diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 45a5a86..93ed32f 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -45,6 +45,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Adeptia | | | | Unknown | [link](https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Adobe ColdFusion | | | | Unknown | [link](https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ADP | | | | Unknown | [link](https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Advanced Micro Devices (AMD) | All | | | Not Affected | [link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Advanced Systems Concepts (formally Jscape) | Active MFT | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Advanced Systems Concepts (formally Jscape) | MFT | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Advanced Systems Concepts (formally Jscape) | MFT Gateway | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | @@ -202,12 +203,12 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Barco | | | | Unknown | [link](https://www.barco.com/en/support/knowledge-base/kb12495) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Barracuda | | | | Unknown | [link](https://www.barracuda.com/company/legal/trust-center) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Baxter | | | | Unknown | [link](https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | APEX® Compounder | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | Outlook® Safety Infusion System Pump family | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | Pinnacle® Compounder | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | Pump, SpaceStation, and Space® Wireless Battery) | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® Space® Infusion | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BBraun | APEX® Compounder | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software | | All | Fixed | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Outlook® Safety Infusion System Pump family | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Pinnacle® Compounder | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Pump, SpaceStation, and Space® Wireless Battery) | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® Space® Infusion | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | | BD | Arctic Sun™ Analytics | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | BD | BD Diabetes Care App Cloud | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | BD | BD HealthSight™ Clinical Advisor | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | @@ -221,7 +222,75 @@ NOTE: This file is automatically generated. To submit updates, please refer to | BD | BD Knowledge Portal for Medication Technologies | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | BD | BD Synapsys™ Informatics Solution | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | BD | BD Veritor™ COVID At Home Solution Cloud | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Beckman Coulter | | | | Unknown | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Beckman Coulter | Access 2 (Immunoassay System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Ac•T 5diff (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Ac•T Family (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU2700 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU480 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU5400 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU5800 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU640 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU680 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AutoMate 1200 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AutoMate 1250 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AutoMate 2500 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AutoMate 2550 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxA 5000 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxA 5000 Fit (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 500 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 520 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 560 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 600 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 690T (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 800 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 900 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH SMS (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH SMS II (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxM Autoplak (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxM WalkAway 1040 (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxM WalkAway 1096 (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxONE Command Central (Information Systems) | | All | Fixed | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | Customers can follow instructions to remove log4j | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxONE Insights (Information Systems) | | | Fixed | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | Patch has been applied. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxONE Inventory Manager (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxONE Workflow Manager (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxU Workcell (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxUc (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxUm (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | HighFlexX Software (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | HmX (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | HmX AL (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | iChemVELOCITY (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | IMMAGE 800 (Nephelometry) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Intelligent Sample Banking ISB (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Ipaw (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | iQ Workcell (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | iQ200 (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | iRICELL (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LabPro Workstation and Database Computers Provided by Beckman Coulter (Microbiology) | All | | Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | The only known instance of vulnerability due to Log4J is using Axeda services | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH 500 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH Slidemaker (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH Slidestraine (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH750 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH780 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH785 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | MicroScan autoSCAN-4 (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | PK7300 (Blood Bank) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | PK7400 (Blood Bank) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Power Express (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Power Link (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Power Processor (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | PROService (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | RAP Box (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | REMISOL ADVANCE (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Sorting Drive (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Unicel DxC 600 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Unicel DxC 800 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Unicel DxI 600 (Immunoassay System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Unicel DxI 800 (Immunoassay System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | WalkAway 40 plus (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | WalkAway 40 SI (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | WalkAway 96 plus (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | WalkAway 96 SI (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | | Beijer Electronics | acirro+ | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Beijer Electronics | BFI frequency inverters | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Beijer Electronics | BSD servo drives | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | @@ -346,14 +415,16 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Campbell Scientific | All | | | Unknown | [link](https://s.campbellsci.com/documents/us/miscellaneous/log4j2-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | | Camunda | | | | Unknown | [link](https://forum.camunda.org/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228/31910) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Canary Labs | All | | | Unknown | [link](https://helpcenter.canarylabs.com/t/83hjjk0/log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | Alphenix (Angio Workstation) | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | CT Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | Infinix-i (Angio Workstation) | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | MR Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | NM Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | UL Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | Vitrea Advanced 7.x | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | XR Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Canon | Canon DR Products CXDI_NE) | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | Such as Omnera, FlexPro, Soltus | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | CT Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | Eye-Care Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | MR Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | NM Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | UL Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | Vitrea Advanced 7.x | All | | Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | VL Alphenix Angio Workstation (AWS) | All | | Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | VL Infinix-i Angio Workstation (AWS) | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | XR Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | CapStorm | Copystorm | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | CarbonBlack | | | | Unknown | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Carestream | | | | Unknown | [link](https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | @@ -1081,7 +1152,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | ESRI | Portal for ArcGIS | | All | Fixed | [link](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/) | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Estos | | | | Unknown | [link](https://support.estos.de/de/sicherheitshinweise/estos-von-kritischer-schwachstelle-in-log4j-cve-2021-44228-nicht-betroffen) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Evolveum Midpoint | | | | Unknown | [link](https://evolveum.com/midpoint-not-vulnerable-to-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Ewon | | | | Unknown | [link](https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ewon | All | | | Not Affected | [link](https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Exabeam | | | | Unknown | [link](https://community.exabeam.com/s/discussions?t=1639379479381) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Exact | | | | Unknown | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Exivity | | | | Unknown | [link](https://docs.exivity.com/getting-started/releases/announcements#announcement-regarding-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1158,166 +1229,192 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Fortinet | FortiWeb Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Fortinet | ShieldX | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | FTAPI | | | | Unknown | [link](https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/#) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fuji Electric | MONITOUCH TS1000 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH TS1000S series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH TS2000 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH V8 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH V9 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH X1 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | TELLUS and V-Server | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | V-SFT | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Fujitsu | | | | Unknown | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | FusionAuth | FusionAuth | | | Not Affected | [link](https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GE Digital | | | | Unknown | [link](https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Digital Grid | | | | Unknown | [link](https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Asset Performance Management (APM) | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | GE verifying workaround. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Baseline Security Center (BSC) | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | Vulnerability to be fixed by vendor provided workaround. No user actions necessary. Contact GE for details. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Baseline Security Center (BSC) 2.0 | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | Vulnerability to be fixed by vendor provided workaround. No user actions necessary. Contact GE for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Control Server | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | The Control Server is Affected via vCenter. There is a fix for vCenter. Please see below. GE verifying the vCenter fix as proposed by the vendor. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Tag Mapping Service | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Digital | All | | | Unknown | [link](https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Digital Grid | All | | | Unknown | [link](https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Asset Performance Management (APM) | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently deploying the fixes in the production environment. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Baseline Security Center (BSC) | | | Affected | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power is still validating the workaround provided by FoxGuard in Technical Information Notice – M1221-S01. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Baseline Security Center (BSC) 2.0 | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. | [Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Control Server | | | Affected | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | MyFleet | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | OPM Performance Intelligence | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | OPM Performance Planning | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Tag Mapping Service | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | vCenter | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power has tested and validated the update provided by Vmware. The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. | [Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | GE Healthcare | | | | Unknown | [link](https://securityupdate.gehealthcare.com) | This advisory is not available at the time of this review, due to maintence on the GE Healthcare website. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Gearset | | | | Unknown | [link](https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Genesys | | | | Unknown | [link](https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GeoServer | | | | Unknown | [link](http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gerrit code review | | | | Unknown | [link](https://www.gerritcodereview.com/2021-12-13-log4j-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GFI | | | | Unknown | [link](https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Ghidra | | | | Unknown | [link](https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gigamon | Fabric Manager | <5.13.01.02 | | Affected | [link](https://community.gigamon.com/gigamoncp/s/my-gigamon) | Updates available via the Gigamon Support Portal. This advisory available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Gearset | All | | | Unknown | [link](https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Genesys | All | | | Unknown | [link](https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GeoServer | All | | | Unknown | [link](http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GeoSolutions | GeoNetwork | | A, l, l | Fixed | [link](https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| GeoSolutions | GeoServer | | | Not Affected | [link](https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Gerrit Code Review | All | | | Unknown | [link](https://www.gerritcodereview.com/2021-12-13-log4j-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GFI Software | All | | | Unknown | [link](https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GFI Software | Kerio Connect | | | Fixed | [link](https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ghidra | All | | | Unknown | [link](https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ghisler | Total Commander | | | Not Affected | [link](https://www.ghisler.com/whatsnew.htm) | Third Party plugins might contain log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gigamon | Fabric Manager | | <5.13.01.02 | Fixed | [link](https://community.gigamon.com/gigamoncp/s/my-gigamon) | Updates available via the Gigamon Support Portal. This advisory available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | GitHub | GitHub | | GitHub.com and GitHub Enterprise Cloud | Fixed | [link](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| GitLab | | | | Unknown | [link](https://forum.gitlab.com/t/cve-2021-4428/62763) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Globus | | | | Unknown | [link](https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GoAnywhere | Gateway | < 2.8.4 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | -| GoAnywhere | MFT | < 6.8.6 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | -| GoAnywhere | MFT Agents | < 1.6.5 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | -| GoCD | | | | Unknown | [link](https://www.gocd.org/2021/12/14/log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitHub | GitHub Enterprise Server | | 3.0.22, 3.1.14, 3.2.6, 3.3.1 | Fixed | [link](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| GitLab | All | | | Not Affected | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | DAST Analyzer | | | Not Affected | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | Dependency Scanning | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | Gemnasium-Maven | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | PMD OSS | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | SAST | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | Spotbugs | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Globus | All | | | Unknown | [link](https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GoAnywhere | Agents | | | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | Gateway | | Version 2.7.0 or later | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | MFT | | Version 5.3.0 or later | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | MFT Agents | 1.4.2 or later | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | Versions less than GoAnywhere Agent version 1.4.2 are not affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | Open PGP Studio | | | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | Suveyor/400 | | | Not Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoCD | All | | | Unknown | [link](https://www.gocd.org/2021/12/14/log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Google | Chrome | | | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 | -| Google Cloud | Access Transparency | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Actifio | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) for the full statement and to obtain the hotfix (available to Actifio customers only). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AI Platform Data Labeling | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AI Platform Neural Architecture Search (NAS) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AI Platform Training and Prediction | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Config Management | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Connect | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Hub | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Identity Service | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos on VMWare | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds to their VMware products as they become available. We also recommend customers review their respective applications and workloads affected by the same vulnerabilities and apply appropriate patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Premium Software | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Service Mesh | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Apigee | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not used and therefore the VMs were not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. It is possible that customers may have introduced custom resources that are using vulnerable versions of Log4j. We strongly encourage customers who manage Apigee environments to identify components dependent on Log4j and update them to the latest version. Visit the Apigee Incident Report for more information. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Google Cloud | App Engine | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage App Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AppSheet | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At this time, we have identified no impact to core AppSheet functionality. Additionally, we have patched one Java-based auxiliary service in our platform. We will continue to monitor for affected services and patch or remediate as required. If you have any questions or require assistance, contact AppSheet Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Artifact Registry | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Assured Workloads | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Natural Language | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Tables | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Translation | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Video | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Vision | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | BigQuery | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | BigQuery Data Transfer Service | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | BigQuery Omni | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | BigQuery Omni, which runs on AWS and Azure infrastructure, does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We continue to work with AWS and Azure to assess the situation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Binary Authorization | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Certificate Manager | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Chronicle | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Asset Inventory | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Bigtable | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Cloud Build | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Build environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud CDN | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Composer | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible that customers may have imported or introduced other dependencies via DAGs, installed PyPI modules, plugins, or other services that are using vulnerable versions of Log4j 2. We strongly encourage customers, who manage Composer environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Google Cloud | Cloud Console App | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Data Loss Prevention | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Debugger | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Deployment Manager | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud DNS | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Endpoints | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud External Key Manager (EKM) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Functions | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Functions environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Hardware Security Module (HSM) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Interconnect | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Intrusion Detection System (IDS) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Key Management Service | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Load Balancing | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Logging | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Natural Language API | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Network Address Translation (NAT) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Profiler | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Router | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Run | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Run for Anthos | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run for Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Scheduler | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud SDK | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Shell | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Shell environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Source Repositories | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Spanner | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Cloud SQL | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Cloud Storage | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Tasks | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Trace | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Traffic Director | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Translation | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Vision | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Vision OCR On-Prem | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud VPN | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | CompilerWorks | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Compute Engine | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Compute Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes to Google Cloud VMware Engine as they become available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Contact Center AI (CCAI) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Contact Center AI Insights | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Container Registry | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Data Catalog | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers who introduced their own connectors to identify dependencies on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Data Fusion | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Data Fusion does not use Log4j 2, but uses Dataproc as one of the options to execute pipelines. Dataproc released new images on December 18, 2021 to address the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow instructions in a notification sent on December 18, 2021 with the subject line “Important information about Data Fusion.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Database Migration Service (DMS) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Dataflow | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. If you have changed dependencies or default behavior, it is strongly recommended you verify there is no dependency on vulnerable versions Log4j 2. Customers have been provided details and instructions in a notification sent on December 17, 2021 with the subject line “Update #1 to Important information about Dataflow.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Google Cloud | Dataproc | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Dataproc released new images on December 18, 2021 to address the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions in notifications sent on December 18, 2021 with the subject line “Important information about Dataproc” with Dataproc documentation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Dataproc Metastore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Dataproc Metastore has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent two notifications with instructions on December 17, 2021 with the subject line “Important information regarding Log4j 2 vulnerability in your gRPC-enabled Dataproc Metastore.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Datastore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Datastream | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Dialogflow Essentials (ES) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Document AI | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Event Threat Detection | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Eventarc | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Filestore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Log4j 2 is contained within the Filestore service; there is a technical control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Log4j 2 will be updated to the latest version as part of the scheduled rollout in January 2022. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Firebase | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Firestore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Game Servers | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Google Cloud Armor | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Google Cloud Armor Managed Protection Plus | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Google Cloud VMware Engine | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | We are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes as they become available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-11 | -| Google Cloud | Google Kubernetes Engine | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Google Kubernetes Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Google Kubernetes Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Healthcare Data Engine (HDE) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Human-in-the-Loop AI | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | IoT Core | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Key Access Justifications (KAJ) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Looker | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. Looker is currently working with third-party driver vendors to evaluate the impact of the Log4j vulnerability. As Looker does not enable logging for these drivers in Looker-hosted instances, no messages are logged. We conclude that the vulnerability is mitigated. We continue to actively work with the vendors to deploy a fix for these drivers. Looker customers who self-manage their Looker instances have received instructions through their technical contacts on how to take the necessary steps to address the vulnerability. Looker customers who have questions or require assistance, please visit Looker Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | -| Google Cloud | Media Translation API | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Memorystore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Migrate for Anthos | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Migrate for Compute Engine (M4CE) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | M4CE has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. A notification was sent to customers on December 17, 2021 with subject line “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 or below. If you are on M4CE v5.0 or above, no action is needed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Network Connectivity Center | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Network Intelligence Center | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Network Service Tiers | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Persistent Disk | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Pub/Sub | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Google Cloud | Pub/Sub Lite | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Pub/Sub Lite environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Google Cloud | reCAPTCHA Enterprise | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Recommendations AI | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Retail Search | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Risk Manager | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Secret Manager | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Security Command Center | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Service Directory | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Service Infrastructure | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Speaker ID | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Speech-to-Text | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Speech-to-Text On-Prem | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Storage Transfer Service | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Talent Solution | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Text-to-Speech | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Transcoder API | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Transfer Appliance | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Video Intelligence API | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Virtual Private Cloud | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Web Security Scanner | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Workflows | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Gradle | Gradle | | | Unknown | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gradle | Gradle Enterprise | < 2021.3.6 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gradle | Gradle Enterprise Build Cache Node | < 10.1 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gradle | Gradle Enterprise Test Distribution Agent | < 1.6.2 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Grafana | | | | Unknown | [link](https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Grandstream | | | | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Google Cloud | Access Transparency | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Actifio | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) for the full statement and to obtain the hotfix (available to Actifio customers only). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AI Platform Data Labeling | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AI Platform Neural Architecture Search (NAS) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AI Platform Training and Prediction | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Config Management | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Connect | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Hub | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Identity Service | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos on VMWare | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds to their VMware products as they become available. We also recommend customers review their respective applications and workloads affected by the same vulnerabilities and apply appropriate patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Premium Software | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Service Mesh | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Apigee | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not used and therefore the VMs were not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. It is possible that customers may have introduced custom resources that are using vulnerable versions of Log4j. We strongly encourage customers who manage Apigee environments to identify components dependent on Log4j and update them to the latest version. Visit the Apigee Incident Report for more information. