log4j is included in your + application package. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Yellowbrick product: '' cves: @@ -34,7 +68,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: YellowFin - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -42,10 +76,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 8.0.10.3, 9.7.0.2 + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 + notes: v7 and v6 releases are not affected unless you have manually upgraded to + Log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Yenlo + product: Connext + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 2.x cve-2021-45046: investigated: false affected_versions: [] @@ -57,13 +123,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 - notes: '' + - https://www.yenlo.com/news/vulnerability-code-log4shell-log4j2/ + notes: Connext Platform (Managed WSO2 Cloud) and all underlying middleware components + are not vulnerable. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: YOKOGAWA - product: '' + product: CENTUM VP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: CENTUM VP (other components) cves: cve-2021-4104: investigated: false @@ -71,10 +167,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier is + still under investigation. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: CI Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -91,8 +219,188 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: YSoft SAFEQ - product: '' + - vendor: YOKOGAWA + product: Exaopc + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: Exaplog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: Exaquantum + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: FAST/TOOLS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: PRM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: ProSafe-RS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: ProSafe-RS Lite cves: cve-2021-4104: investigated: false @@ -100,10 +408,101 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: STARDOM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: VTSPortal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YSoft + product: SAFEQ 4 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -119,5 +518,66 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 6 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - <=6.0.63 + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' ... diff --git a/data/cisagov_Z.yml b/data/cisagov_Z.yml index 13f553c..9cc36a6 100644 --- a/data/cisagov_Z.yml +++ b/data/cisagov_Z.yml @@ -120,6 +120,192 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Zeiss + product: Cataract Suite + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.3.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: EQ Workplace + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.6, 1.8 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: FORUM + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.2.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Glaucoma Workplace + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 3.5.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Laser Treatment Workplace + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Retina Workplace + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.5.x, 2.6.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' - vendor: Zendesk product: All Products cves: @@ -212,34 +398,137 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Zerto - product: '' + product: Cloud Appliance cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://help.zerto.com/kb/000004822 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Cloud Manager + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zerto.com/kb/000004822 + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Virtual Manager + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zerto.com/kb/000004822 + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Virtual Replication Appliance + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zerto.com/kb/000004822 + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' - vendor: Zesty product: '' cves: @@ -327,29 +616,66 @@ software: references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: Zoom - product: '' + - vendor: Zoho + product: Online cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zoho.com/portal/en/community/topic/update-on-the-recent-apache-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zoom + product: '' + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' vendor_links: - https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache notes: '' @@ -444,13 +770,80 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zyxel - product: Security Firewall/Gateways + product: All other products cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Zyxel + product: Netlas Element Management System (EMS) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability + notes: Hotfix availibility Dec. 20 2021. Patch availability in end of Feb. 2022. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Zyxel + product: Security Firewall/Gateways + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] @@ -459,15 +852,17 @@ software: - ZLD Firmware Security Services - Nebula cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability notes: ''