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Google Cloud | App Engine | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage App Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AppSheet | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At this time, we have identified no impact to core AppSheet functionality. Additionally, we have patched one Java-based auxiliary service in our platform. We will continue to monitor for affected services and patch or remediate as required. If you have any questions or require assistance, contact AppSheet Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Artifact Registry | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Assured Workloads | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Natural Language | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Tables | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Translation | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Video | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Vision | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | BigQuery | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | BigQuery Data Transfer Service | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | BigQuery Omni | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | BigQuery Omni, which runs on AWS and Azure infrastructure, does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We continue to work with AWS and Azure to assess the situation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Binary Authorization | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Certificate Manager | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Chronicle | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Asset Inventory | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Bigtable | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Cloud Build | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Build environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud CDN | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Composer | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible that customers may have imported or introduced other dependencies via DAGs, installed PyPI modules, plugins, or other services that are using vulnerable versions of Log4j 2. We strongly encourage customers, who manage Composer environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Google Cloud | Cloud Console App | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Data Loss Prevention | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Debugger | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Deployment Manager | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud DNS | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Endpoints | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud External Key Manager (EKM) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Functions | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Functions environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Hardware Security Module (HSM) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Interconnect | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Intrusion Detection System (IDS) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Key Management Service | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Load Balancing | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Logging | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Natural Language API | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Network Address Translation (NAT) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Profiler | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Router | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Run | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Run for Anthos | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run for Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Scheduler | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud SDK | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Shell | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Shell environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Source Repositories | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Spanner | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Cloud SQL | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Cloud Storage | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Tasks | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Trace | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Traffic Director | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Translation | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Vision | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Vision OCR On-Prem | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud VPN | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | CompilerWorks | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Compute Engine | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Compute Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes to Google Cloud VMware Engine as they become available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Contact Center AI (CCAI) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Contact Center AI Insights | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Container Registry | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Data Catalog | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers who introduced their own connectors to identify dependencies on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Data Fusion | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Data Fusion does not use Log4j 2, but uses Dataproc as one of the options to execute pipelines. Dataproc released new images on December 18, 2021 to address the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow instructions in a notification sent on December 18, 2021 with the subject line “Important information about Data Fusion.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Database Migration Service (DMS) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Dataflow | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. If you have changed dependencies or default behavior, it is strongly recommended you verify there is no dependency on vulnerable versions Log4j 2. Customers have been provided details and instructions in a notification sent on December 17, 2021 with the subject line “Update #1 to Important information about Dataflow.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Google Cloud | Dataproc | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Dataproc released new images on December 18, 2021 to address the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions in notifications sent on December 18, 2021 with the subject line “Important information about Dataproc” with Dataproc documentation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Dataproc Metastore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Dataproc Metastore has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent two notifications with instructions on December 17, 2021 with the subject line “Important information regarding Log4j 2 vulnerability in your gRPC-enabled Dataproc Metastore.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Datastore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Datastream | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Dialogflow Essentials (ES) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Document AI | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Event Threat Detection | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Eventarc | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Filestore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Log4j 2 is contained within the Filestore service; there is a technical control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Log4j 2 will be updated to the latest version as part of the scheduled rollout in January 2022. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Firebase | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Firestore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Game Servers | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Google Cloud Armor | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Google Cloud Armor Managed Protection Plus | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Google Cloud VMware Engine | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | We are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes as they become available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-11 | +| Google Cloud | Google Kubernetes Engine | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Google Kubernetes Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Google Kubernetes Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Healthcare Data Engine (HDE) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Human-in-the-Loop AI | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | IoT Core | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Key Access Justifications (KAJ) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Looker | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. Looker is currently working with third-party driver vendors to evaluate the impact of the Log4j vulnerability. As Looker does not enable logging for these drivers in Looker-hosted instances, no messages are logged. We conclude that the vulnerability is mitigated. We continue to actively work with the vendors to deploy a fix for these drivers. Looker customers who self-manage their Looker instances have received instructions through their technical contacts on how to take the necessary steps to address the vulnerability. Looker customers who have questions or require assistance, please visit Looker Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| Google Cloud | Media Translation API | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Memorystore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Migrate for Anthos | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Migrate for Compute Engine (M4CE) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | M4CE has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. A notification was sent to customers on December 17, 2021 with subject line “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 or below. If you are on M4CE v5.0 or above, no action is needed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Network Connectivity Center | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Network Intelligence Center | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Network Service Tiers | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Persistent Disk | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Pub/Sub | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Google Cloud | Pub/Sub Lite | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Pub/Sub Lite environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Google Cloud | reCAPTCHA Enterprise | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Recommendations AI | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Retail Search | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Risk Manager | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Secret Manager | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Security Command Center | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Service Directory | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Service Infrastructure | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Speaker ID | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Speech-to-Text | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Speech-to-Text On-Prem | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Storage Transfer Service | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Talent Solution | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Text-to-Speech | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Transcoder API | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Transfer Appliance | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Video Intelligence API | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Virtual Private Cloud | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Web Security Scanner | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Workflows | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Gradle | All | | | Not Affected | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gradle | Gradle Enterprise | | < 2021.3.6 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gradle | Gradle Enterprise Build Cache Node | | < 10.1 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gradle | Gradle Enterprise Test Distribution Agent | | < 1.6.2 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Grafana | All | | | Not Affected | [link](https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Grandstream | All | | | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Alert Engine | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1325,12 +1422,13 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Gravitee | API Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | API Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Cockpit | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gravitee.io | | | | Unknown | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gravwell | | | | Unknown | [link](https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Graylog | Graylog Server | All versions >= 1.2.0 and <= 4.2.2 | | Affected | [link](https://www.graylog.org/post/graylog-update-for-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GreenShot | | | | Unknown | [link](https://greenshot.atlassian.net/browse/BUG-2871) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gravwell | All | | | Not Affected | [link](https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products) | Gravwell products do not use Java. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Graylog | All | | 3.3.15, 4.0.14, 4.1.9, 4.2.3 | Fixed | [link](https://www.graylog.org/post/graylog-update-for-log4j) | The vulnerable Log4j library is used to record GrayLogs own log information. Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Graylog | Graylog Server | | All versions >= 1.2.0 and <= 4.2.2 | Fixed | [link](https://www.graylog.org/post/graylog-update-for-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GreenShot | All | | | Not Affected | [link](https://greenshot.atlassian.net/browse/BUG-2871) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | GSA | Cloud.gov | | | Unknown | [link](https://cloud.gov/2021/12/14/log4j-buildpack-updates/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Guidewire | | | | Unknown | [link](https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GuardedBox | All | | 3.1.2 | Fixed | [link](https://twitter.com/GuardedBox/status/1469739834117799939) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Guidewire | All | | | Unknown | [link](https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | HAProxy | | | | Unknown | [link](https://www.haproxy.com/blog/december-2021-log4shell-mitigation/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | HarmanPro AMX | | | | Unknown | [link](https://help.harmanpro.com/apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | HashiCorp | Boundary | | | Unknown | [link](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1906,17 +2004,35 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Jump Desktop | | | | Unknown | [link](https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Juniper Networks | | | | Unknown | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Justice Systems | | | | Unknown | [link](https://www.justicesystems.com/services/support/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| K15t | | | | Unknown | [link](https://help.k15t.com/k15t-apps-and-log4shell-193401141.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| K6 | | | | Unknown | [link](https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Karakun | | | | Unknown | [link](https://board.karakun.com/viewtopic.php?f=21&t=8351) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kaseya | | | | Unknown | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Keeper Security | | | | Unknown | [link](https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| KEMP | | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| KEMP 2 | | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kofax | | | | Unknown | [link](https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228)) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Konica Minolta | | | | Unknown | [link](https://www.konicaminolta.de/de-de/support/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kronos UKG | | | | Unknown | [link](https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kyberna | | | | Unknown | [link](https://www.kyberna.com/detail/log4j-sicherheitsluecke) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| K15t | All | | | Unknown | [link](https://help.k15t.com/k15t-apps-and-log4shell-193401141.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| K6 | All | | | Unknown | [link](https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kaltura | Blackboard Learn SaaS in the classic Learn experience | | v3900.28.x | Fixed | [link](https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Kaltura | Blackboard Learn Self- and Managed-Hosting | | v3900.26.x | Fixed | [link](https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Karakun | All | | | Unknown | [link](https://board.karakun.com/viewtopic.php?f=21&t=8351) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kaseya | AuthAnvil | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | BMS | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | ID Agent DarkWeb ID and BullPhish ID | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | IT Glue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | MyGlue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Network Glue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Passly | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | RocketCyber | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Spannign Salesforce Backup | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Spanning O365 Backup | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Unitrends | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Vorex | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | VSA SaaS and VSA On-Premises | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| KeePass | All | | | Not Affected | [link](https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Keeper | All | | | Fixed | [link](https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kemp | All | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit) | | [Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Keycloak | All | | | Not Affected | [link](https://github.com/keycloak/keycloak/discussions/9078) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Capture | | | Not Affected | [link](https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Communication Manager | | 5.3 - 5.5 | Fixed | [link](https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Robot File System (RFS) | | >=10.7 | Fixed | [link](https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Robotic Process Automation (RPA) | | 11.1, 11.2 | Fixed | [link](https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Konica Minolta | All | | | Unknown | [link](https://www.konicaminolta.de/de-de/support/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kronos UKG | All | | | Unknown | [link](https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kyberna | All | | | Unknown | [link](https://www.kyberna.com/detail/log4j-sicherheitsluecke) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | L-Soft | | | | Unknown | [link](http://www.lsoft.com/news/log4jinfo.asp) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | L3Harris Geospatial | | | | Unknown | [link](https://www.l3harrisgeospatial.com/Support/Self-Help-Tools/Help-Articles/Help-Articles-Detail/ArtMID/10220/ArticleID/24141/Impact-of-Log4j-Java-Security-Vulnerability-CVE-2021-44228-on-L3Harris-Geospatial-software) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Lancom Systems | | | | Unknown | [link](https://www.lancom-systems.com/service-support/instant-help/general-security-information/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -2330,17 +2446,53 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Pure Storage | PortWorx | 2.8.0+ | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Pure Storage | Pure1 | | N/A | Fixed | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Pyramid Analytics | | | | Unknown | [link](https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QF-Test | | | | Unknown | [link](https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Qlik | | | | Unknown | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QMATIC | Appointment Booking | 2.4+ | | Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | Update to v. 2.8.2 which contains log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| QMATIC | Appointment Booking | Cloud/Managed Service | | Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-15 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| QMATIC | Insights | Cloud | | Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Qconference | FaceTalk | | | Fixed | [link](https://qconferencing.com/status-vulnerability-log4j-en-qconferencing/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| QF-Test | All | | | Unknown | [link](https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Qlik | AIS, including ARC | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Attunity Visibility | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | AutoML | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Blendr | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | C4DL | | 6.6 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | C4DW | | 6.6, 6.6.1, 7.0 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Catalog | | 4.10.0, 4.10.1, 4.10.2, 4.11.0, 4.11.1, 4.12.0, 4.12.1 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Compose | | 2021.2, 2021.5, 2021.8 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Compose for Data Lakes | | | Not Affected | [link](https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869987) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Compose for Data Wharehouses | | | Not Affected | [link](https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | GeoAnalytics Plus | | 5.26.5, 5.27.5 - 5.28.2, 5.29.4 - 5.30.1, 5.31.1, 5.31.2 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | GeoAnalytics Server | | 4.19.1 - 4.27.3, 4.23.4, 4.32.3 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Nodegraph | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Nprinting | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | ODBC Connector Package | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | QEM | | 6.6, 7.0, 2021.5, 2021.11 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Alerting | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Catalog | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Data Transfer | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Enterprise Manager | | 6.6, 7.0, 2021.5, 2021.11 | Fixed | [link](https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869994) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Forts | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik RepliWeb and ARC | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Sense Business | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Sense Enterprise | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Sense Enterprise SaaS | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik View | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Web Connectors | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Replicate | | 6.6, 7.0, 2021.5, 2021.11 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | REST Connectors | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Salesforce and SAP Connectors | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | Connectos are not affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| QMATIC | Appointment Booking | | 2.4+ | Fixed | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | Update to v. 2.8.2 which contains log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| QMATIC | Appointment Booking | | Cloud/Managed Service | Fixed | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-15 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| QMATIC | Insights | | Cloud | Fixed | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | QMATIC | Orchestra Central | | | Not Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| QNAP | | | | Unknown | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QOPPA | | | | Unknown | [link](https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QSC Q-SYS | | | | Unknown | [link](https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QT | | | | Unknown | [link](https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Quest Global | | | | Unknown | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QNAP | QES Operating System | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QNAP | Qsirch | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QNAP | QTS Operating System | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QNAP | QuTS Hero Operating System | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QOPPA | All | | | Unknown | [link](https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QOS.ch | SLF4J Simple Logging Facade for Java | | | Unknown | [link](https://www.slf4j.org/log4shell.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QSC Q-SYS | All | | | Unknown | [link](https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QT | All | | | Unknown | [link](https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Quest | Foglight | | | Unknown | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Quest | Foglight | | 6.0 | Fixed | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Quest | Quest KACE SMA | | | Not Affected | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | R | R | | | Not Affected | [link](https://www.r-project.org/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | R2ediviewer | | | | Unknown | [link](https://r2ediviewer.de/DE/reload.html?Change-log_17858584.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Radware | | | | Unknown | [link](https://support.radware.com/app/answers/answer_view/a_id/1029752) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -2952,13 +3104,21 @@ NOTE: This file is automatically generated. To submit updates, please refer to | VMware | VMware Workspace ONE Access Connector (VMware Identity Manager Connector) | 21.x, 20.10.x, 19.03.0.1 | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | VTScada | All | | | Not Affected | [link](https://www.vtscada.com/vtscada-unaffected-by-log4j/) | Java is not utilized within VTScada software, and thus our users are unaffected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | | Vyaire | | | | Unknown | [link](https://www.vyaire.com/sites/us/files/2021-12/2021-12-15-product-security-bulletin-for-log4shell-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| WAGO | WAGO Smart Script | 4.2.x < 4.8.1.3 | | Affected | [link](https://www.wago.com/de/automatisierungstechnik/psirt#log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Wallarm | | | | Unknown | [link](https://lab.wallarm.com/cve-2021-44228-mitigation-update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Wasp Barcode technologies | | | | Unknown | [link](https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WatchGuard | Secplicity | | | Unknown | [link](https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WAGO | WAGO Smart Script | | 4.2.x < 4.8.1.3 | Fixed | [link](https://www.wago.com/de/automatisierungstechnik/psirt#log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Wallarm | All | | | Unknown | [link](https://lab.wallarm.com/cve-2021-44228-mitigation-update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Wasp Barcode technologies | All | | | Unknown | [link](https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Watcher | All | | | Not Affected | [link](https://twitter.com/felix_hrn/status/1470387338001977344) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | AuthPoint | | Cloud | Fixed | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | Dimension | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | EDPR and Panda AD360 | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | Firebox | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | System Manager, Dimension, and Panda AD360 | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | Threat Detection and Response | | Cloud | Fixed | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | Wi-Fi Cloud | | Cloud | Fixed | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Western Digital | | | | Unknown | [link](https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WIBU Systems | CodeMeter Cloud Lite | 2.2 and prior | | Affected | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| WIBU Systems | CodeMeter Keyring for TIA Portal | 1.30 and prior | | Affected | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | Only the Password Manager is affected | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| WIBU Systems | CodeMeter Cloud Lite | | 2.2 and prior | Fixed | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| WIBU Systems | CodeMeter Keyring for TIA Portal | | 1.30 and prior | Fixed | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | Only the Password Manager is affected | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| WildFly | All | | | Not Affected | [link](https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | Wind River | LTS17 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | Wind River | LTS18 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | Wind River | LTS19 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | @@ -2967,13 +3127,29 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Wind River | WRL-7 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | Wind River | WRL-8 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | Wind River | WRL-9 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | -| WireShark | | | | Unknown | [link](https://gitlab.com/wireshark/wireshark/-/issues/17783) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Wistia | | | | Unknown | [link](https://status.wistia.com/incidents/jtg0dfl5l224) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WitFoo | | | | Unknown | [link](https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WordPress | | | | Unknown | [link](https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Worksphere | | | | Unknown | [link](https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Wowza | | | | Unknown | [link](https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WSO2 | WSO2 Enterprise Integrator | 6.1.0 and above | | Affected | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WireShark | All | | | Not Affected | [link](https://www.wireshark.org/news/20211215.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Wistia | All | | | Unknown | [link](https://status.wistia.com/incidents/jtg0dfl5l224) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WitFoo | Precinct | | 6.x | Fixed | [link](https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/) | WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WordPress | All | | | Not Affected | [link](https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Worksphere | All | | | Unknown | [link](https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Wowza | Streaming Engine | | 4.7.8, 4.8.x | Fixed | [link](https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WSO2 | API Manager | | >= 3.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | API Manager Analytics | | >= 2.6.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Enterprise Integrator | | >= 6.1.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Enterprise Integrator Analytics | | >= 6.6.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Identity Server | | >= 5.9.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Identity Server Analytics | | >= 5.7.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Identity Server as Key Manager | | >= 5.9.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Micro Gateway | | >= 3.2.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Micro Integrator | | >= 1.1.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Micro Integrator Dashboard | | >= 4.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Micro Integrator Monitoring Dashboard | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Open Banking AM | | >= 2.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Open Banking BI | | >= 1.3.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Open Banking KM | | >= 2.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Stream Integrator | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Stream Integrator Tooling | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Stream Processor | | >= 4.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | XCP-ng | | | | Unknown | [link](https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | XenForo | | | | Unknown | [link](https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Xerox | | | | Unknown | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2021/12/Xerox-Special-Bulletin-XRX21-021-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.6.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -2996,23 +3172,50 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Xylem | Water Loss Management (Visenti) | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Xylem | Xylem Cloud | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Xylem | Xylem Edge Gateway (xGW) | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Yahoo | Vespa | | | Not Affected | [link](https://blog.vespa.ai/log4j-vulnerability/) | Your Vespa application may still be affected if log4j is included in your application package. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Yellowbrick | | | | Unknown | [link](https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| YellowFin | | | | Unknown | [link](https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| YOKOGAWA | | | | Unknown | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| YSoft SAFEQ | | | | Unknown | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| YellowFin | All | | 8.0.10.3, 9.7.0.2 | Fixed | [link](https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2) | v7 and v6 releases are not affected unless you have manually upgraded to Log4j2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Yenlo | Connext | | | Not Affected | [link](https://www.yenlo.com/news/vulnerability-code-log4shell-log4j2/) | Connext Platform (Managed WSO2 Cloud) and all underlying middleware components are not vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| YOKOGAWA | CENTUM VP | | | Unknown | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | CENTUM VP (other components) | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier is still under investigation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | CI Server | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | Exaopc | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | Exaplog | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | Exaquantum | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | FAST/TOOLS | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | PRM | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | ProSafe-RS | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | ProSafe-RS Lite | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | STARDOM | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | VTSPortal | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YSoft | SAFEQ 4 | | | Not Affected | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| YSoft | SAFEQ 5 | | | Not Affected | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| YSoft | SAFEQ 6 | | <=6.0.63 | Fixed | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | | Zabbix | | | | Unknown | [link](https://blog.zabbix.com/zabbix-not-affected-by-the-log4j-exploit/17873/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ZAMMAD | | | | Unknown | [link](https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zaproxy | | | | Unknown | [link](https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zebra | | | | Unknown | [link](https://www.zebra.com/us/en/support-downloads/lifeguard-security/cve-2021-442280-dubbed-log4shell-or-logjam-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Zeiss | Cataract Suite | | 1.3.1 | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | EQ Workplace | | 1.6, 1.8 | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | FORUM | | 4.2.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | Glaucoma Workplace | | 3.5.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | Laser Treatment Workplace | | 1.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | Retina Workplace | | 2.5.x, 2.6.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | | Zendesk | All Products | All Versions | | Affected | [link](https://support.zendesk.com/hc/en-us/articles/4413583476122) | Zendesk products are all cloud-based; thus there are no updates for the customers to install as the company is working on patching their infrastructure and systems. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | | Zenoss | | | | Unknown | [link](https://support.zenoss.com/hc/en-us) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zentera Systems, Inc. | CoIP Access Platform | | | Not Affected | [link](https://support.zentera.net/hc/en-us/articles/4416227743511--CVE-2021-44228-Log4Shell-Vulnerability-in-Apache-Log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Zerto | | | | Unknown | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Zerto | Cloud Appliance | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zerto | Cloud Manager | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zerto | Virtual Manager | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zerto | Virtual Replication Appliance | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | | Zesty | | | | Unknown | [link](https://www.zesty.io/mindshare/company-announcements/log4j-exploit/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zimbra | | | | Unknown | [link](https://bugzilla.zimbra.com/show_bug.cgi?id=109428) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zix | | | | Unknown | [link](https://status.appriver.com/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Zoom | | | | Unknown | [link](https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Zoho | Online | | | Unknown | [link](https://help.zoho.com/portal/en/community/topic/update-on-the-recent-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zoom | | | | Not Affected | [link](https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ZPE systems Inc | | | | Unknown | [link](https://support.zpesystems.com/portal/en/kb/articles/is-nodegrid-os-and-zpe-cloud-affected-by-cve-2021-44228-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zscaler | See Link (Multiple Products) | | | Unknown | [link](https://trust.zscaler.com/posts/9581) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Zyxel | | | | Unknown | [link](https://www.zyxel.com/support/Zyxel_security_advisory_for_Apache_Log4j_RCE_vulnerability.shtml) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Zyxel | All other products | | | Not Affected | [link](https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Zyxel | Netlas Element Management System (EMS) | | | Affected | [link](https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability) | Hotfix availibility Dec. 20 2021. Patch availability in end of Feb. 2022. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Zyxel | Security Firewall/Gateways | | | Not Affected | [link](https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | diff --git a/data/cisagov.yml b/data/cisagov.yml index fec6c78..e2d8bd9 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -656,6 +656,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Advanced Micro Devices (AMD) + product: All + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' - vendor: Advanced Systems Concepts (formally Jscape) product: Active MFT cves: @@ -5446,10 +5476,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: BBraun + product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5465,9 +5526,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun - product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software + product: Outlook® Safety Infusion System Pump family cves: cve-2021-4104: investigated: false @@ -5475,10 +5536,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: BBraun + product: Pinnacle® Compounder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5494,9 +5586,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun - product: Outlook® Safety Infusion System Pump family + product: Pump, SpaceStation, and Space® Wireless Battery) cves: cve-2021-4104: investigated: false @@ -5504,10 +5596,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: BBraun + product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® + Space® Infusion + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5521,11 +5645,156 @@ software: vendor_links: - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: BD + product: Arctic Sun™ Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BBraun - product: Pinnacle® Compounder + - vendor: BD + product: BD Diabetes Care App Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight™ Clinical Advisor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight™ Data Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight™ Diversion Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight™ Infection Advisor cves: cve-2021-4104: investigated: false @@ -5548,13 +5817,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BBraun - product: Pump, SpaceStation, and Space® Wireless Battery) + - vendor: BD + product: BD HealthSight™ Inventory Optimization Analytics cves: cve-2021-4104: investigated: false @@ -5577,14 +5846,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BBraun - product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® - Space® Infusion + - vendor: BD + product: BD HealthSight™ Medication Safety cves: cve-2021-4104: investigated: false @@ -5607,13 +5875,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: Arctic Sun™ Analytics + product: BD Knowledge Portal for BD Pyxis™ Supply cves: cve-2021-4104: investigated: false @@ -5642,7 +5910,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Diabetes Care App Cloud + product: BD Knowledge Portal for Infusion Technologies cves: cve-2021-4104: investigated: false @@ -5671,7 +5939,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD HealthSight™ Clinical Advisor + product: BD Knowledge Portal for Medication Technologies cves: cve-2021-4104: investigated: false @@ -5700,7 +5968,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD HealthSight™ Data Manager + product: BD Synapsys™ Informatics Solution cves: cve-2021-4104: investigated: false @@ -5729,7 +5997,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD HealthSight™ Diversion Management + product: BD Veritor™ COVID At Home Solution Cloud cves: cve-2021-4104: investigated: false @@ -5757,8 +6025,8 @@ software: references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Infection Advisor + - vendor: Beckman Coulter + product: Access 2 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -5766,10 +6034,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5781,13 +6050,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Inventory Optimization Analytics + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T 5diff (Hematology) cves: cve-2021-4104: investigated: false @@ -5795,10 +6064,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5810,13 +6080,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Medication Safety + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T Family (Hematology) cves: cve-2021-4104: investigated: false @@ -5824,10 +6094,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5839,13 +6110,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Knowledge Portal for BD Pyxis™ Supply + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU2700 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -5853,10 +6124,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5868,13 +6140,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Knowledge Portal for Infusion Technologies + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU480 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -5882,10 +6154,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5897,13 +6170,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Knowledge Portal for Medication Technologies + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5400 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -5911,10 +6184,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5926,13 +6200,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Synapsys™ Informatics Solution + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5800 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -5940,10 +6214,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5955,13 +6230,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Veritor™ COVID At Home Solution Cloud + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU640 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -5969,10 +6244,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5984,13 +6260,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: '' + product: AU680 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -5998,10 +6274,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6017,9 +6294,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Beijer Electronics - product: acirro+ + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1200 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -6027,10 +6304,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6042,13 +6320,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: BFI frequency inverters + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1250 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -6056,10 +6334,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6071,13 +6350,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: BSD servo drives + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2500 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -6085,10 +6364,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6100,13 +6380,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: CloudVPN + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2550 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -6114,10 +6394,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6129,13 +6410,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: FnIO-G and M Distributed IO + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -6143,10 +6424,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6158,13 +6440,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: iX Developer + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 Fit (Lab Automation) cves: cve-2021-4104: investigated: false @@ -6172,10 +6454,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6187,13 +6470,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: Nexto modular PLC + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 500 (Hematology) cves: cve-2021-4104: investigated: false @@ -6201,10 +6484,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6216,13 +6500,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: Nexto Xpress compact controller + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 520 (Hematology) cves: cve-2021-4104: investigated: false @@ -6230,10 +6514,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6245,13 +6530,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: WARP Engineering Studio + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 560 (Hematology) cves: cve-2021-4104: investigated: false @@ -6259,10 +6544,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6274,13 +6560,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Bender - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 600 (Hematology) cves: cve-2021-4104: investigated: false @@ -6288,10 +6574,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6303,14 +6590,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bender.de/en/cert + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Best Practical Request Tracker (RT) and Request Tracker for Incident Response - (RTIR) - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 690T (Hematology) cves: cve-2021-4104: investigated: false @@ -6318,10 +6604,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6333,13 +6620,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BeyondTrust - product: Privilege Management Cloud + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 800 (Hematology) cves: cve-2021-4104: investigated: false @@ -6349,9 +6636,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6363,13 +6650,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust - product: Privilege Management Reporting in BeyondInsight + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 900 (Hematology) cves: cve-2021-4104: investigated: false @@ -6379,9 +6666,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '21.2' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6393,13 +6680,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust - product: Secure Remote Access appliances + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS (Hematology) cves: cve-2021-4104: investigated: false @@ -6411,7 +6698,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6423,13 +6710,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust Bomgar - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS II (Hematology) cves: cve-2021-4104: investigated: false @@ -6437,10 +6724,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6452,13 +6740,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BioMerieux - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM Autoplak (Microbiology) cves: cve-2021-4104: investigated: false @@ -6466,10 +6754,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6481,13 +6770,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.biomerieux.com/en/cybersecurity-data-privacy + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: BisectHosting - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1040 (Microbiology) cves: cve-2021-4104: investigated: false @@ -6495,10 +6784,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6510,13 +6800,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BitDefender - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1096 (Microbiology) cves: cve-2021-4104: investigated: false @@ -6524,10 +6814,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6539,13 +6830,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BitNami By VMware - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Command Central (Information Systems) cves: cve-2021-4104: investigated: false @@ -6553,9 +6844,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -6568,13 +6860,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.bitnami.com/general/security/security-2021-12-10/ - notes: '' + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Customers can follow instructions to remove log4j references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BitRise - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Insights (Information Systems) cves: cve-2021-4104: investigated: false @@ -6582,9 +6874,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6597,13 +6890,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.bitrise.io/post/bitrises-response-to-log4j-vulnerability-cve-2021-44228 - notes: '' + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Patch has been applied. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Bitwarden - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Inventory Manager (Information Systems) cves: cve-2021-4104: investigated: false @@ -6611,10 +6904,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6626,13 +6920,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bitwarden.com/t/log4j-log4shell-cve-is-bitwarden-affected-due-to-docker-image/36177/2 + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Biztory - product: Fivetran + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Workflow Manager (Information Systems) cves: cve-2021-4104: investigated: false @@ -6640,10 +6934,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6655,13 +6950,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.biztory.com/blog/apache-log4j2-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - - Vendor review indicated Fivetran is not vulnerable to Log4j2 - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Black Kite - product: '' + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxU Workcell (Urinalysis) cves: cve-2021-4104: investigated: false @@ -6669,10 +6964,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6684,13 +6980,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blackkite.com/log4j-rce-vulnerability-log4shell-puts-millions-at-risk/ + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Blancco - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUc (Urinalysis) cves: cve-2021-4104: investigated: false @@ -6698,10 +6994,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6713,13 +7010,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.blancco.com/display/NEWS/2021/12/12/CVE-2021-44228+-+Critical+vulnerability+in+Apache+Log4j+library + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Blumira - product: '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUm (Urinalysis) cves: cve-2021-4104: investigated: false @@ -6727,10 +7024,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6742,13 +7040,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.blumira.com/cve-2021-44228-log4shell/ + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Bladelogic Database Automation + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HighFlexX Software (Microbiology) cves: cve-2021-4104: investigated: false @@ -6756,10 +7054,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6771,13 +7070,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX (Hematology) cves: cve-2021-4104: investigated: false @@ -6785,10 +7084,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6800,13 +7100,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Products + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX AL (Hematology) cves: cve-2021-4104: investigated: false @@ -6814,10 +7114,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6829,13 +7130,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iChemVELOCITY (Urinalysis) cves: cve-2021-4104: investigated: false @@ -6843,10 +7144,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6858,13 +7160,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Automation Console + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: IMMAGE 800 (Nephelometry) cves: cve-2021-4104: investigated: false @@ -6872,10 +7174,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6887,13 +7190,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Business Workflows + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Intelligent Sample Banking ISB (Lab Automation) cves: cve-2021-4104: investigated: false @@ -6901,10 +7204,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6916,13 +7220,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Client Management + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ipaw (Lab Automation) cves: cve-2021-4104: investigated: false @@ -6930,10 +7234,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6945,13 +7250,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Cloud Cost + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ Workcell (Urinalysis) cves: cve-2021-4104: investigated: false @@ -6959,10 +7264,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6974,13 +7280,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Cloud Security + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ200 (Urinalysis) cves: cve-2021-4104: investigated: false @@ -6988,10 +7294,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7003,13 +7310,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix CMDB + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iRICELL (Urinalysis) cves: cve-2021-4104: investigated: false @@ -7017,10 +7324,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7032,13 +7340,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Continuous Optimization + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LabPro Workstation and Database Computers Provided by Beckman Coulter + (Microbiology) cves: cve-2021-4104: investigated: false @@ -7046,8 +7355,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7061,13 +7371,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: The only known instance of vulnerability due to Log4J is using Axeda services references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Control-M + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH 500 (Hematology) cves: cve-2021-4104: investigated: false @@ -7075,10 +7385,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7090,13 +7401,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Digital Workplace + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidemaker (Hematology) cves: cve-2021-4104: investigated: false @@ -7104,10 +7415,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7119,13 +7431,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Discovery + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidestraine (Hematology) cves: cve-2021-4104: investigated: false @@ -7133,10 +7445,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7148,13 +7461,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix ITSM + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH750 (Hematology) cves: cve-2021-4104: investigated: false @@ -7162,10 +7475,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7177,13 +7491,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Knowledge Management + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH780 (Hematology) cves: cve-2021-4104: investigated: false @@ -7191,10 +7505,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7206,13 +7521,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Operations Management with AIOps + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH785 (Hematology) cves: cve-2021-4104: investigated: false @@ -7220,10 +7535,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7235,13 +7551,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Platform + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: MicroScan autoSCAN-4 (Microbiology) cves: cve-2021-4104: investigated: false @@ -7249,10 +7565,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7264,13 +7581,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix platform + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7300 (Blood Bank) cves: cve-2021-4104: investigated: false @@ -7278,10 +7595,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7293,13 +7611,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Remediate + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7400 (Blood Bank) cves: cve-2021-4104: investigated: false @@ -7307,10 +7625,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7322,13 +7641,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Remediate + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Express (Lab Automation) cves: cve-2021-4104: investigated: false @@ -7336,10 +7655,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7351,13 +7671,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Remedyforce + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Link (Lab Automation) cves: cve-2021-4104: investigated: false @@ -7365,10 +7685,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7380,13 +7701,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Virtual Agent + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Processor (Lab Automation) cves: cve-2021-4104: investigated: false @@ -7394,10 +7715,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7409,13 +7731,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Cloud Lifecycle Management + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PROService (Information Systems) cves: cve-2021-4104: investigated: false @@ -7423,10 +7745,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7438,13 +7761,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Control-M + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: RAP Box (Information Systems) cves: cve-2021-4104: investigated: false @@ -7452,10 +7775,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7467,13 +7791,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Footprints + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: REMISOL ADVANCE (Information Systems) cves: cve-2021-4104: investigated: false @@ -7481,10 +7805,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7496,13 +7821,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: MainView Middleware Administrator + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Sorting Drive (Lab Automation) cves: cve-2021-4104: investigated: false @@ -7510,10 +7835,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7525,13 +7851,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: MainView Middleware Monitor + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 600 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -7539,10 +7865,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7554,13 +7881,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Remedy ITSM (IT Service Management) + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 800 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -7568,10 +7895,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7583,13 +7911,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: SmartIT + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 600 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -7597,10 +7925,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7612,13 +7941,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Track-It! + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 800 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -7626,10 +7955,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7641,13 +7971,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: TrueSight Automation for Networks + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 plus (Microbiology) cves: cve-2021-4104: investigated: false @@ -7655,10 +7985,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7670,13 +8001,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: TrueSight Automation for Servers + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 SI (Microbiology) cves: cve-2021-4104: investigated: false @@ -7684,10 +8015,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7699,13 +8031,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: TrueSight Capacity Optimization + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 plus (Microbiology) cves: cve-2021-4104: investigated: false @@ -7713,10 +8045,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7728,13 +8061,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: TrueSight Infrastructure Management + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 SI (Microbiology) cves: cve-2021-4104: investigated: false @@ -7742,10 +8075,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7757,13 +8091,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: TrueSight Operations Management + last_updated: '2022-01-31T00:00:00' + - vendor: Beijer Electronics + product: acirro+ cves: cve-2021-4104: investigated: false @@ -7786,13 +8120,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: TrueSight Orchestration + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: BFI frequency inverters cves: cve-2021-4104: investigated: false @@ -7815,13 +8149,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Bosch - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: BSD servo drives cves: cve-2021-4104: investigated: false @@ -7844,13 +8178,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://bosch-iot-suite.com/news/apache-log4j-rce-vulnerability/ + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Boston Scientific - product: '' + - vendor: Beijer Electronics + product: CloudVPN cves: cve-2021-4104: investigated: false @@ -7873,13 +8207,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bostonscientific.com/content/dam/bostonscientific/corporate/product-security/bsc_statement_on_apache_log4j-v1.pdf + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Box - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: FnIO-G and M Distributed IO cves: cve-2021-4104: investigated: false @@ -7902,13 +8236,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.box.com/boxs-statement-recent-log4j-vulnerability-cve-2021-44228 + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Brainworks - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: iX Developer cves: cve-2021-4104: investigated: false @@ -7931,13 +8265,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.brainworks.de/log4j-exploit-kerio-connect-workaround/ + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BrightSign - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: Nexto modular PLC cves: cve-2021-4104: investigated: false @@ -7960,13 +8294,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://brightsign.atlassian.net/wiki/spaces/DOC/pages/370679198/Security+Statement+Log4J+Meltdown+and+Spectre+Vulnerabilities#SecurityStatement%3ALog4J%2CMeltdownandSpectreVulnerabilities-JavaApacheLog4j + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Advanced Secure Gateway (ASG) + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: Nexto Xpress compact controller cves: cve-2021-4104: investigated: false @@ -7989,13 +8323,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Automic Automation + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: WARP Engineering Studio cves: cve-2021-4104: investigated: false @@ -8018,13 +8352,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.broadcom.com/external/article?articleId=230308 + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Bender + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.bender.de/en/cert notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: BCAAA + - vendor: Best Practical Request Tracker (RT) and Request Tracker for Incident Response + (RTIR) + product: '' cves: cve-2021-4104: investigated: false @@ -8047,13 +8411,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: CA Advanced Authentication + - vendor: BeyondTrust + product: Privilege Management Cloud cves: cve-2021-4104: investigated: false @@ -8062,10 +8426,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '9.1' + affected_versions: [] + fixed_versions: + - Unknown + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: BeyondTrust + product: Privilege Management Reporting in BeyondInsight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '21.2' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -8076,13 +8470,44 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: CA Risk Authentication + last_updated: '2021-12-17T00:00:00' + - vendor: BeyondTrust + product: Secure Remote Access appliances + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Unknown + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: BeyondTrust Bomgar + product: '' cves: cve-2021-4104: investigated: false @@ -8104,13 +8529,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: CA Strong Authentication + - vendor: BioMerieux + product: '' cves: cve-2021-4104: investigated: false @@ -8132,13 +8558,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.biomerieux.com/en/cybersecurity-data-privacy notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Cloud Workload Protection (CWP) + last_updated: '2021-12-22T00:00:00' + - vendor: BisectHosting + product: '' cves: cve-2021-4104: investigated: false @@ -8161,13 +8588,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Cloud Workload Protection for Storage (CWP:S) + - vendor: BitDefender + product: '' cves: cve-2021-4104: investigated: false @@ -8190,13 +8617,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: CloudSOC Cloud Access Security Broker (CASB) + - vendor: BitNami By VMware + product: '' cves: cve-2021-4104: investigated: false @@ -8219,13 +8646,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://docs.bitnami.com/general/security/security-2021-12-10/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Content Analysis (CA) + - vendor: BitRise + product: '' cves: cve-2021-4104: investigated: false @@ -8248,13 +8675,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://blog.bitrise.io/post/bitrises-response-to-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Critical System Protection (CSP) + - vendor: Bitwarden + product: '' cves: cve-2021-4104: investigated: false @@ -8277,13 +8704,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bitwarden.com/t/log4j-log4shell-cve-is-bitwarden-affected-due-to-docker-image/36177/2 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Data Center Security (DCS) + - vendor: Biztory + product: Fivetran cves: cve-2021-4104: investigated: false @@ -8306,13 +8733,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.biztory.com/blog/apache-log4j2-vulnerability + notes: '' + references: + - Vendor review indicated Fivetran is not vulnerable to Log4j2 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Black Kite + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blackkite.com/log4j-rce-vulnerability-log4shell-puts-millions-at-risk/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Data Loss Prevention (DLP) + - vendor: Blancco + product: '' cves: cve-2021-4104: investigated: false @@ -8335,13 +8791,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://support.blancco.com/display/NEWS/2021/12/12/CVE-2021-44228+-+Critical+vulnerability+in+Apache+Log4j+library notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Email Security Service (ESS) + - vendor: Blumira + product: '' cves: cve-2021-4104: investigated: false @@ -8364,13 +8820,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://www.blumira.com/cve-2021-44228-log4shell/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Ghost Solution Suite (GSS) + - vendor: BMC + product: Bladelogic Database Automation cves: cve-2021-4104: investigated: false @@ -8393,13 +8849,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: HSM Agent + - vendor: BMC + product: BMC AMI Ops cves: cve-2021-4104: investigated: false @@ -8422,13 +8878,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Industrial Control System Protection (ICSP) + - vendor: BMC + product: BMC AMI Products cves: cve-2021-4104: investigated: false @@ -8451,13 +8907,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Integrated Cyber Defense Manager (ICDm) + - vendor: BMC + product: BMC Compuware cves: cve-2021-4104: investigated: false @@ -8480,13 +8936,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Integrated Secure Gateway (ISG) + - vendor: BMC + product: BMC Helix Automation Console cves: cve-2021-4104: investigated: false @@ -8509,13 +8965,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: IT Management Suite + - vendor: BMC + product: BMC Helix Business Workflows cves: cve-2021-4104: investigated: false @@ -8538,13 +8994,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Layer7 API Developer Portal + - vendor: BMC + product: BMC Helix Client Management cves: cve-2021-4104: investigated: false @@ -8567,13 +9023,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Layer7 API Gateway + - vendor: BMC + product: BMC Helix Cloud Cost cves: cve-2021-4104: investigated: false @@ -8596,13 +9052,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Layer7 Mobile API Gateway + - vendor: BMC + product: BMC Helix Cloud Security cves: cve-2021-4104: investigated: false @@ -8625,13 +9081,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Management Center (MC) + - vendor: BMC + product: BMC Helix CMDB cves: cve-2021-4104: investigated: false @@ -8654,13 +9110,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: PacketShaper (PS) S-Series + - vendor: BMC + product: BMC Helix Continuous Optimization cves: cve-2021-4104: investigated: false @@ -8683,13 +9139,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: PolicyCenter (PC) S-Series + - vendor: BMC + product: BMC Helix Control-M cves: cve-2021-4104: investigated: false @@ -8712,13 +9168,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Privileged Access Manager + - vendor: BMC + product: BMC Helix Digital Workplace cves: cve-2021-4104: investigated: false @@ -8741,13 +9197,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Privileged Access Manager Server Control + - vendor: BMC + product: BMC Helix Discovery cves: cve-2021-4104: investigated: false @@ -8770,13 +9226,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Privileged Identity Manager + - vendor: BMC + product: BMC Helix ITSM cves: cve-2021-4104: investigated: false @@ -8799,13 +9255,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: ProxySG + - vendor: BMC + product: BMC Helix Knowledge Management cves: cve-2021-4104: investigated: false @@ -8828,13 +9284,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Reporter + - vendor: BMC + product: BMC Helix Operations Management with AIOps cves: cve-2021-4104: investigated: false @@ -8857,13 +9313,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Secure Access Cloud (SAC) + - vendor: BMC + product: BMC Helix Platform cves: cve-2021-4104: investigated: false @@ -8886,13 +9342,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Security Analytics (SA) + - vendor: BMC + product: BMC Helix platform cves: cve-2021-4104: investigated: false @@ -8915,13 +9371,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: SiteMinder (CA Single Sign-On) + - vendor: BMC + product: BMC Helix Remediate cves: cve-2021-4104: investigated: false @@ -8944,13 +9400,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: SSL Visibility (SSLV) + - vendor: BMC + product: BMC Helix Remediate cves: cve-2021-4104: investigated: false @@ -8973,13 +9429,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Control Compliance Suite (CCS) + - vendor: BMC + product: BMC Helix Remedyforce cves: cve-2021-4104: investigated: false @@ -9002,13 +9458,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Directory + - vendor: BMC + product: BMC Helix Virtual Agent cves: cve-2021-4104: investigated: false @@ -9031,13 +9487,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Endpoint Detection and Response (EDR) + - vendor: BMC + product: Cloud Lifecycle Management cves: cve-2021-4104: investigated: false @@ -9060,13 +9516,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Endpoint Encryption (SEE) + - vendor: BMC + product: Control-M cves: cve-2021-4104: investigated: false @@ -9089,13 +9545,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Endpoint Protection (SEP) + - vendor: BMC + product: Footprints cves: cve-2021-4104: investigated: false @@ -9118,13 +9574,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Endpoint Protection (SEP) for Mobile + - vendor: BMC + product: MainView Middleware Administrator cves: cve-2021-4104: investigated: false @@ -9147,43 +9603,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Endpoint Protection Manager (SEPM) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - '14.3' - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Identity Governance and Administration (IGA) + - vendor: BMC + product: MainView Middleware Monitor cves: cve-2021-4104: investigated: false @@ -9206,13 +9632,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Mail Security for Microsoft Exchange (SMSMSE) + - vendor: BMC + product: Remedy ITSM (IT Service Management) cves: cve-2021-4104: investigated: false @@ -9235,13 +9661,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Messaging Gateway (SMG) + - vendor: BMC + product: SmartIT cves: cve-2021-4104: investigated: false @@ -9264,13 +9690,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec PGP Solutions + - vendor: BMC + product: Track-It! cves: cve-2021-4104: investigated: false @@ -9293,13 +9719,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Protection Engine (SPE) + - vendor: BMC + product: TrueSight Automation for Networks cves: cve-2021-4104: investigated: false @@ -9322,13 +9748,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Symantec Protection for SharePoint Servers (SPSS) + - vendor: BMC + product: TrueSight Automation for Servers cves: cve-2021-4104: investigated: false @@ -9351,13 +9777,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: VIP + - vendor: BMC + product: TrueSight Capacity Optimization cves: cve-2021-4104: investigated: false @@ -9380,13 +9806,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: VIP Authentication Hub + - vendor: BMC + product: TrueSight Infrastructure Management cves: cve-2021-4104: investigated: false @@ -9409,13 +9835,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Web Isolation (WI) + - vendor: BMC + product: TrueSight Operations Management cves: cve-2021-4104: investigated: false @@ -9438,13 +9864,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: Web Security Service (WSS) + - vendor: BMC + product: TrueSight Orchestration cves: cve-2021-4104: investigated: false @@ -9467,13 +9893,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Broadcom - product: WebPulse + - vendor: Bosch + product: '' cves: cve-2021-4104: investigated: false @@ -9496,12 +9922,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + - https://bosch-iot-suite.com/news/apache-log4j-rce-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: C4b XPHONE + last_updated: '2021-12-22T00:00:00' + - vendor: Boston Scientific product: '' cves: cve-2021-4104: @@ -9525,13 +9951,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.c4b.com/de/news/log4j.php + - https://www.bostonscientific.com/content/dam/bostonscientific/corporate/product-security/bsc_statement_on_apache_log4j-v1.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Campbell Scientific - product: All + last_updated: '2021-12-20T00:00:00' + - vendor: Box + product: '' cves: cve-2021-4104: investigated: false @@ -9554,12 +9980,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://s.campbellsci.com/documents/us/miscellaneous/log4j2-vulnerability.pdf + - https://blog.box.com/boxs-statement-recent-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Camunda + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Brainworks product: '' cves: cve-2021-4104: @@ -9583,13 +10009,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.camunda.org/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228/31910 + - https://www.brainworks.de/log4j-exploit-kerio-connect-workaround/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Canary Labs - product: All + - vendor: BrightSign + product: '' cves: cve-2021-4104: investigated: false @@ -9612,13 +10038,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpcenter.canarylabs.com/t/83hjjk0/log4j-vulnerability + - https://brightsign.atlassian.net/wiki/spaces/DOC/pages/370679198/Security+Statement+Log4J+Meltdown+and+Spectre+Vulnerabilities#SecurityStatement%3ALog4J%2CMeltdownandSpectreVulnerabilities-JavaApacheLog4j notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: Alphenix (Angio Workstation) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Advanced Secure Gateway (ASG) cves: cve-2021-4104: investigated: false @@ -9641,13 +10067,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: CT Medical Imaging Products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Automic Automation cves: cve-2021-4104: investigated: false @@ -9670,13 +10096,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + - https://knowledge.broadcom.com/external/article?articleId=230308 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: Infinix-i (Angio Workstation) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: BCAAA cves: cve-2021-4104: investigated: false @@ -9699,13 +10125,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: MR Medical Imaging Products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: CA Advanced Authentication cves: cve-2021-4104: investigated: false @@ -9713,8 +10139,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '9.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9727,14 +10154,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: NM Medical Imaging Products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: CA Risk Authentication cves: cve-2021-4104: investigated: false @@ -9756,14 +10182,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: UL Medical Imaging Products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: CA Strong Authentication cves: cve-2021-4104: investigated: false @@ -9785,14 +10210,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: Vitrea Advanced 7.x + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Cloud Workload Protection (CWP) cves: cve-2021-4104: investigated: false @@ -9815,13 +10239,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Canon - product: XR Medical Imaging Products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Cloud Workload Protection for Storage (CWP:S) cves: cve-2021-4104: investigated: false @@ -9844,13 +10268,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: CapStorm - product: Copystorm + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: CloudSOC Cloud Access Security Broker (CASB) cves: cve-2021-4104: investigated: false @@ -9872,13 +10296,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: CarbonBlack - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Content Analysis (CA) cves: cve-2021-4104: investigated: false @@ -9901,13 +10326,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Carestream - product: '' + - vendor: Broadcom + product: Critical System Protection (CSP) cves: cve-2021-4104: investigated: false @@ -9930,13 +10355,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Carrier - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Data Center Security (DCS) cves: cve-2021-4104: investigated: false @@ -9959,13 +10384,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.corporate.carrier.com/product-security/advisories-resources/ + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CAS genesisWorld - product: '' + - vendor: Broadcom + product: Data Loss Prevention (DLP) cves: cve-2021-4104: investigated: false @@ -9988,13 +10413,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.cas.de/CASHelpdesk/FAQDetails.aspx?gguid=0x79F9E881EE3C46C1A71BE9EB3E480446 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cato Networks - product: '' + - vendor: Broadcom + product: Email Security Service (ESS) cves: cve-2021-4104: investigated: false @@ -10017,13 +10442,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.catonetworks.com/blog/cato-networks-rapid-response-to-the-apache-log4j-remote-code-execution-vulnerability/ + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cepheid - product: C360 + - vendor: Broadcom + product: Ghost Solution Suite (GSS) cves: cve-2021-4104: investigated: false @@ -10046,13 +10471,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.cepheid.com/en_US/legal/product-security-updates + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Cepheid - product: GeneXpert + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: HSM Agent cves: cve-2021-4104: investigated: false @@ -10075,13 +10500,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.cepheid.com/en_US/legal/product-security-updates + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Cerberus FTP - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Industrial Control System Protection (ICSP) cves: cve-2021-4104: investigated: false @@ -10104,13 +10529,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.cerberusftp.com/hc/en-us/articles/4412448183571-Cerberus-is-not-affected-by-CVE-2021-44228-log4j-0-day-vulnerability + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Chaser Systems - product: discrimiNAT Firewall + - vendor: Broadcom + product: Integrated Cyber Defense Manager (ICDm) cves: cve-2021-4104: investigated: false @@ -10118,11 +10543,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -10134,13 +10558,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://chasersystems.com/discrimiNAT/blog/log4shell-and-its-traces-in-a-network-egress-filter/#are-chasers-products-affected + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Check Point - product: CloudGuard + - vendor: Broadcom + product: Integrated Secure Gateway (ISG) cves: cve-2021-4104: investigated: false @@ -10148,11 +10572,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -10164,13 +10587,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Check Point - product: Harmony Endpoint & Harmony Mobile + - vendor: Broadcom + product: IT Management Suite cves: cve-2021-4104: investigated: false @@ -10178,11 +10601,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -10194,13 +10616,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Check Point - product: Infinity Portal + - vendor: Broadcom + product: Layer7 API Developer Portal cves: cve-2021-4104: investigated: false @@ -10223,13 +10645,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Check Point - product: Quantum Security Gateway + - vendor: Broadcom + product: Layer7 API Gateway cves: cve-2021-4104: investigated: false @@ -10237,11 +10659,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -10253,13 +10674,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Check Point - product: Quantum Security Management + - vendor: Broadcom + product: Layer7 Mobile API Gateway cves: cve-2021-4104: investigated: false @@ -10267,11 +10688,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -10283,14 +10703,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 - notes: Where used, uses the 1.8.0\_u241 version of the JRE that protects against - this attack by default. + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Check Point - product: SMB + - vendor: Broadcom + product: Management Center (MC) cves: cve-2021-4104: investigated: false @@ -10298,11 +10717,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -10314,13 +10732,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Check Point - product: ThreatCloud + - vendor: Broadcom + product: PacketShaper (PS) S-Series cves: cve-2021-4104: investigated: false @@ -10343,13 +10761,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcontent.checkpoint.com/solutions?id=sk176865 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CheckMK - product: '' + - vendor: Broadcom + product: PolicyCenter (PC) S-Series cves: cve-2021-4104: investigated: false @@ -10372,13 +10790,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.checkmk.com/t/checkmk-not-affected-by-log4shell/28643/3 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ciphermail - product: '' + - vendor: Broadcom + product: Privileged Access Manager cves: cve-2021-4104: investigated: false @@ -10401,13 +10819,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ciphermail.com/blog/ciphermail-gateway-and-webmail-messenger-are-not-vulnerable-to-cve-2021-44228.html + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CircleCI - product: CircleCI + - vendor: Broadcom + product: Privileged Access Manager Server Control cves: cve-2021-4104: investigated: false @@ -10430,13 +10848,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.circleci.com/t/circleci-log4j-information-cve-2021-4422 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: CIS - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Broadcom + product: Privileged Identity Manager cves: cve-2021-4104: investigated: false @@ -10459,13 +10877,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cisecurity.atlassian.net/servicedesk/customer/portal/15/article/2434301961 + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: AppDynamics + - vendor: Broadcom + product: ProxySG cves: cve-2021-4104: investigated: false @@ -10488,13 +10906,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco ACI Multi-Site Orchestrator + - vendor: Broadcom + product: Reporter cves: cve-2021-4104: investigated: false @@ -10517,13 +10935,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco ACI Virtual Edge + - vendor: Broadcom + product: Secure Access Cloud (SAC) cves: cve-2021-4104: investigated: false @@ -10546,13 +10964,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Adaptive Security Appliance (ASA) Software + - vendor: Broadcom + product: Security Analytics (SA) cves: cve-2021-4104: investigated: false @@ -10575,13 +10993,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Advanced Web Security Reporting Application + - vendor: Broadcom + product: SiteMinder (CA Single Sign-On) cves: cve-2021-4104: investigated: false @@ -10604,13 +11022,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco AMP Virtual Private Cloud Appliance + - vendor: Broadcom + product: SSL Visibility (SSLV) cves: cve-2021-4104: investigated: false @@ -10633,13 +11051,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco AnyConnect Secure Mobility Client + - vendor: Broadcom + product: Symantec Control Compliance Suite (CCS) cves: cve-2021-4104: investigated: false @@ -10662,13 +11080,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Application Policy Infrastructure Controller (APIC) + - vendor: Broadcom + product: Symantec Directory cves: cve-2021-4104: investigated: false @@ -10691,13 +11109,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco ASR 5000 Series Routers + - vendor: Broadcom + product: Symantec Endpoint Detection and Response (EDR) cves: cve-2021-4104: investigated: false @@ -10720,13 +11138,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Broadcloud Calling + - vendor: Broadcom + product: Symantec Endpoint Encryption (SEE) cves: cve-2021-4104: investigated: false @@ -10749,13 +11167,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco BroadWorks + - vendor: Broadcom + product: Symantec Endpoint Protection (SEP) cves: cve-2021-4104: investigated: false @@ -10778,13 +11196,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Catalyst 9800 Series Wireless Controllers + - vendor: Broadcom + product: Symantec Endpoint Protection (SEP) for Mobile cves: cve-2021-4104: investigated: false @@ -10807,13 +11225,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco CloudCenter Suite Admin + - vendor: Broadcom + product: Symantec Endpoint Protection Manager (SEPM) cves: cve-2021-4104: investigated: false @@ -10821,8 +11239,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '14.3' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10836,13 +11255,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco CloudCenter Workload Manager + - vendor: Broadcom + product: Symantec Identity Governance and Administration (IGA) cves: cve-2021-4104: investigated: false @@ -10865,13 +11284,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Cognitive Intelligence + - vendor: Broadcom + product: Symantec Mail Security for Microsoft Exchange (SMSMSE) cves: cve-2021-4104: investigated: false @@ -10894,13 +11313,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Common Services Platform Collector + - vendor: Broadcom + product: Symantec Messaging Gateway (SMG) cves: cve-2021-4104: investigated: false @@ -10923,13 +11342,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Computer Telephony Integration Object Server (CTIOS) + - vendor: Broadcom + product: Symantec PGP Solutions cves: cve-2021-4104: investigated: false @@ -10952,13 +11371,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Connected Grid Device Manager + - vendor: Broadcom + product: Symantec Protection Engine (SPE) cves: cve-2021-4104: investigated: false @@ -10981,13 +11400,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Connected Mobile Experiences + - vendor: Broadcom + product: Symantec Protection for SharePoint Servers (SPSS) cves: cve-2021-4104: investigated: false @@ -11010,13 +11429,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Connectivity + - vendor: Broadcom + product: VIP cves: cve-2021-4104: investigated: false @@ -11039,13 +11458,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Contact Center Domain Manager (CCDM) + - vendor: Broadcom + product: VIP Authentication Hub cves: cve-2021-4104: investigated: false @@ -11068,13 +11487,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Contact Center Management Portal (CCMP) + - vendor: Broadcom + product: Web Isolation (WI) cves: cve-2021-4104: investigated: false @@ -11097,13 +11516,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Crosswork Change Automation + - vendor: Broadcom + product: Web Security Service (WSS) cves: cve-2021-4104: investigated: false @@ -11126,13 +11545,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco CX Cloud Agent Software + - vendor: Broadcom + product: WebPulse cves: cve-2021-4104: investigated: false @@ -11155,13 +11574,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Data Center Network Manager (DCNM) + - vendor: C4b XPHONE + product: '' cves: cve-2021-4104: investigated: false @@ -11184,13 +11603,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.c4b.com/de/news/log4j.php notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Defense Orchestrator + - vendor: Campbell Scientific + product: All cves: cve-2021-4104: investigated: false @@ -11213,13 +11632,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://s.campbellsci.com/documents/us/miscellaneous/log4j2-vulnerability.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco DNA Assurance + last_updated: '2021-12-23T00:00:00' + - vendor: Camunda + product: '' cves: cve-2021-4104: investigated: false @@ -11242,13 +11661,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://forum.camunda.org/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228/31910 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco DNA Center + - vendor: Canary Labs + product: All cves: cve-2021-4104: investigated: false @@ -11271,13 +11690,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://helpcenter.canarylabs.com/t/83hjjk0/log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco DNA Spaces + last_updated: '2021-12-22T00:00:00' + - vendor: Canon + product: Canon DR Products CXDI_NE) cves: cve-2021-4104: investigated: false @@ -11285,10 +11704,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11300,13 +11720,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: Such as Omnera, FlexPro, Soltus references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Elastic Services Controller (ESC) + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: CT Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -11314,10 +11734,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11329,13 +11750,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Emergency Responder + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: Eye-Care Products cves: cve-2021-4104: investigated: false @@ -11343,10 +11764,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11358,13 +11780,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Enterprise Chat and Email + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: MR Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -11372,10 +11794,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11387,13 +11810,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Enterprise NFV Infrastructure Software (NFVIS) + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: NM Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -11401,10 +11824,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11416,13 +11840,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Evolved Programmable Network Manager + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: UL Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -11430,10 +11854,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11445,13 +11870,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Extensible Network Controller (XNC) + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: Vitrea Advanced 7.x cves: cve-2021-4104: investigated: false @@ -11459,8 +11884,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -11474,13 +11900,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Finesse + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: VL Alphenix Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -11488,8 +11914,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -11503,13 +11930,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Firepower Management Center + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: VL Infinix-i Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -11517,10 +11944,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11532,13 +11960,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Firepower Threat Defense (FTD) + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: XR Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -11546,10 +11974,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11561,13 +11990,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco GGSN Gateway GPRS Support Node + last_updated: '2022-02-02T00:00:00' + - vendor: CapStorm + product: Copystorm cves: cve-2021-4104: investigated: false @@ -11589,14 +12018,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco HyperFlex System + last_updated: '2021-12-22T00:00:00' + - vendor: CarbonBlack + product: '' cves: cve-2021-4104: investigated: false @@ -11619,13 +12047,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Identity Services Engine (ISE) + - vendor: Carestream + product: '' cves: cve-2021-4104: investigated: false @@ -11648,13 +12076,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Integrated Management Controller (IMC) Supervisor + last_updated: '2021-12-20T00:00:00' + - vendor: Carrier + product: '' cves: cve-2021-4104: investigated: false @@ -11677,13 +12105,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.corporate.carrier.com/product-security/advisories-resources/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Intersight + - vendor: CAS genesisWorld + product: '' cves: cve-2021-4104: investigated: false @@ -11706,13 +12134,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://helpdesk.cas.de/CASHelpdesk/FAQDetails.aspx?gguid=0x79F9E881EE3C46C1A71BE9EB3E480446 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Intersight Virtual Appliance + - vendor: Cato Networks + product: '' cves: cve-2021-4104: investigated: false @@ -11735,13 +12163,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.catonetworks.com/blog/cato-networks-rapid-response-to-the-apache-log4j-remote-code-execution-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco IOS and IOS XE Software + - vendor: Cepheid + product: C360 cves: cve-2021-4104: investigated: false @@ -11764,14 +12192,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.cepheid.com/en_US/legal/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco IoT Field Network Director (formerly Cisco Connected Grid Network - Management System) + last_updated: '2021-12-20T00:00:00' + - vendor: Cepheid + product: GeneXpert cves: cve-2021-4104: investigated: false @@ -11794,13 +12221,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.cepheid.com/en_US/legal/product-security-updates notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco IoT Operations Dashboard + last_updated: '2021-12-20T00:00:00' + - vendor: Cerberus FTP + product: '' cves: cve-2021-4104: investigated: false @@ -11823,13 +12250,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://support.cerberusftp.com/hc/en-us/articles/4412448183571-Cerberus-is-not-affected-by-CVE-2021-44228-log4j-0-day-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco IOx Fog Director + - vendor: Chaser Systems + product: discrimiNAT Firewall cves: cve-2021-4104: investigated: false @@ -11837,10 +12264,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11852,13 +12280,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://chasersystems.com/discrimiNAT/blog/log4shell-and-its-traces-in-a-network-egress-filter/#are-chasers-products-affected notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco IP Services Gateway (IPSG) + - vendor: Check Point + product: CloudGuard cves: cve-2021-4104: investigated: false @@ -11866,10 +12294,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11881,13 +12310,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Kinetic for Cities + - vendor: Check Point + product: Harmony Endpoint & Harmony Mobile cves: cve-2021-4104: investigated: false @@ -11895,10 +12324,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11910,13 +12340,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco MDS 9000 Series Multilayer Switches + - vendor: Check Point + product: Infinity Portal cves: cve-2021-4104: investigated: false @@ -11939,13 +12369,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Meeting Server + - vendor: Check Point + product: Quantum Security Gateway cves: cve-2021-4104: investigated: false @@ -11953,10 +12383,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11968,13 +12399,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco MME Mobility Management Entity + - vendor: Check Point + product: Quantum Security Management cves: cve-2021-4104: investigated: false @@ -11982,10 +12413,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://supportcontent.checkpoint.com/solutions?id=sk176865 + notes: Where used, uses the 1.8.0\_u241 version of the JRE that protects against + this attack by default. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Check Point + product: SMB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11997,13 +12460,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Modeling Labs + - vendor: Check Point + product: ThreatCloud cves: cve-2021-4104: investigated: false @@ -12026,13 +12489,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://supportcontent.checkpoint.com/solutions?id=sk176865 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Network Assessment (CNA) Tool + - vendor: CheckMK + product: '' cves: cve-2021-4104: investigated: false @@ -12055,13 +12518,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://forum.checkmk.com/t/checkmk-not-affected-by-log4shell/28643/3 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Network Assurance Engine + - vendor: Ciphermail + product: '' cves: cve-2021-4104: investigated: false @@ -12084,13 +12547,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://www.ciphermail.com/blog/ciphermail-gateway-and-webmail-messenger-are-not-vulnerable-to-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Network Convergence System 2000 Series + - vendor: CircleCI + product: CircleCI cves: cve-2021-4104: investigated: false @@ -12113,13 +12576,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://discuss.circleci.com/t/circleci-log4j-information-cve-2021-4422 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cisco - product: Cisco Network Planner + last_updated: '2021-12-21T00:00:00' + - vendor: CIS + product: '' cves: cve-2021-4104: investigated: false @@ -12142,13 +12605,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + - https://cisecurity.atlassian.net/servicedesk/customer/portal/15/article/2434301961 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Network Services Orchestrator (NSO) + product: AppDynamics cves: cve-2021-4104: investigated: false @@ -12177,7 +12640,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Nexus 5500 Platform Switches + product: Cisco ACI Multi-Site Orchestrator cves: cve-2021-4104: investigated: false @@ -12206,7 +12669,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Nexus 5600 Platform Switches + product: Cisco ACI Virtual Edge cves: cve-2021-4104: investigated: false @@ -12235,7 +12698,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Nexus 6000 Series Switches + product: Cisco Adaptive Security Appliance (ASA) Software cves: cve-2021-4104: investigated: false @@ -12264,7 +12727,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Nexus 7000 Series Switches + product: Cisco Advanced Web Security Reporting Application cves: cve-2021-4104: investigated: false @@ -12293,8 +12756,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure - (ACI) mode + product: Cisco AMP Virtual Private Cloud Appliance cves: cve-2021-4104: investigated: false @@ -12323,7 +12785,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Nexus Dashboard (formerly Cisco Application Services Engine) + product: Cisco AnyConnect Secure Mobility Client cves: cve-2021-4104: investigated: false @@ -12352,7 +12814,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Nexus Data Broker + product: Cisco Application Policy Infrastructure Controller (APIC) cves: cve-2021-4104: investigated: false @@ -12381,7 +12843,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Nexus Insights + product: Cisco ASR 5000 Series Routers cves: cve-2021-4104: investigated: false @@ -12410,7 +12872,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Optical Network Planner + product: Cisco Broadcloud Calling cves: cve-2021-4104: investigated: false @@ -12439,7 +12901,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Packaged Contact Center Enterprise + product: Cisco BroadWorks cves: cve-2021-4104: investigated: false @@ -12468,7 +12930,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Paging Server + product: Cisco Catalyst 9800 Series Wireless Controllers cves: cve-2021-4104: investigated: false @@ -12497,7 +12959,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Paging Server (InformaCast) + product: Cisco CloudCenter Suite Admin cves: cve-2021-4104: investigated: false @@ -12526,7 +12988,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco PDSN/HA Packet Data Serving Node and Home Agent + product: Cisco CloudCenter Workload Manager cves: cve-2021-4104: investigated: false @@ -12555,7 +13017,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco PGW Packet Data Network Gateway + product: Cisco Cognitive Intelligence cves: cve-2021-4104: investigated: false @@ -12584,7 +13046,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Policy Suite + product: Cisco Common Services Platform Collector cves: cve-2021-4104: investigated: false @@ -12613,7 +13075,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Central for Service Providers + product: Cisco Computer Telephony Integration Object Server (CTIOS) cves: cve-2021-4104: investigated: false @@ -12642,7 +13104,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Collaboration Manager + product: Cisco Connected Grid Device Manager cves: cve-2021-4104: investigated: false @@ -12671,7 +13133,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Collaboration Provisioning + product: Cisco Connected Mobile Experiences cves: cve-2021-4104: investigated: false @@ -12700,7 +13162,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Infrastructure + product: Cisco Connectivity cves: cve-2021-4104: investigated: false @@ -12729,7 +13191,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime License Manager + product: Cisco Contact Center Domain Manager (CCDM) cves: cve-2021-4104: investigated: false @@ -12758,7 +13220,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Network + product: Cisco Contact Center Management Portal (CCMP) cves: cve-2021-4104: investigated: false @@ -12787,7 +13249,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Optical for Service Providers + product: Cisco Crosswork Change Automation cves: cve-2021-4104: investigated: false @@ -12816,7 +13278,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Provisioning + product: Cisco CX Cloud Agent Software cves: cve-2021-4104: investigated: false @@ -12845,7 +13307,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Prime Service Catalog + product: Cisco Data Center Network Manager (DCNM) cves: cve-2021-4104: investigated: false @@ -12874,7 +13336,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Registered Envelope Service + product: Cisco Defense Orchestrator cves: cve-2021-4104: investigated: false @@ -12903,7 +13365,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco SD-WAN vEdge 1000 Series Routers + product: Cisco DNA Assurance cves: cve-2021-4104: investigated: false @@ -12932,7 +13394,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco SD-WAN vEdge 2000 Series Routers + product: Cisco DNA Center cves: cve-2021-4104: investigated: false @@ -12961,7 +13423,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco SD-WAN vEdge 5000 Series Routers + product: Cisco DNA Spaces cves: cve-2021-4104: investigated: false @@ -12990,7 +13452,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco SD-WAN vEdge Cloud Router Platform + product: Cisco Elastic Services Controller (ESC) cves: cve-2021-4104: investigated: false @@ -13019,7 +13481,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco SD-WAN vManage + product: Cisco Emergency Responder cves: cve-2021-4104: investigated: false @@ -13048,7 +13510,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Secure Network Analytics (SNA), formerly Stealthwatch + product: Cisco Enterprise Chat and Email cves: cve-2021-4104: investigated: false @@ -13077,7 +13539,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco SocialMiner + product: Cisco Enterprise NFV Infrastructure Software (NFVIS) cves: cve-2021-4104: investigated: false @@ -13106,7 +13568,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco System Architecture Evolution Gateway (SAEGW) + product: Cisco Evolved Programmable Network Manager cves: cve-2021-4104: investigated: false @@ -13135,7 +13597,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco TelePresence Management Suite + product: Cisco Extensible Network Controller (XNC) cves: cve-2021-4104: investigated: false @@ -13164,7 +13626,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco UCS Director + product: Cisco Finesse cves: cve-2021-4104: investigated: false @@ -13193,7 +13655,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco UCS Performance Manager + product: Cisco Firepower Management Center cves: cve-2021-4104: investigated: false @@ -13222,7 +13684,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Umbrella + product: Cisco Firepower Threat Defense (FTD) cves: cve-2021-4104: investigated: false @@ -13251,7 +13713,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Attendant Console Advanced + product: Cisco GGSN Gateway GPRS Support Node cves: cve-2021-4104: investigated: false @@ -13280,7 +13742,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Attendant Console Business Edition + product: Cisco HyperFlex System cves: cve-2021-4104: investigated: false @@ -13309,7 +13771,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Attendant Console Department Edition + product: Cisco Identity Services Engine (ISE) cves: cve-2021-4104: investigated: false @@ -13338,7 +13800,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Attendant Console Enterprise Edition + product: Cisco Integrated Management Controller (IMC) Supervisor cves: cve-2021-4104: investigated: false @@ -13367,7 +13829,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Attendant Console Premium Edition + product: Cisco Intersight cves: cve-2021-4104: investigated: false @@ -13396,7 +13858,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Communications Manager Cloud + product: Cisco Intersight Virtual Appliance cves: cve-2021-4104: investigated: false @@ -13425,7 +13887,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Contact Center Enterprise + product: Cisco IOS and IOS XE Software cves: cve-2021-4104: investigated: false @@ -13454,7 +13916,8 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Contact Center Enterprise - Live Data server + product: Cisco IoT Field Network Director (formerly Cisco Connected Grid Network + Management System) cves: cve-2021-4104: investigated: false @@ -13483,7 +13946,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Contact Center Express + product: Cisco IoT Operations Dashboard cves: cve-2021-4104: investigated: false @@ -13512,7 +13975,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified Intelligent Contact Management Enterprise + product: Cisco IOx Fog Director cves: cve-2021-4104: investigated: false @@ -13541,7 +14004,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Unified SIP Proxy Software + product: Cisco IP Services Gateway (IPSG) cves: cve-2021-4104: investigated: false @@ -13570,7 +14033,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Video Surveillance Operations Manager + product: Cisco Kinetic for Cities cves: cve-2021-4104: investigated: false @@ -13599,7 +14062,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM + product: Cisco MDS 9000 Series Multilayer Switches cves: cve-2021-4104: investigated: false @@ -13628,7 +14091,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Virtualized Voice Browser + product: Cisco Meeting Server cves: cve-2021-4104: investigated: false @@ -13657,7 +14120,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Vision Dynamic Signage Director + product: Cisco MME Mobility Management Entity cves: cve-2021-4104: investigated: false @@ -13686,7 +14149,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco WAN Automation Engine (WAE) + product: Cisco Modeling Labs cves: cve-2021-4104: investigated: false @@ -13715,7 +14178,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Web Security Appliance (WSA) + product: Cisco Network Assessment (CNA) Tool cves: cve-2021-4104: investigated: false @@ -13744,7 +14207,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Webex Cloud-Connected UC (CCUC) + product: Cisco Network Assurance Engine cves: cve-2021-4104: investigated: false @@ -13773,7 +14236,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Webex Meetings Server + product: Cisco Network Convergence System 2000 Series cves: cve-2021-4104: investigated: false @@ -13802,7 +14265,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Webex Teams + product: Cisco Network Planner cves: cve-2021-4104: investigated: false @@ -13831,7 +14294,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Cisco Wide Area Application Services (WAAS) + product: Cisco Network Services Orchestrator (NSO) cves: cve-2021-4104: investigated: false @@ -13860,7 +14323,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Duo + product: Cisco Nexus 5500 Platform Switches cves: cve-2021-4104: investigated: false @@ -13889,7 +14352,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: DUO network gateway (on-prem/self-hosted) + product: Cisco Nexus 5600 Platform Switches cves: cve-2021-4104: investigated: false @@ -13911,13 +14374,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: duo network gateway (on-prem/self-hosted) + product: Cisco Nexus 6000 Series Switches cves: cve-2021-4104: investigated: false @@ -13939,13 +14403,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Exony Virtualized Interaction Manager (VIM) + product: Cisco Nexus 7000 Series Switches cves: cve-2021-4104: investigated: false @@ -13974,7 +14439,8 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco - product: Managed Services Accelerator (MSX) Network Access Control Service + product: Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure + (ACI) mode cves: cve-2021-4104: investigated: false @@ -14002,8 +14468,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Citrix - product: Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) + - vendor: Cisco + product: Cisco Nexus Dashboard (formerly Cisco Application Services Engine) cves: cve-2021-4104: investigated: false @@ -14011,45 +14477,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All Platforms - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. - references: - - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Application Delivery Management (NetScaler MAS) - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All Platforms cve-2021-45046: investigated: false affected_versions: [] @@ -14061,17 +14492,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Cloud Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Nexus Data Broker cves: cve-2021-4104: investigated: false @@ -14094,17 +14521,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Connector Appliance for Cloud Services + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Nexus Insights cves: cve-2021-4104: investigated: false @@ -14127,18 +14550,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Content Collaboration (ShareFile Integration) – Citrix Files for - Windows, Citrix Files for Mac, Citrix Files for Outlook + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Optical Network Planner cves: cve-2021-4104: investigated: false @@ -14161,17 +14579,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Endpoint Management (Citrix XenMobile Server) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Packaged Contact Center Enterprise cves: cve-2021-4104: investigated: false @@ -14194,21 +14608,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: 'For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised - to apply the latest CEM rolling patch updates listed below as soon as possible - to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); - [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); - and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). - Note: Customers who have upgraded their XenMobile Server to the updated versions - are recommended not to apply the responder policy mentioned in the blog listed - below to the Citrix ADC vserver in front of the XenMobile Server as it may impact - the enrollment of Android devices. For CVE-2021-45105: Investigation in progress.' + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Hypervisor (XenServer) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Paging Server cves: cve-2021-4104: investigated: false @@ -14231,17 +14637,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix License Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Paging Server (InformaCast) cves: cve-2021-4104: investigated: false @@ -14264,17 +14666,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix SD-WAN + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco PDSN/HA Packet Data Serving Node and Home Agent cves: cve-2021-4104: investigated: false @@ -14282,11 +14680,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14298,17 +14695,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Virtual Apps and Desktops (XenApp & XenDesktop) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco PGW Packet Data Network Gateway cves: cve-2021-4104: investigated: false @@ -14331,20 +14724,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: - Customers are advised to apply the latest update as soon as possible to reduce - the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). - See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for - additional mitigations. For CVE-2021-45105: Investigation has shown that Linux - VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, - released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: - Linux VDA LTSR all versions; All other CVAD components.' + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: Citrix Workspace App + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Policy Suite cves: cve-2021-4104: investigated: false @@ -14352,11 +14738,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14368,17 +14753,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Citrix - product: ShareFile Storage Zones Controller + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Prime Central for Service Providers cves: cve-2021-4104: investigated: false @@ -14401,17 +14782,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Claris - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cisco + product: Cisco Prime Collaboration Manager cves: cve-2021-4104: investigated: false @@ -14434,13 +14811,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.claris.com/s/article/CVE-2021-44228-Apache-Log4j-Vulnerability-and-Claris-products?language=en_US + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: AM2CM Tool + - vendor: Cisco + product: Cisco Prime Collaboration Provisioning cves: cve-2021-4104: investigated: false @@ -14463,13 +14840,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Ambari + - vendor: Cisco + product: Cisco Prime Infrastructure cves: cve-2021-4104: investigated: false @@ -14477,42 +14854,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only versions 2.x - - 1.x - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Arcadia Enterprise - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - Only version 7.1.x - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14524,13 +14869,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: CDH, HDP, and HDF + - vendor: Cisco + product: Cisco Prime License Manager cves: cve-2021-4104: investigated: false @@ -14538,9 +14883,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only version 6.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14554,13 +14898,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: CDP Operational Database (COD) + - vendor: Cisco + product: Cisco Prime Network cves: cve-2021-4104: investigated: false @@ -14583,13 +14927,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: CDP Private Cloud Base + - vendor: Cisco + product: Cisco Prime Optical for Service Providers cves: cve-2021-4104: investigated: false @@ -14597,9 +14941,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only version 7.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14613,13 +14956,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: CDS 3 Powered by Apache Spark + - vendor: Cisco + product: Cisco Prime Provisioning cves: cve-2021-4104: investigated: false @@ -14627,9 +14970,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14643,13 +14985,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: CDS 3.2 for GPUs + - vendor: Cisco + product: Cisco Prime Service Catalog cves: cve-2021-4104: investigated: false @@ -14657,9 +14999,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14673,13 +15014,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Cybersecurity Platform + - vendor: Cisco + product: Cisco Registered Envelope Service cves: cve-2021-4104: investigated: false @@ -14687,9 +15028,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14703,13 +15043,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Data Engineering (CDE) + - vendor: Cisco + product: Cisco SD-WAN vEdge 1000 Series Routers cves: cve-2021-4104: investigated: false @@ -14732,13 +15072,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Data Engineering (CDE) + - vendor: Cisco + product: Cisco SD-WAN vEdge 2000 Series Routers cves: cve-2021-4104: investigated: false @@ -14746,9 +15086,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14762,13 +15101,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Data Flow (CFM) + - vendor: Cisco + product: Cisco SD-WAN vEdge 5000 Series Routers cves: cve-2021-4104: investigated: false @@ -14791,13 +15130,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Data Science Workbench (CDSW) + - vendor: Cisco + product: Cisco SD-WAN vEdge Cloud Router Platform cves: cve-2021-4104: investigated: false @@ -14805,10 +15144,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only versions 2.x - - 3.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14822,13 +15159,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Data Visualization (CDV) + - vendor: Cisco + product: Cisco SD-WAN vManage cves: cve-2021-4104: investigated: false @@ -14851,13 +15188,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Data Warehouse (CDW) + - vendor: Cisco + product: Cisco Secure Network Analytics (SNA), formerly Stealthwatch cves: cve-2021-4104: investigated: false @@ -14880,13 +15217,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Data Warehouse (CDW) + - vendor: Cisco + product: Cisco SocialMiner cves: cve-2021-4104: investigated: false @@ -14894,9 +15231,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14910,13 +15246,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera DataFlow (CDF) + - vendor: Cisco + product: Cisco System Architecture Evolution Gateway (SAEGW) cves: cve-2021-4104: investigated: false @@ -14939,13 +15275,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Edge Management (CEM) + - vendor: Cisco + product: Cisco TelePresence Management Suite cves: cve-2021-4104: investigated: false @@ -14953,9 +15289,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14969,13 +15304,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Enterprise + - vendor: Cisco + product: Cisco UCS Director cves: cve-2021-4104: investigated: false @@ -14983,9 +15318,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only version 6.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -14999,13 +15333,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Flow Management (CFM) + - vendor: Cisco + product: Cisco UCS Performance Manager cves: cve-2021-4104: investigated: false @@ -15013,9 +15347,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15029,13 +15362,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Machine Learning (CML) + - vendor: Cisco + product: Cisco Umbrella cves: cve-2021-4104: investigated: false @@ -15058,13 +15391,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Machine Learning (CML) + - vendor: Cisco + product: Cisco Unified Attendant Console Advanced cves: cve-2021-4104: investigated: false @@ -15072,9 +15405,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15088,14 +15420,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication - Manager) + - vendor: Cisco + product: Cisco Unified Attendant Console Business Edition cves: cve-2021-4104: investigated: false @@ -15103,9 +15434,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15119,14 +15449,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication - Manager) + - vendor: Cisco + product: Cisco Unified Attendant Console Department Edition cves: cve-2021-4104: investigated: false @@ -15134,11 +15463,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only versions 7.0.x - - 7.1.x - - 7.2.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15152,13 +15478,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Manager (Including Backup Disaster Recovery (BDR)) + - vendor: Cisco + product: Cisco Unified Attendant Console Enterprise Edition cves: cve-2021-4104: investigated: false @@ -15181,13 +15507,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Runtime (including Cloudera Data Hub and all Data Hub templates) + - vendor: Cisco + product: Cisco Unified Attendant Console Premium Edition cves: cve-2021-4104: investigated: false @@ -15195,11 +15521,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only versions 7.0.x - - 7.1.x - - 7.2.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15213,13 +15536,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Stream Processing (CSP) + - vendor: Cisco + product: Cisco Unified Communications Manager Cloud cves: cve-2021-4104: investigated: false @@ -15227,9 +15550,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15243,13 +15565,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Streaming Analytics (CSA) + - vendor: Cisco + product: Cisco Unified Contact Center Enterprise cves: cve-2021-4104: investigated: false @@ -15272,13 +15594,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Cloudera Streaming Analytics (CSA) + - vendor: Cisco + product: Cisco Unified Contact Center Enterprise - Live Data server cves: cve-2021-4104: investigated: false @@ -15301,13 +15623,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Data Analytics Studio (DAS) + - vendor: Cisco + product: Cisco Unified Contact Center Express cves: cve-2021-4104: investigated: false @@ -15330,13 +15652,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Data Catalog + - vendor: Cisco + product: Cisco Unified Intelligent Contact Management Enterprise cves: cve-2021-4104: investigated: false @@ -15359,13 +15681,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Data Lifecycle Manager (DLM) + - vendor: Cisco + product: Cisco Unified SIP Proxy Software cves: cve-2021-4104: investigated: false @@ -15388,13 +15710,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Data Steward Studio (DSS) + - vendor: Cisco + product: Cisco Video Surveillance Operations Manager cves: cve-2021-4104: investigated: false @@ -15402,9 +15724,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15418,13 +15739,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Hortonworks Data Flow (HDF) + - vendor: Cisco + product: Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM cves: cve-2021-4104: investigated: false @@ -15447,13 +15768,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Hortonworks Data Platform (HDP) + - vendor: Cisco + product: Cisco Virtualized Voice Browser cves: cve-2021-4104: investigated: false @@ -15461,11 +15782,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Only versions 7.1.x - - 2.7.x - - 2.6.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15479,13 +15797,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Hortonworks DataPlane Platform + - vendor: Cisco + product: Cisco Vision Dynamic Signage Director cves: cve-2021-4104: investigated: false @@ -15508,13 +15826,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Management Console + - vendor: Cisco + product: Cisco WAN Automation Engine (WAE) cves: cve-2021-4104: investigated: false @@ -15522,9 +15840,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15538,13 +15855,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Management Console for CDP Public Cloud + - vendor: Cisco + product: Cisco Web Security Appliance (WSA) cves: cve-2021-4104: investigated: false @@ -15567,13 +15884,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Replication Manager + - vendor: Cisco + product: Cisco Webex Cloud-Connected UC (CCUC) cves: cve-2021-4104: investigated: false @@ -15596,13 +15913,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: SmartSense + - vendor: Cisco + product: Cisco Webex Meetings Server cves: cve-2021-4104: investigated: false @@ -15625,13 +15942,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Workload Manager + - vendor: Cisco + product: Cisco Webex Teams cves: cve-2021-4104: investigated: false @@ -15654,13 +15971,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Workload XM + - vendor: Cisco + product: Cisco Wide Area Application Services (WAAS) cves: cve-2021-4104: investigated: false @@ -15668,9 +15985,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15684,13 +16000,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudera - product: Workload XM (SaaS) + - vendor: Cisco + product: Duo cves: cve-2021-4104: investigated: false @@ -15713,13 +16029,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CloudFlare - product: '' + - vendor: Cisco + product: DUO network gateway (on-prem/self-hosted) cves: cve-2021-4104: investigated: false @@ -15741,14 +16057,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/ + vendor_links: [] notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudian HyperStore - product: '' + - vendor: Cisco + product: duo network gateway (on-prem/self-hosted) cves: cve-2021-4104: investigated: false @@ -15770,14 +16085,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://cloudian-support.force.com/s/article/SECURITY-Cloudian-HyperStore-Log4j-vulnerability-CVE-2021-44228 + vendor_links: [] notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudogu - product: Ecosystem + - vendor: Cisco + product: Exony Virtualized Interaction Manager (VIM) cves: cve-2021-4104: investigated: false @@ -15785,9 +16099,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -15801,13 +16114,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.cloudogu.com/t/security-vulnerability-log4shell-cve-2021-44228/417 + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudogu - product: SCM-Manager + - vendor: Cisco + product: Managed Services Accelerator (MSX) Network Access Control Service cves: cve-2021-4104: investigated: false @@ -15830,13 +16143,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://scm-manager.org/blog/posts/2021-12-13-log4shell/ + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cloudron - product: '' + - vendor: Citrix + product: Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) cves: cve-2021-4104: investigated: false @@ -15844,10 +16157,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: investigated: false affected_versions: [] @@ -15859,13 +16173,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.cloudron.io/topic/6153/log4j-and-log4j2-library-vulnerability?lang=en-US - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Clover - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Application Delivery Management (NetScaler MAS) cves: cve-2021-4104: investigated: false @@ -15873,10 +16191,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: investigated: false affected_versions: [] @@ -15888,13 +16207,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.clover.com/articles/35868/apache-log4j-vulnerability-cve-2021-44228.html - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Code42 - product: Code42 App + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Cloud Connector cves: cve-2021-4104: investigated: false @@ -15902,10 +16225,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 8.8.1 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -15918,13 +16240,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Code42 - product: Crashplan + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Connector Appliance for Cloud Services cves: cve-2021-4104: investigated: false @@ -15932,10 +16258,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -15948,14 +16273,18 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates - notes: The CrashPlan app is EOL and is now called Code42. If you detect CrashPlan - installed, it is vulnerable. You can update easily to Code42 8.8.1 or newer. + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - - '[https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/](https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/)' - last_updated: '2021-12-16T00:00:00' - - vendor: CodeBeamer - product: '' + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Content Collaboration (ShareFile Integration) – Citrix Files for + Windows, Citrix Files for Mac, Citrix Files for Outlook cves: cve-2021-4104: investigated: false @@ -15978,13 +16307,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://codebeamer.com/cb/wiki/19872365 - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Codesys - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Endpoint Management (Citrix XenMobile Server) cves: cve-2021-4104: investigated: false @@ -16007,13 +16340,21 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.codesys.com/news-events/news/article/log4j-not-used-in-codesys.html - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: 'For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised + to apply the latest CEM rolling patch updates listed below as soon as possible + to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); + [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); + and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). + Note: Customers who have upgraded their XenMobile Server to the updated versions + are recommended not to apply the responder policy mentioned in the blog listed + below to the Citrix ADC vserver in front of the XenMobile Server as it may impact + the enrollment of Android devices. For CVE-2021-45105: Investigation in progress.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cohesity - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Hypervisor (XenServer) cves: cve-2021-4104: investigated: false @@ -16036,13 +16377,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.cohesity.com/s/article/Security-Advisory-Apache-Log4j-Remote-Code-Execution-RCE-CVE-2021-44228 - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CommVault - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix License Server cves: cve-2021-4104: investigated: false @@ -16065,13 +16410,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://documentation.commvault.com/v11/essential/146231_security_vulnerability_and_reporting.html - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Concourse - product: Concourse + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix SD-WAN cves: cve-2021-4104: investigated: false @@ -16079,10 +16428,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: investigated: false affected_versions: [] @@ -16094,13 +16444,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/concourse/concourse/discussions/7887 - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ConcreteCMS.com - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Virtual Apps and Desktops (XenApp & XenDesktop) cves: cve-2021-4104: investigated: false @@ -16123,13 +16477,20 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.concretecms.com/about/blog/security/concrete-log4j-zero-day-exploit - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: + Customers are advised to apply the latest update as soon as possible to reduce + the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). + See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for + additional mitigations. For CVE-2021-45105: Investigation has shown that Linux + VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, + released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: + Linux VDA LTSR all versions; All other CVAD components.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Confluent - product: Confluent Cloud + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: Citrix Workspace App cves: cve-2021-4104: investigated: false @@ -16139,9 +16500,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - N/A - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: investigated: false affected_versions: [] @@ -16153,13 +16514,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent ElasticSearch Sink Connector + last_updated: '2021-12-21T00:00:00' + - vendor: Citrix + product: ShareFile Storage Zones Controller cves: cve-2021-4104: investigated: false @@ -16167,9 +16532,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <11.1.7 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16183,13 +16547,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors - notes: '' + - https://support.citrix.com/article/CTX335705 + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent for Kubernetes + last_updated: '2021-12-21T00:00:00' + - vendor: Claris + product: '' cves: cve-2021-4104: investigated: false @@ -16197,11 +16565,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -16213,13 +16580,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://support.claris.com/s/article/CVE-2021-44228-Apache-Log4j-Vulnerability-and-Claris-products?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent Google DataProc Sink Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: AM2CM Tool cves: cve-2021-4104: investigated: false @@ -16227,9 +16594,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <1.1.5 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16243,13 +16609,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent HDFS 2 Sink Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Ambari cves: cve-2021-4104: investigated: false @@ -16259,7 +16625,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - <10.1.3 + - Only versions 2.x + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16273,13 +16640,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent HDFS 3 Sink Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Arcadia Enterprise cves: cve-2021-4104: investigated: false @@ -16289,7 +16656,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <1.1.8 + - Only version 7.1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16303,13 +16670,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent Kafka Connectors + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: CDH, HDP, and HDF cves: cve-2021-4104: investigated: false @@ -16318,10 +16685,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Only version 6.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -16333,13 +16700,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent Platform + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: CDP Operational Database (COD) cves: cve-2021-4104: investigated: false @@ -16347,9 +16714,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <7.0.1 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16363,13 +16729,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent Splunk Sink Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: CDP Private Cloud Base cves: cve-2021-4104: investigated: false @@ -16379,7 +16745,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <2.05 + - Only version 7.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16393,13 +16759,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Confluent - product: Confluent VMWare Tanzu GemFire Sink Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: CDS 3 Powered by Apache Spark cves: cve-2021-4104: investigated: false @@ -16409,7 +16775,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <1.0.8 + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16423,13 +16789,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Connect2id - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: CDS 3.2 for GPUs cves: cve-2021-4104: investigated: false @@ -16437,8 +16803,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16452,13 +16819,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://connect2id.com/blog/connect2id-server-12-5-1 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ConnectWise - product: '' + - vendor: Cloudera + product: Cloudera Cybersecurity Platform cves: cve-2021-4104: investigated: false @@ -16466,8 +16833,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16481,13 +16849,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.connectwise.com/company/trust/advisories + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ContrastSecurity - product: '' + - vendor: Cloudera + product: Cloudera Data Engineering (CDE) cves: cve-2021-4104: investigated: false @@ -16510,13 +16878,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.contrastsecurity.com/hc/en-us/articles/4412612486548 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ControlUp - product: '' + - vendor: Cloudera + product: Cloudera Data Engineering (CDE) cves: cve-2021-4104: investigated: false @@ -16524,8 +16892,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16539,13 +16908,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.controlup.com/incidents/qqyvh7b1dz8k + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: COPADATA - product: All + - vendor: Cloudera + product: Cloudera Data Flow (CFM) cves: cve-2021-4104: investigated: false @@ -16568,13 +16937,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.copadata.com/fileadmin/user_upload/faq/files/InformationReport_CVE_2021_44228.pdf + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: CouchBase - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Data Science Workbench (CDSW) cves: cve-2021-4104: investigated: false @@ -16582,8 +16951,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Only versions 2.x + - 3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16597,13 +16968,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CPanel - product: '' + - vendor: Cloudera + product: Cloudera Data Visualization (CDV) cves: cve-2021-4104: investigated: false @@ -16626,13 +16997,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/ + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Cradlepoint - product: '' + - vendor: Cloudera + product: Cloudera Data Warehouse (CDW) cves: cve-2021-4104: investigated: false @@ -16655,13 +17026,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cradlepoint.com/vulnerability-alerts/cve-2021-44228-apache-log4j-security-vulnerabilities/ + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Crestron - product: '' + - vendor: Cloudera + product: Cloudera Data Warehouse (CDW) cves: cve-2021-4104: investigated: false @@ -16669,8 +17040,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16684,13 +17056,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.crestron.com/Security/Security_Advisories/Apache-Log4j + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: CrushFTP - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera DataFlow (CDF) cves: cve-2021-4104: investigated: false @@ -16713,13 +17085,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.crushftp.com/download.html + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CryptShare - product: '' + - vendor: Cloudera + product: Cloudera Edge Management (CEM) cves: cve-2021-4104: investigated: false @@ -16727,8 +17099,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16742,13 +17115,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.cryptshare.com/en/support/cryptshare-support/#c67572 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CyberArk - product: Privileged Threat Analytics (PTA) + - vendor: Cloudera + product: Cloudera Enterprise cves: cve-2021-4104: investigated: false @@ -16757,38 +17130,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - N/A - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cyberark-customers.force.com/s/article/Critical-Vulnerability-CVE-2021-44228 - notes: '' - references: - - This advisory is available to customers only and has not been reviewed by - CISA. - last_updated: '2021-12-14T00:00:00' - - vendor: Cybereason - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] + affected_versions: + - Only version 6.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16802,13 +17145,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: CyberRes - product: '' + - vendor: Cloudera + product: Cloudera Flow Management (CFM) cves: cve-2021-4104: investigated: false @@ -16816,8 +17159,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16831,13 +17175,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44228 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Daktronics - product: All Sport Pro + - vendor: Cloudera + product: Cloudera Machine Learning (CML) cves: cve-2021-4104: investigated: false @@ -16860,13 +17204,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Dakronics Media Player + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Machine Learning (CML) cves: cve-2021-4104: investigated: false @@ -16875,10 +17219,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions fixed_versions: [] - unaffected_versions: - - DMP (any series) + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -16890,13 +17234,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Dakronics Web Player + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication + Manager) cves: cve-2021-4104: investigated: false @@ -16904,9 +17249,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - DWP-1000 + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16920,14 +17265,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 - notes: 'DWP-1000: Not present in our codebase, but awaiting confirmation from - LG re: webOS platform.' + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Data Vision Software (DVS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication + Manager) cves: cve-2021-4104: investigated: false @@ -16935,8 +17280,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Only versions 7.0.x + - 7.1.x + - 7.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -16950,14 +17298,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 - notes: DVS has one microservice that uses Log4j, but it uses a version that is - not impacted. + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Dynamic Messaging System (DMS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Manager (Including Backup Disaster Recovery (BDR)) cves: cve-2021-4104: investigated: false @@ -16980,13 +17327,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Dynamic Messaging System - DMS Core Player + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Runtime (including Cloudera Data Hub and all Data Hub templates) cves: cve-2021-4104: investigated: false @@ -16995,10 +17342,12 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Only versions 7.0.x + - 7.1.x + - 7.2.x fixed_versions: [] - unaffected_versions: - - P10 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17010,13 +17359,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Dynamic Messaging System - DMS Player hardware + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Stream Processing (CSP) cves: cve-2021-4104: investigated: false @@ -17025,16 +17374,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions fixed_versions: [] - unaffected_versions: - - AMP-R200 - - AMP-R400 - - AMP-R800 - - AMP-SM100 - - AMP-SE100 - - AMP-SM200 - - AMP-SM400 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17046,13 +17389,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Dynamic Messaging System - DMS Web Player + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Streaming Analytics (CSA) cves: cve-2021-4104: investigated: false @@ -17075,14 +17418,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 - notes: 'DMS Web Player: Not present in our codebase, but awaiting confirmation - from LG re: webOS platform.' + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 + notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: IBoot - Dataprobe IBoot Devices + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Cloudera Streaming Analytics (CSA) cves: cve-2021-4104: investigated: false @@ -17090,15 +17432,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - A-3257 - - '3256' - - '2270' - - '2269' - - '1978' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17110,13 +17447,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Outdoor Smartlink Devices + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Data Analytics Studio (DAS) cves: cve-2021-4104: investigated: false @@ -17124,17 +17461,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - A-3189335 - - '3128' - - '3416' - - '3418' - - '3707' - - '3708' - - '3709' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17146,13 +17476,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Routers - Cisco Meraki Z3/Z3c Routers + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Data Catalog cves: cve-2021-4104: investigated: false @@ -17160,11 +17490,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - A-4036028 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17176,13 +17505,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Routers - Cisco Z1 Routers + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Data Lifecycle Manager (DLM) cves: cve-2021-4104: investigated: false @@ -17190,11 +17519,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - A-3665 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17206,13 +17534,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Routers - Sierra Wireless RV50x/RV50 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Data Steward Studio (DSS) cves: cve-2021-4104: investigated: false @@ -17220,9 +17548,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - A-3350704 + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17236,13 +17564,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Show Control System (SCS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Hortonworks Data Flow (HDF) cves: cve-2021-4104: investigated: false @@ -17265,13 +17593,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Vanguard + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Hortonworks Data Platform (HDP) cves: cve-2021-4104: investigated: false @@ -17279,8 +17607,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Only versions 7.1.x + - 2.7.x + - 2.6.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17294,13 +17625,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Venus 1500 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Hortonworks DataPlane Platform cves: cve-2021-4104: investigated: false @@ -17323,13 +17654,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Venus Control Suite (VCS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Management Console cves: cve-2021-4104: investigated: false @@ -17337,8 +17668,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17352,13 +17684,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Video Image Processors + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Management Console for CDP Public Cloud cves: cve-2021-4104: investigated: false @@ -17366,43 +17698,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - VIP-5060/VIP-5160/VIP-4060 - cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 - notes: '' - references: - - '' - last_updated: '2022-01-06T00:00:00' - - vendor: Daktronics - product: Webcam - Mobotix - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - A-2242 - - A-3127 - - A-3719 cve-2021-45046: investigated: false affected_versions: [] @@ -17414,13 +17713,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.daktronics.com/en-us/support/kb/000025337 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: DarkTrace - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cloudera + product: Replication Manager cves: cve-2021-4104: investigated: false @@ -17443,13 +17742,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://customerportal.darktrace.com/inside-the-soc/get-article/201 + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Dassault Systèmes - product: '' + - vendor: Cloudera + product: SmartSense cves: cve-2021-4104: investigated: false @@ -17472,13 +17771,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Databricks - product: '' + - vendor: Cloudera + product: Workload Manager cves: cve-2021-4104: investigated: false @@ -17501,13 +17800,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.google.com/document/d/e/2PACX-1vREjwZk17BAHGwj5Phizi4DPFS9EIUbAMX-CswlgbFwqwKXNKZC8MrT-L6wUgfIChsSHtvd_QD3-659/pub + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Datadog - product: Datadog Agent + - vendor: Cloudera + product: Workload XM cves: cve-2021-4104: investigated: false @@ -17516,12 +17815,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - '>=6.17.0' - - <=6.32.2 - - '>=7.17.0' - - <=7.32.2 + affected_versions: + - All versions + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -17534,13 +17830,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.datadoghq.com/log4j-vulnerability/ + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Dataminer - product: '' + - vendor: Cloudera + product: Workload XM (SaaS) cves: cve-2021-4104: investigated: false @@ -17563,12 +17859,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.dataminer.services/responding-to-log4shell-vulnerability/ + - https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Datev + - vendor: CloudFlare product: '' cves: cve-2021-4104: @@ -17592,12 +17888,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.datev-community.de/t5/Freie-Themen/Log4-J-Schwachstelle/m-p/258185/highlight/true#M14308 + - https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Datto + - vendor: Cloudian HyperStore product: '' cves: cve-2021-4104: @@ -17621,13 +17917,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.datto.com/blog/dattos-response-to-log4shell + - https://cloudian-support.force.com/s/article/SECURITY-Cloudian-HyperStore-Log4j-vulnerability-CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: dCache.org - product: '' + - vendor: Cloudogu + product: Ecosystem cves: cve-2021-4104: investigated: false @@ -17635,8 +17931,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -17650,13 +17947,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dcache.org/post/log4j-vulnerability/ + - https://community.cloudogu.com/t/security-vulnerability-log4shell-cve-2021-44228/417 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Debian - product: '' + - vendor: Cloudogu + product: SCM-Manager cves: cve-2021-4104: investigated: false @@ -17679,12 +17976,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security-tracker.debian.org/tracker/CVE-2021-44228 + - https://scm-manager.org/blog/posts/2021-12-13-log4shell/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Deepinstinct + - vendor: Cloudron product: '' cves: cve-2021-4104: @@ -17708,13 +18005,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-what-you-need-to-know + - https://forum.cloudron.io/topic/6153/log4j-and-log4j2-library-vulnerability?lang=en-US notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Dell - product: '"Dell EMC PowerMax VMAX VMAX3 and VMAX AFA"' + - vendor: Clover + product: '' cves: cve-2021-4104: investigated: false @@ -17722,41 +18019,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A - cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: '"Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC"' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -17768,13 +18034,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://community.clover.com/articles/35868/apache-log4j-vulnerability-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware Command Center + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Code42 + product: Code42 App cves: cve-2021-4104: investigated: false @@ -17784,9 +18050,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - 8.8.1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17798,13 +18064,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware OC Controls + last_updated: '2021-12-22T00:00:00' + - vendor: Code42 + product: Crashplan cves: cve-2021-4104: investigated: false @@ -17814,9 +18080,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17828,13 +18094,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates + notes: The CrashPlan app is EOL and is now called Code42. If you detect CrashPlan + installed, it is vulnerable. You can update easily to Code42 8.8.1 or newer. references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware On Screen Display + - '[https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/](https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/)' + last_updated: '2021-12-16T00:00:00' + - vendor: CodeBeamer + product: '' cves: cve-2021-4104: investigated: false @@ -17842,11 +18109,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17858,13 +18124,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://codebeamer.com/cb/wiki/19872365 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware Update + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Codesys + product: '' cves: cve-2021-4104: investigated: false @@ -17872,11 +18138,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17888,13 +18153,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.codesys.com/news-events/news/article/log4j-not-used-in-codesys.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: APEX Console + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cohesity + product: '' cves: cve-2021-4104: investigated: false @@ -17902,10 +18167,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - N/A + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -17918,13 +18182,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + - https://support.cohesity.com/s/article/Security-Advisory-Apache-Log4j-Remote-Code-Execution-RCE-CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: APEX Data Storage Services + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CommVault + product: '' cves: cve-2021-4104: investigated: false @@ -17947,13 +18211,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patch in progress + - https://documentation.commvault.com/v11/essential/146231_security_vulnerability_and_reporting.html + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Atmos + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Concourse + product: Concourse cves: cve-2021-4104: investigated: false @@ -17961,11 +18225,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -17977,13 +18240,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://github.com/concourse/concourse/discussions/7887 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Azure Stack HCI + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ConcreteCMS.com + product: '' cves: cve-2021-4104: investigated: false @@ -17991,11 +18254,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18007,13 +18269,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.concretecms.com/about/blog/security/concrete-log4j-zero-day-exploit notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: CalMAN Powered Calibration Firmware + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Confluent + product: Confluent Cloud cves: cve-2021-4104: investigated: false @@ -18023,9 +18285,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18037,13 +18299,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: CalMAN Ready for Dell + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent ElasticSearch Sink Connector cves: cve-2021-4104: investigated: false @@ -18052,10 +18314,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <11.1.7 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18067,13 +18329,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Centera + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent for Kubernetes cves: cve-2021-4104: investigated: false @@ -18097,13 +18359,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Chameleon Linux Based Diagnostics + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent Google DataProc Sink Connector cves: cve-2021-4104: investigated: false @@ -18112,10 +18374,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <1.1.5 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18127,13 +18389,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Chassis Management Controller (CMC) + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent HDFS 2 Sink Connector cves: cve-2021-4104: investigated: false @@ -18142,10 +18404,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <10.1.3 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18157,13 +18419,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: China HDD Deluxe + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent HDFS 3 Sink Connector cves: cve-2021-4104: investigated: false @@ -18172,10 +18434,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <1.1.8 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18187,13 +18449,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Cloud IQ + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent Kafka Connectors cves: cve-2021-4104: investigated: false @@ -18201,10 +18463,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -18216,13 +18479,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Cloud Mobility for Dell EMC Storage + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent Platform cves: cve-2021-4104: investigated: false @@ -18231,10 +18494,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <7.0.1 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18246,13 +18509,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Cloud Tiering Appliance + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent Splunk Sink Connector cves: cve-2021-4104: investigated: false @@ -18261,10 +18524,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <2.05 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18276,13 +18539,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Connectrix (Cisco MDS 9000 switches) + last_updated: '2021-12-17T00:00:00' + - vendor: Confluent + product: Confluent VMWare Tanzu GemFire Sink Connector cves: cve-2021-4104: investigated: false @@ -18291,10 +18554,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <1.0.8 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18306,13 +18569,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Connectrix (Cisco MDS DCNM) + last_updated: '2021-12-17T00:00:00' + - vendor: Connect2id + product: '' cves: cve-2021-4104: investigated: false @@ -18335,13 +18598,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + - https://connect2id.com/blog/connect2id-server-12-5-1 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Connectrix B-Series SANnav + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ConnectWise + product: '' cves: cve-2021-4104: investigated: false @@ -18349,9 +18612,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 2.1.1 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -18365,13 +18627,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 3/31/2022 + - https://www.connectwise.com/company/trust/advisories + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Connextrix B Series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ContrastSecurity + product: '' cves: cve-2021-4104: investigated: false @@ -18379,11 +18641,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18395,13 +18656,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://support.contrastsecurity.com/hc/en-us/articles/4412612486548 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: CyberSecIQ Application + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ControlUp + product: '' cves: cve-2021-4104: investigated: false @@ -18409,11 +18670,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18425,13 +18685,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://status.controlup.com/incidents/qqyvh7b1dz8k notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: CyberSense for PowerProtect Cyber Recovery + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: COPADATA + product: All cves: cve-2021-4104: investigated: false @@ -18439,11 +18699,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18455,13 +18714,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.copadata.com/fileadmin/user_upload/faq/files/InformationReport_CVE_2021_44228.pdf notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Data Domain OS + last_updated: '2022-01-06T00:00:00' + - vendor: CouchBase + product: '' cves: cve-2021-4104: investigated: false @@ -18469,9 +18728,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Versions between 7.3.0.5 and 7.7.0.6;Versions before 7.6.0.30 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -18485,13 +18743,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-274 + - https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell BSAFE Crypto-C Micro Edition + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CPanel + product: '' cves: cve-2021-4104: investigated: false @@ -18499,11 +18757,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18515,13 +18772,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell BSAFE Crypto-J + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Cradlepoint + product: '' cves: cve-2021-4104: investigated: false @@ -18529,11 +18786,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18545,13 +18801,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://cradlepoint.com/vulnerability-alerts/cve-2021-44228-apache-log4j-security-vulnerabilities/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell BSAFE Micro Edition Suite + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Crestron + product: '' cves: cve-2021-4104: investigated: false @@ -18559,11 +18815,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18575,13 +18830,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.crestron.com/Security/Security_Advisories/Apache-Log4j notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Calibration Assistant + last_updated: '2021-12-20T00:00:00' + - vendor: CrushFTP + product: '' cves: cve-2021-4104: investigated: false @@ -18589,11 +18844,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18605,13 +18859,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.crushftp.com/download.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Cinema Color + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CryptShare + product: '' cves: cve-2021-4104: investigated: false @@ -18619,11 +18873,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18635,13 +18888,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.cryptshare.com/en/support/cryptshare-support/#c67572 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Cloud Command Repository Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CyberArk + product: Privileged Threat Analytics (PTA) cves: cve-2021-4104: investigated: false @@ -18651,9 +18904,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18665,13 +18918,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://cyberark-customers.force.com/s/article/Critical-Vulnerability-CVE-2021-44228 notes: '' references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Cloud Management Agent + - This advisory is available to customers only and has not been reviewed by + CISA. + last_updated: '2021-12-14T00:00:00' + - vendor: Cybereason + product: '' cves: cve-2021-4104: investigated: false @@ -18679,11 +18933,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18695,13 +18948,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Color Management + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: CyberRes + product: '' cves: cve-2021-4104: investigated: false @@ -18709,11 +18962,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18725,13 +18977,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Command Configure + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Daktronics + product: All Sport Pro cves: cve-2021-4104: investigated: false @@ -18739,11 +18991,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18755,13 +19006,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Command Integration Suite for System Center + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Dakronics Media Player cves: cve-2021-4104: investigated: false @@ -18773,7 +19024,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - DMP (any series) cve-2021-45046: investigated: false affected_versions: [] @@ -18785,13 +19036,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Command Intel vPro Out of Band + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Dakronics Web Player cves: cve-2021-4104: investigated: false @@ -18799,11 +19050,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] + investigated: false + affected_versions: + - DWP-1000 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18815,13 +19066,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: 'DWP-1000: Not present in our codebase, but awaiting confirmation from + LG re: webOS platform.' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Command Monitor + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Data Vision Software (DVS) cves: cve-2021-4104: investigated: false @@ -18829,11 +19081,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18845,13 +19096,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: DVS has one microservice that uses Log4j, but it uses a version that is + not impacted. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Command Power Manager + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Dynamic Messaging System (DMS) cves: cve-2021-4104: investigated: false @@ -18859,11 +19111,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18875,13 +19126,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Command PowerShell Provider + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Dynamic Messaging System - DMS Core Player cves: cve-2021-4104: investigated: false @@ -18893,7 +19144,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - P10 cve-2021-45046: investigated: false affected_versions: [] @@ -18905,13 +19156,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Command Update + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Dynamic Messaging System - DMS Player hardware cves: cve-2021-4104: investigated: false @@ -18923,7 +19174,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - AMP-R200 + - AMP-R400 + - AMP-R800 + - AMP-SM100 + - AMP-SE100 + - AMP-SM200 + - AMP-SM400 cve-2021-45046: investigated: false affected_versions: [] @@ -18935,13 +19192,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Customer Connect + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Dynamic Messaging System - DMS Web Player cves: cve-2021-4104: investigated: false @@ -18949,11 +19206,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -18965,13 +19221,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + - https://www.daktronics.com/en-us/support/kb/000025337 + notes: 'DMS Web Player: Not present in our codebase, but awaiting confirmation + from LG re: webOS platform.' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Data Guardian* + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: IBoot - Dataprobe IBoot Devices cves: cve-2021-4104: investigated: false @@ -18983,7 +19240,11 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - A-3257 + - '3256' + - '2270' + - '2269' + - '1978' cve-2021-45046: investigated: false affected_versions: [] @@ -18995,13 +19256,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Data Protection* + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Outdoor Smartlink Devices cves: cve-2021-4104: investigated: false @@ -19013,7 +19274,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - A-3189335 + - '3128' + - '3416' + - '3418' + - '3707' + - '3708' + - '3709' cve-2021-45046: investigated: false affected_versions: [] @@ -19025,13 +19292,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Data Recovery Environment + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Routers - Cisco Meraki Z3/Z3c Routers cves: cve-2021-4104: investigated: false @@ -19043,7 +19310,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - A-4036028 cve-2021-45046: investigated: false affected_versions: [] @@ -19055,13 +19322,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Data Vault + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Routers - Cisco Z1 Routers cves: cve-2021-4104: investigated: false @@ -19073,7 +19340,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - A-3665 cve-2021-45046: investigated: false affected_versions: [] @@ -19085,13 +19352,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Data Vault for Chrome OS + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Routers - Sierra Wireless RV50x/RV50 cves: cve-2021-4104: investigated: false @@ -19099,11 +19366,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] + investigated: false + affected_versions: + - A-3350704 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19115,13 +19382,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Deployment Agent + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Show Control System (SCS) cves: cve-2021-4104: investigated: false @@ -19129,11 +19396,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19145,13 +19411,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Digital Delivery + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Vanguard cves: cve-2021-4104: investigated: false @@ -19159,11 +19425,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19175,13 +19440,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Direct USB Key + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Venus 1500 cves: cve-2021-4104: investigated: false @@ -19189,11 +19454,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19205,13 +19469,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Display Manager 1.5 for Windows / macOS + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Venus Control Suite (VCS) cves: cve-2021-4104: investigated: false @@ -19219,11 +19483,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19235,13 +19498,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Display Manager 2.0 for Windows / macOS + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Video Image Processors cves: cve-2021-4104: investigated: false @@ -19253,7 +19516,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - VIP-5060/VIP-5160/VIP-4060 cve-2021-45046: investigated: false affected_versions: [] @@ -19265,13 +19528,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC AppSync + last_updated: '2022-01-06T00:00:00' + - vendor: Daktronics + product: Webcam - Mobotix cves: cve-2021-4104: investigated: false @@ -19283,7 +19546,9 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - A-2242 + - A-3127 + - A-3719 cve-2021-45046: investigated: false affected_versions: [] @@ -19295,13 +19560,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.daktronics.com/en-us/support/kb/000025337 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Avamar + last_updated: '2022-01-06T00:00:00' + - vendor: DarkTrace + product: '' cves: cve-2021-4104: investigated: false @@ -19309,9 +19574,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"18.2 19.1 19.2 19.3 19.4"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -19325,13 +19589,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + - https://customerportal.darktrace.com/inside-the-soc/get-article/201 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC BSN Controller Node + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Dassault Systèmes + product: '' cves: cve-2021-4104: investigated: false @@ -19354,13 +19618,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-305 + - https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Cloud Disaster Recovery + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Databricks + product: '' cves: cve-2021-4104: investigated: false @@ -19368,9 +19632,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - N/A + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -19384,13 +19647,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + - https://docs.google.com/document/d/e/2PACX-1vREjwZk17BAHGwj5Phizi4DPFS9EIUbAMX-CswlgbFwqwKXNKZC8MrT-L6wUgfIChsSHtvd_QD3-659/pub + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Cloudboost + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datadog + product: Datadog Agent cves: cve-2021-4104: investigated: false @@ -19400,9 +19663,41 @@ software: cve-2021-44228: investigated: true affected_versions: [] + fixed_versions: + - '>=6.17.0' + - <=6.32.2 + - '>=7.17.0' + - <=7.32.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.datadoghq.com/log4j-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Dataminer + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19414,13 +19709,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://community.dataminer.services/responding-to-log4shell-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC CloudLink + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datev + product: '' cves: cve-2021-4104: investigated: false @@ -19428,11 +19723,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19444,13 +19738,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.datev-community.de/t5/Freie-Themen/Log4-J-Schwachstelle/m-p/258185/highlight/true#M14308 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Container Storage Modules + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datto + product: '' cves: cve-2021-4104: investigated: false @@ -19458,11 +19752,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19474,13 +19767,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.datto.com/blog/dattos-response-to-log4shell notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Data Computing Appliance (DCA) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: dCache.org + product: '' cves: cve-2021-4104: investigated: false @@ -19488,11 +19781,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19504,13 +19796,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://www.dcache.org/post/log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Data Protection Advisor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Debian + product: '' cves: cve-2021-4104: investigated: false @@ -19518,11 +19810,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -19534,13 +19825,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://security-tracker.debian.org/tracker/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Data Protection Central + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Deepinstinct + product: '' cves: cve-2021-4104: investigated: false @@ -19563,13 +19854,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021- 269 + - https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-what-you-need-to-know + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dell - product: Dell EMC Data Protection Search + product: '"Dell EMC PowerMax VMAX VMAX3 and VMAX AFA"' cves: cve-2021-4104: investigated: false @@ -19578,10 +19869,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions before 19.5.0.7 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -19594,12 +19885,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-279 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC DataIQ + product: '"Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC"' cves: cve-2021-4104: investigated: false @@ -19629,7 +19920,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Disk Library for Mainframe + product: Alienware Command Center cves: cve-2021-4104: investigated: false @@ -19659,7 +19950,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC ECS + product: Alienware OC Controls cves: cve-2021-4104: investigated: false @@ -19667,10 +19958,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -19683,12 +19975,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Enterprise Storage Analytics for vRealize Operations + product: Alienware On Screen Display cves: cve-2021-4104: investigated: false @@ -19697,10 +19989,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"<6.0.0 6.1.0 6.2.x"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -19713,12 +20005,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-278 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC GeoDrive + product: Alienware Update cves: cve-2021-4104: investigated: false @@ -19748,7 +20040,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Integrated System for Azure Stack HCI + product: APEX Console cves: cve-2021-4104: investigated: false @@ -19757,9 +20049,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - N/A - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -19773,16 +20065,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Dell EMC Integrated System for Azure Stack HCI is not impacted by this - advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect - Gateway (SCG) were optionally installed with Dell EMC Integrated System for - Azure Stack HCI monitor the following advisories. Apply workaround guidance - and remediations as they become [available:](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + notes: Cloud environment patched references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Integrated System for Microsoft Azure Stack Hub + product: APEX Data Storage Services cves: cve-2021-4104: investigated: false @@ -19790,9 +20078,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - N/A + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -19807,12 +20094,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: Cloud environment patch in progress references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Isilon InsightIQ + product: Atmos cves: cve-2021-4104: investigated: false @@ -19842,7 +20129,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC License Manager + product: Azure Stack HCI cves: cve-2021-4104: investigated: false @@ -19872,7 +20159,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Metro Node + product: CalMAN Powered Calibration Firmware cves: cve-2021-4104: investigated: false @@ -19881,10 +20168,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 7.0.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -19897,12 +20184,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-308 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC NetWorker Server + product: CalMAN Ready for Dell cves: cve-2021-4104: investigated: false @@ -19911,10 +20198,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -19927,12 +20214,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC NetWorker Virtual Edition + product: Centera cves: cve-2021-4104: investigated: false @@ -19941,10 +20228,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -19957,12 +20244,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Networking Onie + product: Chameleon Linux Based Diagnostics cves: cve-2021-4104: investigated: false @@ -19992,7 +20279,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Networking Virtual Edge Platform with VersaOS + product: Chassis Management Controller (CMC) cves: cve-2021-4104: investigated: false @@ -20001,10 +20288,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"with Versa Concerto with Versa Analytics with Versa Concero Director"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -20017,12 +20304,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-304 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Ansible Modules + product: China HDD Deluxe cves: cve-2021-4104: investigated: false @@ -20052,7 +20339,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage integration for Splunk + product: Cloud IQ cves: cve-2021-4104: investigated: false @@ -20060,11 +20347,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20077,12 +20363,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Cloud environment patched references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Integration for VMware vCenter + product: Cloud Mobility for Dell EMC Storage cves: cve-2021-4104: investigated: false @@ -20112,7 +20398,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Management pack for vRealize Operations + product: Cloud Tiering Appliance cves: cve-2021-4104: investigated: false @@ -20142,8 +20428,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge - Manager + product: Connectrix (Cisco MDS 9000 switches) cves: cve-2021-4104: investigated: false @@ -20173,7 +20458,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Appliance + product: Connectrix (Cisco MDS DCNM) cves: cve-2021-4104: investigated: false @@ -20181,42 +20466,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"All versions up to Intelligent Catalog 38_356_00_r10.zip All versions - up to Intelligent Catalog 38_362_00_r7.zip"' - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC PowerFlex Rack - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - N/A - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20229,12 +20482,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: Patch expected by 12/23/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Software (SDS) + product: Connectrix B-Series SANnav cves: cve-2021-4104: investigated: false @@ -20244,7 +20497,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"3.5 3.5.1 3.5.1.1 3.5.1.2 3.5.1.3 3.5.1.4 3.6 3.6.0.1 3.6.0.2"' + - 2.1.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -20259,12 +20512,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: Patch expected by 3/31/2022 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerPath + product: Connextrix B Series cves: cve-2021-4104: investigated: false @@ -20294,7 +20547,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerPath Management Appliance + product: CyberSecIQ Application cves: cve-2021-4104: investigated: false @@ -20324,7 +20577,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect Cyber Recovery + product: CyberSense for PowerProtect Cyber Recovery cves: cve-2021-4104: investigated: false @@ -20354,7 +20607,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect Data Manager + product: Data Domain OS cves: cve-2021-4104: investigated: false @@ -20364,7 +20617,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - All versions 19.9 and earlier + - Versions between 7.3.0.5 and 7.7.0.6;Versions before 7.6.0.30 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -20379,12 +20632,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-274 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect DP Series Appliance (iDPA) + product: Dell BSAFE Crypto-C Micro Edition cves: cve-2021-4104: investigated: false @@ -20393,10 +20646,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.7.0 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -20409,12 +20662,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerScale OneFS + product: Dell BSAFE Crypto-J cves: cve-2021-4104: investigated: false @@ -20444,7 +20697,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for PowerMax + product: Dell BSAFE Micro Edition Suite cves: cve-2021-4104: investigated: false @@ -20474,7 +20727,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for Powerstore + product: Dell Calibration Assistant cves: cve-2021-4104: investigated: false @@ -20504,7 +20757,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for Unity + product: Dell Cinema Color cves: cve-2021-4104: investigated: false @@ -20534,7 +20787,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerStore + product: Dell Cloud Command Repository Manager cves: cve-2021-4104: investigated: false @@ -20542,10 +20795,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -20558,12 +20812,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerVault MD3 Series Storage Arrays + product: Dell Cloud Management Agent cves: cve-2021-4104: investigated: false @@ -20593,7 +20847,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerVault ME4 Series Storage Arrays + product: Dell Color Management cves: cve-2021-4104: investigated: false @@ -20623,7 +20877,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC RecoverPoint Classic + product: Dell Command Configure cves: cve-2021-4104: investigated: false @@ -20632,10 +20886,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All 5.1.x and later versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -20648,12 +20902,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC RecoverPoint for Virtual Machine + product: Dell Command Integration Suite for System Center cves: cve-2021-4104: investigated: false @@ -20662,10 +20916,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All 5.0.x and later versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -20678,12 +20932,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Repository Manager (DRM) + product: Dell Command Intel vPro Out of Band cves: cve-2021-4104: investigated: false @@ -20713,7 +20967,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus SmartZone 100 Controller + product: Dell Command Monitor cves: cve-2021-4104: investigated: false @@ -20721,10 +20975,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -20737,12 +20992,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus SmartZone 300 Controller + product: Dell Command Power Manager cves: cve-2021-4104: investigated: false @@ -20750,10 +21005,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -20766,12 +21022,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus Virtual Software + product: Dell Command PowerShell Provider cves: cve-2021-4104: investigated: false @@ -20779,10 +21035,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -20795,12 +21052,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC SourceOne + product: Dell Command Update cves: cve-2021-4104: investigated: false @@ -20830,7 +21087,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC SRM vApp + product: Dell Customer Connect cves: cve-2021-4104: investigated: false @@ -20839,10 +21096,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions before 4.6.0.2 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -20855,12 +21112,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/25/2022 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Streaming Data Platform + product: Dell Data Guardian* cves: cve-2021-4104: investigated: false @@ -20868,10 +21125,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -20884,12 +21142,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Systems Update (DSU) + product: Dell Data Protection* cves: cve-2021-4104: investigated: false @@ -20919,7 +21177,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Unisphere 360 + product: Dell Data Recovery Environment cves: cve-2021-4104: investigated: false @@ -20949,7 +21207,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Unity + product: Dell Data Vault cves: cve-2021-4104: investigated: false @@ -20957,10 +21215,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -20973,12 +21232,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/29/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Virtual Storage Integrator + product: Dell Data Vault for Chrome OS cves: cve-2021-4104: investigated: false @@ -21008,7 +21267,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC VPLEX + product: Dell Deployment Agent cves: cve-2021-4104: investigated: false @@ -21038,37 +21297,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC VxRail - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - '"4.5.x 4.7.x 7.0.x"' - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC XtremIO + product: Dell Digital Delivery cves: cve-2021-4104: investigated: false @@ -21098,7 +21327,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Encryption Enterprise* + product: Dell Direct USB Key cves: cve-2021-4104: investigated: false @@ -21128,7 +21357,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Encryption Personal* + product: Dell Display Manager 1.5 for Windows / macOS cves: cve-2021-4104: investigated: false @@ -21158,7 +21387,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Endpoint Security Suite Enterprise* + product: Dell Display Manager 2.0 for Windows / macOS cves: cve-2021-4104: investigated: false @@ -21188,7 +21417,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Hybrid Client + product: Dell EMC AppSync cves: cve-2021-4104: investigated: false @@ -21218,7 +21447,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell ImageAssist + product: Dell EMC Avamar cves: cve-2021-4104: investigated: false @@ -21227,10 +21456,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"18.2 19.1 19.2 19.3 19.4"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21243,12 +21472,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Insights Client + product: Dell EMC BSN Controller Node cves: cve-2021-4104: investigated: false @@ -21256,11 +21485,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21273,12 +21501,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-305 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Linux Assistant + product: Dell EMC Cloud Disaster Recovery cves: cve-2021-4104: investigated: false @@ -21287,10 +21515,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - N/A + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21303,12 +21531,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Mobile Connect + product: Dell EMC Cloudboost cves: cve-2021-4104: investigated: false @@ -21338,7 +21566,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Monitor ISP (Windows/Mac/Linux) + product: Dell EMC CloudLink cves: cve-2021-4104: investigated: false @@ -21368,7 +21596,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Monitor SDK + product: Dell EMC Container Storage Modules cves: cve-2021-4104: investigated: false @@ -21398,7 +21626,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Networking X-Series + product: Dell EMC Data Computing Appliance (DCA) cves: cve-2021-4104: investigated: false @@ -21428,7 +21656,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Mobile + product: Dell EMC Data Protection Advisor cves: cve-2021-4104: investigated: false @@ -21458,7 +21686,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Server Administrator + product: Dell EMC Data Protection Central cves: cve-2021-4104: investigated: false @@ -21466,11 +21694,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21483,12 +21710,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021- 269 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Management Enterprise - Modular + product: Dell EMC Data Protection Search cves: cve-2021-4104: investigated: false @@ -21498,7 +21725,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <1.40.10 + - Versions before 19.5.0.7 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -21513,12 +21740,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-268 + notes: See DSA-2021-279 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Change Management + product: Dell EMC DataIQ cves: cve-2021-4104: investigated: false @@ -21548,7 +21775,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Enterprise Power Manager Plugin + product: Dell EMC Disk Library for Mainframe cves: cve-2021-4104: investigated: false @@ -21578,7 +21805,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Optimizer + product: Dell EMC ECS cves: cve-2021-4104: investigated: false @@ -21586,41 +21813,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell OS Recovery Tool - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -21633,12 +21829,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/18/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Peripheral Manager 1.4 / 1.5 for Windows + product: Dell EMC Enterprise Storage Analytics for vRealize Operations cves: cve-2021-4104: investigated: false @@ -21647,10 +21843,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"<6.0.0 6.1.0 6.2.x"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21663,12 +21859,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-278 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Platform Service + product: Dell EMC GeoDrive cves: cve-2021-4104: investigated: false @@ -21698,7 +21894,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Power Manager + product: Dell EMC Integrated System for Azure Stack HCI cves: cve-2021-4104: investigated: false @@ -21707,40 +21903,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - N/A - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Power Manager Lite - cves: - cve-2021-4104: - investigated: false - affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -21753,12 +21919,16 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: '"Dell EMC Integrated System for Azure Stack HCI is not impacted by this + advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect + Gateway (SCG) were optionally installed with Dell EMC Integrated System for + Azure Stack HCI monitor the following advisories. Apply workaround guidance + and remediations as they become [available:](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Precision Optimizer + product: Dell EMC Integrated System for Microsoft Azure Stack Hub cves: cve-2021-4104: investigated: false @@ -21767,40 +21937,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - N/A - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Precision Optimizer for Linux - cves: - cve-2021-4104: - investigated: false - affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -21813,12 +21953,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Premier Color + product: Dell EMC Isilon InsightIQ cves: cve-2021-4104: investigated: false @@ -21848,7 +21988,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Recovery (Linux) + product: Dell EMC License Manager cves: cve-2021-4104: investigated: false @@ -21878,7 +22018,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Remediation Platform + product: Dell EMC Metro Node cves: cve-2021-4104: investigated: false @@ -21887,10 +22027,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 7.0.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21903,12 +22043,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-308 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Remote Execution Engine (DRONE) + product: Dell EMC NetWorker Server cves: cve-2021-4104: investigated: false @@ -21917,10 +22057,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"19.5.x 19.4.x 19.3.x"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21933,12 +22073,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Security Advisory Update - DSA-2021-088 + product: Dell EMC NetWorker Virtual Edition cves: cve-2021-4104: investigated: false @@ -21947,10 +22087,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"19.5.x 19.4.x 19.3.x"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21963,12 +22103,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Security Management Server & Dell Security Management Server Virtual* + product: Dell EMC Networking Onie cves: cve-2021-4104: investigated: false @@ -21998,7 +22138,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell SupportAssist SOS + product: Dell EMC Networking Virtual Edge Platform with VersaOS cves: cve-2021-4104: investigated: false @@ -22007,40 +22147,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Thin OS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] + affected_versions: + - '"with Versa Concerto with Versa Analytics with Versa Concero Director"' fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -22053,12 +22163,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-304 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Threat Defense + product: Dell EMC OpenManage Ansible Modules cves: cve-2021-4104: investigated: false @@ -22088,7 +22198,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell True Color + product: Dell EMC OpenManage integration for Splunk cves: cve-2021-4104: investigated: false @@ -22118,7 +22228,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Trusted Device + product: Dell EMC OpenManage Integration for VMware vCenter cves: cve-2021-4104: investigated: false @@ -22148,7 +22258,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Update + product: Dell EMC OpenManage Management pack for vRealize Operations cves: cve-2021-4104: investigated: false @@ -22178,36 +22288,8 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DellEMC OpenManage Enterprise Services - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dream Catcher + product: Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge + Manager cves: cve-2021-4104: investigated: false @@ -22237,7 +22319,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DUP Creation Service + product: Dell EMC PowerFlex Appliance cves: cve-2021-4104: investigated: false @@ -22246,40 +22328,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: DUP Framework (ISG) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] + affected_versions: + - '"All versions up to Intelligent Catalog 38_356_00_r10.zip All versions + up to Intelligent Catalog 38_362_00_r7.zip"' fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -22292,12 +22345,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Embedded NAS + product: Dell EMC PowerFlex Rack cves: cve-2021-4104: investigated: false @@ -22306,40 +22359,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - N/A - cve-2021-45046: - investigated: false - affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Embedded Service Enabler - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -22352,12 +22375,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Enterprise Hybrid Cloud + product: Dell EMC PowerFlex Software (SDS) cves: cve-2021-4104: investigated: false @@ -22365,8 +22388,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '"3.5 3.5.1 3.5.1.1 3.5.1.2 3.5.1.3 3.5.1.4 3.6 3.6.0.1 3.6.0.2"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -22381,12 +22405,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '[link](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Equallogic PS + product: Dell EMC PowerPath cves: cve-2021-4104: investigated: false @@ -22416,7 +22440,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Fluid FS + product: Dell EMC PowerPath Management Appliance cves: cve-2021-4104: investigated: false @@ -22446,7 +22470,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: iDRAC Service Module (iSM) + product: Dell EMC PowerProtect Cyber Recovery cves: cve-2021-4104: investigated: false @@ -22476,7 +22500,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Infinity MLK (firmware) + product: Dell EMC PowerProtect Data Manager cves: cve-2021-4104: investigated: false @@ -22485,10 +22509,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions 19.9 and earlier fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22501,12 +22525,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Integrated Dell Remote Access Controller (iDRAC) + product: Dell EMC PowerProtect DP Series Appliance (iDPA) cves: cve-2021-4104: investigated: false @@ -22515,10 +22539,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.7.0 and earlier fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22531,12 +22555,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ISG Accelerators + product: Dell EMC PowerScale OneFS cves: cve-2021-4104: investigated: false @@ -22566,7 +22590,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ISG Board & Electrical + product: Dell EMC PowerShell for PowerMax cves: cve-2021-4104: investigated: false @@ -22596,7 +22620,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: IsilonSD Management Server + product: Dell EMC PowerShell for Powerstore cves: cve-2021-4104: investigated: false @@ -22626,7 +22650,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: IVE-WinDiag + product: Dell EMC PowerShell for Unity cves: cve-2021-4104: investigated: false @@ -22656,7 +22680,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Mainframe Enablers + product: Dell EMC PowerStore cves: cve-2021-4104: investigated: false @@ -22664,41 +22688,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: My Dell - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -22711,12 +22704,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/23/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: MyDell Mobile + product: Dell EMC PowerVault MD3 Series Storage Arrays cves: cve-2021-4104: investigated: false @@ -22746,7 +22739,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: NetWorker Management Console + product: Dell EMC PowerVault ME4 Series Storage Arrays cves: cve-2021-4104: investigated: false @@ -22776,7 +22769,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking BIOS + product: Dell EMC RecoverPoint Classic cves: cve-2021-4104: investigated: false @@ -22785,10 +22778,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All 5.1.x and later versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22801,12 +22794,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking DIAG + product: Dell EMC RecoverPoint for Virtual Machine cves: cve-2021-4104: investigated: false @@ -22815,10 +22808,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All 5.0.x and later versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22831,12 +22824,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking N-Series + product: Dell EMC Repository Manager (DRM) cves: cve-2021-4104: investigated: false @@ -22866,7 +22859,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS 10 + product: Dell EMC Ruckus SmartZone 100 Controller cves: cve-2021-4104: investigated: false @@ -22874,11 +22867,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22891,12 +22883,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS9 + product: Dell EMC Ruckus SmartZone 300 Controller cves: cve-2021-4104: investigated: false @@ -22904,11 +22896,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22921,12 +22912,41 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking SD-WAN Edge SD-WAN + product: Dell EMC Ruckus Virtual Software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-303 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC SourceOne cves: cve-2021-4104: investigated: false @@ -22956,7 +22976,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking W-Series + product: Dell EMC SRM vApp cves: cve-2021-4104: investigated: false @@ -22965,10 +22985,39 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true + affected_versions: + - Versions before 4.6.0.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 1/25/2022 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Streaming Data Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22981,12 +23030,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/18/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking X-Series + product: Dell EMC Systems Update (DSU) cves: cve-2021-4104: investigated: false @@ -23016,7 +23065,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OMIMSSC (OpenManage Integration for Microsoft System Center) + product: Dell EMC Unisphere 360 cves: cve-2021-4104: investigated: false @@ -23046,7 +23095,36 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OMNIA + product: Dell EMC Unity + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/29/21 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC Virtual Storage Integrator cves: cve-2021-4104: investigated: false @@ -23076,7 +23154,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Connections - Nagios + product: Dell EMC VPLEX cves: cve-2021-4104: investigated: false @@ -23106,7 +23184,37 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Connections - ServiceNow + product: Dell EMC VxRail + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '"4.5.x 4.7.x 7.0.x"' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch pending + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC XtremIO cves: cve-2021-4104: investigated: false @@ -23136,7 +23244,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Enterprise + product: Dell Encryption Enterprise* cves: cve-2021-4104: investigated: false @@ -23144,10 +23252,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -23160,13 +23269,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Integration for Microsoft System Center for System Center - Operations Manager + product: Dell Encryption Personal* cves: cve-2021-4104: investigated: false @@ -23196,7 +23304,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Integration with Microsoft Windows Admin Center + product: Dell Endpoint Security Suite Enterprise* cves: cve-2021-4104: investigated: false @@ -23226,7 +23334,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Network Integration + product: Dell Hybrid Client cves: cve-2021-4104: investigated: false @@ -23256,7 +23364,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect N3200 + product: Dell ImageAssist cves: cve-2021-4104: investigated: false @@ -23286,7 +23394,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect PC2800 + product: Dell Insights Client cves: cve-2021-4104: investigated: false @@ -23316,7 +23424,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect PC8100 + product: Dell Linux Assistant cves: cve-2021-4104: investigated: false @@ -23346,7 +23454,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerEdge BIOS + product: Dell Mobile Connect cves: cve-2021-4104: investigated: false @@ -23376,7 +23484,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerEdge Operating Systems + product: Dell Monitor ISP (Windows/Mac/Linux) cves: cve-2021-4104: investigated: false @@ -23406,7 +23514,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerTools Agent + product: Dell Monitor SDK cves: cve-2021-4104: investigated: false @@ -23436,7 +23544,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PPDM Kubernetes cProxy + product: Dell Networking X-Series cves: cve-2021-4104: investigated: false @@ -23466,7 +23574,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PPDM VMware vProxy + product: Dell Open Manage Mobile cves: cve-2021-4104: investigated: false @@ -23496,7 +23604,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Redtail + product: Dell Open Manage Server Administrator cves: cve-2021-4104: investigated: false @@ -23526,7 +23634,37 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Remotely Anywhere + product: Dell Open Management Enterprise - Modular + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <1.40.10 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-268 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell OpenManage Change Management cves: cve-2021-4104: investigated: false @@ -23556,7 +23694,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Riptide (firmware) + product: Dell OpenManage Enterprise Power Manager Plugin cves: cve-2021-4104: investigated: false @@ -23586,7 +23724,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Rugged Control Center (RCC) + product: Dell Optimizer cves: cve-2021-4104: investigated: false @@ -23616,7 +23754,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SD ROM Utility + product: Dell OS Recovery Tool cves: cve-2021-4104: investigated: false @@ -23646,7 +23784,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SDNAS + product: Dell Peripheral Manager 1.4 / 1.5 for Windows cves: cve-2021-4104: investigated: false @@ -23676,7 +23814,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Secure Connect Gateway (SCG) Appliance + product: Dell Platform Service cves: cve-2021-4104: investigated: false @@ -23685,10 +23823,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -23701,12 +23839,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-282 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Secure Connect Gateway (SCG) Policy Manager + product: Dell Power Manager cves: cve-2021-4104: investigated: false @@ -23715,10 +23853,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"5.00.00.10 5.00.05.10"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -23731,12 +23869,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-281 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Server Storage + product: Dell Power Manager Lite cves: cve-2021-4104: investigated: false @@ -23766,7 +23904,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Smart Fabric Storage Software + product: Dell Precision Optimizer cves: cve-2021-4104: investigated: false @@ -23796,7 +23934,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SmartByte + product: Dell Precision Optimizer for Linux cves: cve-2021-4104: investigated: false @@ -23826,7 +23964,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SMI-S + product: Dell Premier Color cves: cve-2021-4104: investigated: false @@ -23856,7 +23994,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Software RAID + product: Dell Recovery (Linux) cves: cve-2021-4104: investigated: false @@ -23886,7 +24024,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Solutions Enabler + product: Dell Remediation Platform cves: cve-2021-4104: investigated: false @@ -23916,7 +24054,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Solutions Enabler vApp + product: Dell Remote Execution Engine (DRONE) cves: cve-2021-4104: investigated: false @@ -23946,7 +24084,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Sonic + product: Dell Security Advisory Update - DSA-2021-088 cves: cve-2021-4104: investigated: false @@ -23976,7 +24114,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SRS Policy Manager + product: Dell Security Management Server & Dell Security Management Server Virtual* cves: cve-2021-4104: investigated: false @@ -23985,10 +24123,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '7' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -24001,12 +24139,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SRS VE + product: Dell SupportAssist SOS cves: cve-2021-4104: investigated: false @@ -24036,7 +24174,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Storage Center - Dell Storage Manager + product: Dell Thin OS cves: cve-2021-4104: investigated: false @@ -24044,10 +24182,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - N/A + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Threat Defense + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -24060,12 +24229,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Storage Center OS and additional SC applications unless otherwise noted + product: Dell True Color cves: cve-2021-4104: investigated: false @@ -24095,7 +24264,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SupportAssist Client Commercial + product: Dell Trusted Device cves: cve-2021-4104: investigated: false @@ -24125,7 +24294,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SupportAssist Client Consumer + product: Dell Update cves: cve-2021-4104: investigated: false @@ -24155,7 +24324,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SupportAssist Enterprise + product: DellEMC OpenManage Enterprise Services cves: cve-2021-4104: investigated: false @@ -24179,12 +24348,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: Patch expected by 12/20/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: UCC Edge + product: Dream Catcher cves: cve-2021-4104: investigated: false @@ -24214,7 +24383,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere Central + product: DUP Creation Service cves: cve-2021-4104: investigated: false @@ -24222,10 +24391,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - N/A + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: DUP Framework (ISG) + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -24238,12 +24438,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/10/2022 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for PowerMax + product: Embedded NAS cves: cve-2021-4104: investigated: false @@ -24273,7 +24473,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for PowerMax vApp + product: Embedded Service Enabler cves: cve-2021-4104: investigated: false @@ -24303,7 +24503,36 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for VMAX + product: Enterprise Hybrid Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '[link](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Equallogic PS cves: cve-2021-4104: investigated: false @@ -24333,7 +24562,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for VNX + product: Fluid FS cves: cve-2021-4104: investigated: false @@ -24363,7 +24592,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Update Manager Plugin + product: iDRAC Service Module (iSM) cves: cve-2021-4104: investigated: false @@ -24393,7 +24622,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Vblock + product: Infinity MLK (firmware) cves: cve-2021-4104: investigated: false @@ -24401,10 +24630,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - N/A + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Integrated Dell Remote Access Controller (iDRAC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -24417,12 +24677,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending See vce6771 (requires customer login) + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ViPR Controller + product: ISG Accelerators cves: cve-2021-4104: investigated: false @@ -24452,7 +24712,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VMware vRealize Automation 8.x + product: ISG Board & Electrical cves: cve-2021-4104: investigated: false @@ -24461,10 +24721,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - N/A + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: IsilonSD Management Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -24477,12 +24767,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VMware vRealize Orchestrator 8.x + product: IVE-WinDiag cves: cve-2021-4104: investigated: false @@ -24491,10 +24781,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - N/A + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Mainframe Enablers + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -24507,12 +24827,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNX1 + product: My Dell cves: cve-2021-4104: investigated: false @@ -24542,7 +24862,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNX2 + product: MyDell Mobile cves: cve-2021-4104: investigated: false @@ -24572,7 +24892,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNXe 1600 + product: NetWorker Management Console cves: cve-2021-4104: investigated: false @@ -24581,10 +24901,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions 3.1.16.10220572 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -24597,12 +24917,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNXe 3200 + product: Networking BIOS cves: cve-2021-4104: investigated: false @@ -24611,10 +24931,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 3.1.15.10216415 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -24627,12 +24947,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VPLEX VS2/VS6 / VPLEX Witness + product: Networking DIAG cves: cve-2021-4104: investigated: false @@ -24662,7 +24982,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Data Protection Extension Data Management + product: Networking N-Series cves: cve-2021-4104: investigated: false @@ -24670,10 +24990,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -24686,12 +25007,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Data Protection Extension for vRealize Automation (vRA) 8.x + product: Networking OS 10 cves: cve-2021-4104: investigated: false @@ -24700,10 +25021,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"version 19.6 version 19.7 version 19.8 and version 19.9"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -24716,12 +25037,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage + product: Networking OS9 cves: cve-2021-4104: investigated: false @@ -24730,10 +25051,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Various + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -24746,12 +25067,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRO Plugin for Dell EMC PowerMax + product: Networking SD-WAN Edge SD-WAN cves: cve-2021-4104: investigated: false @@ -24760,10 +25081,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 1.2.3 or earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -24776,12 +25097,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRO Plugin for Dell EMC PowerScale + product: Networking W-Series cves: cve-2021-4104: investigated: false @@ -24790,10 +25111,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 1.1.0 or earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -24806,12 +25127,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRO Plugin for Dell EMC PowerStore + product: Networking X-Series cves: cve-2021-4104: investigated: false @@ -24820,10 +25141,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 1.1.4 or earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -24836,12 +25157,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRO Plugin for Dell EMC Unity + product: OMIMSSC (OpenManage Integration for Microsoft System Center) cves: cve-2021-4104: investigated: false @@ -24850,10 +25171,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 1.0.6 or earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -24866,12 +25187,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRO Plugin for Dell EMC XtremIO + product: OMNIA cves: cve-2021-4104: investigated: false @@ -24880,10 +25201,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 4.1.2 or earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -24896,12 +25217,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Vsan Ready Nodes + product: OpenManage Connections - Nagios cves: cve-2021-4104: investigated: false @@ -24931,7 +25252,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VxBlock + product: OpenManage Connections - ServiceNow cves: cve-2021-4104: investigated: false @@ -24939,10 +25260,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -24955,12 +25277,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Patch pending See vce6771 (requires customer login) "' + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Warnado MLK (firmware) + product: OpenManage Enterprise cves: cve-2021-4104: investigated: false @@ -24968,11 +25290,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24985,12 +25306,13 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Wyse Management Suite + product: OpenManage Integration for Microsoft System Center for System Center + Operations Manager cves: cve-2021-4104: investigated: false @@ -24999,10 +25321,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <3.5 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25015,12 +25337,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-267 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Wyse Proprietary OS (ThinOS) + product: OpenManage Integration with Microsoft Windows Admin Center cves: cve-2021-4104: investigated: false @@ -25050,7 +25372,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Wyse Windows Embedded Suite + product: OpenManage Network Integration cves: cve-2021-4104: investigated: false @@ -25079,8 +25401,8 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Deltares - product: Delft-FEWS + - vendor: Dell + product: PowerConnect N3200 cves: cve-2021-4104: investigated: false @@ -25090,9 +25412,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '>2018.02' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25104,13 +25426,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://publicwiki.deltares.nl/display/FEWSDOC/Delft-FEWS+and+Log4J+vulnerability - notes: Mitigations Only + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Denequa - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerConnect PC2800 cves: cve-2021-4104: investigated: false @@ -25118,10 +25440,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25133,13 +25456,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://denequa.de/log4j-information.html + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Device42 - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerConnect PC8100 cves: cve-2021-4104: investigated: false @@ -25147,10 +25470,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25162,13 +25486,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.device42.com/2021/12/13/log4j-zero-day/ + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Devolutions - product: All products + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerEdge BIOS cves: cve-2021-4104: investigated: false @@ -25176,10 +25500,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25191,13 +25516,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/ + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Diebold Nixdorf - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerEdge Operating Systems cves: cve-2021-4104: investigated: false @@ -25205,10 +25530,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25220,13 +25546,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dieboldnixdorf.com/en-us/apache + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Digi International - product: AnywhereUSB Manager + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerTools Agent cves: cve-2021-4104: investigated: false @@ -25234,10 +25560,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25249,13 +25576,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: ARMT + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PPDM Kubernetes cProxy cves: cve-2021-4104: investigated: false @@ -25263,10 +25590,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25278,13 +25606,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Aview + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PPDM VMware vProxy cves: cve-2021-4104: investigated: false @@ -25292,10 +25620,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25307,13 +25636,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: AVWOB + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Redtail cves: cve-2021-4104: investigated: false @@ -25321,10 +25650,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25336,13 +25666,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: CTEK G6200 family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Remotely Anywhere cves: cve-2021-4104: investigated: false @@ -25350,10 +25680,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25365,13 +25696,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: CTEK SkyCloud + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Riptide (firmware) cves: cve-2021-4104: investigated: false @@ -25379,10 +25710,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25394,13 +25726,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: CTEK Z45 family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Rugged Control Center (RCC) cves: cve-2021-4104: investigated: false @@ -25408,10 +25740,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25423,13 +25756,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi 54xx family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SD ROM Utility cves: cve-2021-4104: investigated: false @@ -25437,10 +25770,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25452,13 +25786,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi 63xx family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SDNAS cves: cve-2021-4104: investigated: false @@ -25466,10 +25800,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25481,13 +25816,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi AnywhereUSB (G2) family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Secure Connect Gateway (SCG) Appliance cves: cve-2021-4104: investigated: false @@ -25495,8 +25830,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '"5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -25510,13 +25846,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-282 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi AnywhereUSB Plus family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Secure Connect Gateway (SCG) Policy Manager cves: cve-2021-4104: investigated: false @@ -25524,8 +25860,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '"5.00.00.10 5.00.05.10"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -25539,13 +25876,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-281 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Connect EZ family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Server Storage cves: cve-2021-4104: investigated: false @@ -25553,10 +25890,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25568,13 +25906,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Connect family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Smart Fabric Storage Software cves: cve-2021-4104: investigated: false @@ -25582,10 +25920,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25597,13 +25936,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Connect IT family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SmartByte cves: cve-2021-4104: investigated: false @@ -25611,10 +25950,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25626,13 +25966,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Connect Sensor family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SMI-S cves: cve-2021-4104: investigated: false @@ -25640,10 +25980,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25655,13 +25996,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Connect WS family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Software RAID cves: cve-2021-4104: investigated: false @@ -25669,10 +26010,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25684,13 +26026,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi ConnectPort family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Solutions Enabler cves: cve-2021-4104: investigated: false @@ -25698,10 +26040,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25713,13 +26056,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi ConnectPort LTS family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Solutions Enabler vApp cves: cve-2021-4104: investigated: false @@ -25727,10 +26070,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25742,13 +26086,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Embedded Android + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Sonic cves: cve-2021-4104: investigated: false @@ -25756,10 +26100,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25771,13 +26116,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Embedded Yocto + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SRS Policy Manager cves: cve-2021-4104: investigated: false @@ -25785,8 +26130,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '7' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -25800,13 +26146,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch pending references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi EX routers + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SRS VE cves: cve-2021-4104: investigated: false @@ -25814,10 +26160,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25829,13 +26176,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi IX routers + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Storage Center - Dell Storage Manager cves: cve-2021-4104: investigated: false @@ -25858,13 +26205,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch pending references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi LR54 + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Storage Center OS and additional SC applications unless otherwise noted cves: cve-2021-4104: investigated: false @@ -25872,10 +26219,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25887,13 +26235,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Navigator + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SupportAssist Client Commercial cves: cve-2021-4104: investigated: false @@ -25901,10 +26249,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25916,13 +26265,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi One family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SupportAssist Client Consumer cves: cve-2021-4104: investigated: false @@ -25930,10 +26279,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -25945,13 +26295,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Passport family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: SupportAssist Enterprise cves: cve-2021-4104: investigated: false @@ -25974,13 +26324,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/23/21 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi PortServer TS family + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: UCC Edge cves: cve-2021-4104: investigated: false @@ -25988,10 +26338,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26003,13 +26354,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Remote Manager + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Unisphere Central cves: cve-2021-4104: investigated: false @@ -26032,13 +26383,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 1/10/2022 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi TX routers + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Unisphere for PowerMax cves: cve-2021-4104: investigated: false @@ -26046,10 +26397,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26061,13 +26413,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi WR11 + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Unisphere for PowerMax vApp cves: cve-2021-4104: investigated: false @@ -26075,10 +26427,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26090,13 +26443,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi WR21 + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Unisphere for VMAX cves: cve-2021-4104: investigated: false @@ -26104,10 +26457,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26119,13 +26473,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi WR31 + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Unisphere for VNX cves: cve-2021-4104: investigated: false @@ -26133,10 +26487,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26148,13 +26503,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi WR44R/RR + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Update Manager Plugin cves: cve-2021-4104: investigated: false @@ -26162,10 +26517,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26177,13 +26533,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi WR54 + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Vblock cves: cve-2021-4104: investigated: false @@ -26206,13 +26562,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch pending See vce6771 (requires customer login) references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi WR64 + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: ViPR Controller cves: cve-2021-4104: investigated: false @@ -26220,10 +26576,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26235,13 +26592,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Xbee mobile app + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VMware vRealize Automation 8.x cves: cve-2021-4104: investigated: false @@ -26249,8 +26606,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '"8.2 8.3 8.4 8.5 and 8.6"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26264,13 +26622,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/19/21 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Lighthouse + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VMware vRealize Orchestrator 8.x cves: cve-2021-4104: investigated: false @@ -26278,8 +26636,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '"8.2 8.3 8.4 8.5 and 8.6"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26293,13 +26652,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/19/21 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Realport + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VNX1 cves: cve-2021-4104: investigated: false @@ -26307,10 +26666,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26322,13 +26682,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Remote Hub Config Utility + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VNX2 cves: cve-2021-4104: investigated: false @@ -26336,10 +26696,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26351,13 +26712,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digicert - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VNXe 1600 cves: cve-2021-4104: investigated: false @@ -26365,8 +26726,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Versions 3.1.16.10220572 and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26380,13 +26742,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.digicert.com/alerts/digicert-log4j-response.html - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/19/21 references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Digital AI - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VNXe 3200 cves: cve-2021-4104: investigated: false @@ -26394,8 +26756,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Version 3.1.15.10216415 and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26409,13 +26772,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1 - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/19/21 references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Digital Alert Systems - product: All + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VPLEX VS2/VS6 / VPLEX Witness cves: cve-2021-4104: investigated: false @@ -26423,10 +26786,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26438,13 +26802,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digitalalertsystems.com/default-2.htm - notes: Formerly Monroe Electronics, Inc. + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: DNSFilter - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRealize Data Protection Extension Data Management cves: cve-2021-4104: investigated: false @@ -26467,13 +26831,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/19/21 references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Docker - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRealize Data Protection Extension for vRealize Automation (vRA) 8.x cves: cve-2021-4104: investigated: false @@ -26481,8 +26845,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '"version 19.6 version 19.7 version 19.8 and version 19.9"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26496,13 +26861,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/19/21 references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Docusign - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage cves: cve-2021-4104: investigated: false @@ -26510,8 +26875,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Various fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26525,14 +26891,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300 references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: DrayTek - product: Vigor Routers, Access Points, Switches, VigorACS Central Management Software, - MyVigor Platform + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRO Plugin for Dell EMC PowerMax cves: cve-2021-4104: investigated: false @@ -26540,8 +26905,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Version 1.2.3 or earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26555,13 +26921,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/ - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300 references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: DSpace - product: '' + - vendor: Dell + product: vRO Plugin for Dell EMC PowerScale cves: cve-2021-4104: investigated: false @@ -26569,8 +26935,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Version 1.1.0 or earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26584,13 +26951,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://groups.google.com/g/dspace-community/c/Fa4VdjiiNyE - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300 references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Dynatrace - product: ActiveGate + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRO Plugin for Dell EMC PowerStore cves: cve-2021-4104: investigated: false @@ -26598,8 +26965,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Version 1.1.4 or earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26613,13 +26981,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: Dynatrace Extensions + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRO Plugin for Dell EMC Unity cves: cve-2021-4104: investigated: false @@ -26627,8 +26995,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Version 1.0.6 or earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26642,13 +27011,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: FedRamp SAAS + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: vRO Plugin for Dell EMC XtremIO cves: cve-2021-4104: investigated: false @@ -26656,8 +27025,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Version 4.1.2 or earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26671,13 +27041,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-300 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: Managed cluster nodes + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Vsan Ready Nodes cves: cve-2021-4104: investigated: false @@ -26685,10 +27055,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26700,13 +27071,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: OneAgent + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VxBlock cves: cve-2021-4104: investigated: false @@ -26729,13 +27100,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: '' + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '"Patch pending See vce6771 (requires customer login) "' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: SAAS + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Warnado MLK (firmware) cves: cve-2021-4104: investigated: false @@ -26743,10 +27114,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26758,13 +27130,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: Synthetic Private ActiveGate + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Wyse Management Suite cves: cve-2021-4104: investigated: false @@ -26772,8 +27144,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <3.5 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26787,13 +27160,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-267 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Dynatrace - product: Synthetic public locations + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Wyse Proprietary OS (ThinOS) cves: cve-2021-4104: investigated: false @@ -26801,10 +27174,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26816,13 +27190,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: EasyRedmine - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Wyse Windows Embedded Suite cves: cve-2021-4104: investigated: false @@ -26830,10 +27204,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -26845,13 +27220,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.easyredmine.com/news/easy-redmine-application-is-not-affected-by-the-vulnerability-cve-2021-44228 + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Eaton - product: Undisclosed + last_updated: '2021-12-15T00:00:00' + - vendor: Deltares + product: Delft-FEWS cves: cve-2021-4104: investigated: false @@ -26860,40 +27235,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Undisclosed - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf - notes: Doesn't openly disclose what products are affected or not for quote 'security - purposes'. Needs email registration. No workaround provided due to registration - wall. - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: EclecticIQ - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>2018.02' unaffected_versions: [] cve-2021-45046: investigated: false @@ -26906,12 +27250,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2 - notes: '' + - https://publicwiki.deltares.nl/display/FEWSDOC/Delft-FEWS+and+Log4J+vulnerability + notes: Mitigations Only references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Eclipse Foundation + last_updated: '2021-12-22T00:00:00' + - vendor: Denequa product: '' cves: cve-2021-4104: @@ -26935,12 +27279,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://wiki.eclipse.org/Eclipse_and_log4j2_vulnerability_(CVE-2021-44228) + - https://denequa.de/log4j-information.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Edwards + - vendor: Device42 product: '' cves: cve-2021-4104: @@ -26964,13 +27308,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.edwards.com/devices/support/product-security + - https://blog.device42.com/2021/12/13/log4j-zero-day/ notes: '' references: - '' - last_updated: '2022-01-06T00:00:00' - - vendor: EFI - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Devolutions + product: All products cves: cve-2021-4104: investigated: false @@ -26993,12 +27337,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://communities.efi.com/s/article/Are-Fiery-Servers-vulnerable-to-CVE-2021-44228-Apache-Log4j2?language=en_US + - https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: EGroupware + - vendor: Diebold Nixdorf product: '' cves: cve-2021-4104: @@ -27022,13 +27366,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.egroupware.org/t/uk-de-statement-log4j-log4shell/76430 + - https://www.dieboldnixdorf.com/en-us/apache notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Elastic - product: APM Java Agent + - vendor: Digi International + product: AnywhereUSB Manager cves: cve-2021-4104: investigated: false @@ -27051,13 +27395,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: APM Server + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: ARMT cves: cve-2021-4104: investigated: false @@ -27080,13 +27424,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Beats + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Aview cves: cve-2021-4104: investigated: false @@ -27109,13 +27453,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Cmd + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: AVWOB cves: cve-2021-4104: investigated: false @@ -27138,13 +27482,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Agent + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: CTEK G6200 family cves: cve-2021-4104: investigated: false @@ -27167,13 +27511,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Cloud + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: CTEK SkyCloud cves: cve-2021-4104: investigated: false @@ -27196,13 +27540,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Cloud Enterprise + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: CTEK Z45 family cves: cve-2021-4104: investigated: false @@ -27225,13 +27569,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Cloud Enterprise + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi 54xx family cves: cve-2021-4104: investigated: false @@ -27254,13 +27598,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Cloud on Kubernetes + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi 63xx family cves: cve-2021-4104: investigated: false @@ -27283,13 +27627,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Endgame + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi AnywhereUSB (G2) family cves: cve-2021-4104: investigated: false @@ -27312,13 +27656,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elastic Maps Service + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi AnywhereUSB Plus family cves: cve-2021-4104: investigated: false @@ -27341,13 +27685,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Elasticsearch + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Connect EZ family cves: cve-2021-4104: investigated: false @@ -27355,11 +27699,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '5' - - '6' - - '8' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -27373,13 +27714,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Endpoint Security + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Connect family cves: cve-2021-4104: investigated: false @@ -27402,13 +27743,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Enterprise Search + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Connect IT family cves: cve-2021-4104: investigated: false @@ -27431,13 +27772,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Fleet Server + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Connect Sensor family cves: cve-2021-4104: investigated: false @@ -27460,13 +27801,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Kibana + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Connect WS family cves: cve-2021-4104: investigated: false @@ -27489,13 +27830,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Logstash + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi ConnectPort family cves: cve-2021-4104: investigated: false @@ -27503,10 +27844,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <6.8.21 - - <7.16.1 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -27520,13 +27859,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Machine Learning + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi ConnectPort LTS family cves: cve-2021-4104: investigated: false @@ -27549,13 +27888,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Elastic - product: Swiftype + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Embedded Android cves: cve-2021-4104: investigated: false @@ -27578,13 +27917,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: ElasticSearch - product: all products + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Embedded Yocto cves: cve-2021-4104: investigated: false @@ -27606,13 +27945,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ellucian - product: Admin + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi EX routers cves: cve-2021-4104: investigated: false @@ -27635,13 +27975,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Analytics + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi IX routers cves: cve-2021-4104: investigated: false @@ -27664,13 +28004,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Document Management (includes Banner Document Retention) + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi LR54 cves: cve-2021-4104: investigated: false @@ -27693,13 +28033,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Event Publisher + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Navigator cves: cve-2021-4104: investigated: false @@ -27722,13 +28062,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Integration for eLearning + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi One family cves: cve-2021-4104: investigated: false @@ -27751,13 +28091,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Integration for eProcurement + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Passport family cves: cve-2021-4104: investigated: false @@ -27780,13 +28120,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Self Service + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi PortServer TS family cves: cve-2021-4104: investigated: false @@ -27809,13 +28149,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Banner Workflow + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Remote Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi TX routers cves: cve-2021-4104: investigated: false @@ -27838,13 +28207,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Colleague + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi WR11 cves: cve-2021-4104: investigated: false @@ -27867,13 +28236,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: On-prem and cloud deployements expect fixed 12/18/2021 + - https://www.digi.com/resources/security + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Colleague Analytics + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi WR21 cves: cve-2021-4104: investigated: false @@ -27896,13 +28265,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: CRM Advance + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi WR31 cves: cve-2021-4104: investigated: false @@ -27925,13 +28294,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: CRM Advise + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi WR44R/RR cves: cve-2021-4104: investigated: false @@ -27954,13 +28323,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: CRM Recruit + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi WR54 cves: cve-2021-4104: investigated: false @@ -27983,13 +28352,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Advance Web Connector + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi WR64 cves: cve-2021-4104: investigated: false @@ -28012,13 +28381,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Data Access + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi Xbee mobile app cves: cve-2021-4104: investigated: false @@ -28041,13 +28410,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Design Path + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Lighthouse cves: cve-2021-4104: investigated: false @@ -28070,13 +28439,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Ellucian Portal + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Realport cves: cve-2021-4104: investigated: false @@ -28099,13 +28468,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian ePrint + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Remote Hub Config Utility cves: cve-2021-4104: investigated: false @@ -28128,13 +28497,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digi.com/resources/security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Ethos API & API Management Center + last_updated: '2021-12-21T00:00:00' + - vendor: Digicert + product: '' cves: cve-2021-4104: investigated: false @@ -28157,13 +28526,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://knowledge.digicert.com/alerts/digicert-log4j-response.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Ethos Extend + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Digital AI + product: '' cves: cve-2021-4104: investigated: false @@ -28186,13 +28555,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Ethos Integration + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Digital Alert Systems + product: All cves: cve-2021-4104: investigated: false @@ -28215,13 +28584,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.digitalalertsystems.com/default-2.htm + notes: Formerly Monroe Electronics, Inc. + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: DNSFilter + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian eTranscripts + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Docker + product: '' cves: cve-2021-4104: investigated: false @@ -28244,13 +28642,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Experience + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Docusign + product: '' cves: cve-2021-4104: investigated: false @@ -28273,13 +28671,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Intelligent Platform (ILP) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: DrayTek + product: Vigor Routers, Access Points, Switches, VigorACS Central Management Software, + MyVigor Platform cves: cve-2021-4104: investigated: false @@ -28302,13 +28701,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian International Student and Scholar Management (ISSM) + last_updated: '2021-12-15T00:00:00' + - vendor: DSpace + product: '' cves: cve-2021-4104: investigated: false @@ -28331,13 +28730,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://groups.google.com/g/dspace-community/c/Fa4VdjiiNyE notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Message Service (EMS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Dynatrace + product: ActiveGate cves: cve-2021-4104: investigated: false @@ -28360,13 +28759,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Messaging Adapter (EMA) + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: Dynatrace Extensions cves: cve-2021-4104: investigated: false @@ -28389,13 +28788,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + notes: Please see Dynatrace Communication for details + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: FedRamp SAAS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Mobile + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: Managed cluster nodes cves: cve-2021-4104: investigated: false @@ -28418,13 +28846,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + notes: Please see Dynatrace Communication for details + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: OneAgent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Payment Gateway + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: SAAS cves: cve-2021-4104: investigated: false @@ -28447,13 +28904,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian PowerCampus + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: Synthetic Private ActiveGate cves: cve-2021-4104: investigated: false @@ -28476,13 +28933,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + notes: Please see Dynatrace Communication for details + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: Synthetic public locations + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Solution Manager + last_updated: '2021-12-21T00:00:00' + - vendor: EasyRedmine + product: '' cves: cve-2021-4104: investigated: false @@ -28505,13 +28991,45 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://www.easyredmine.com/news/easy-redmine-application-is-not-affected-by-the-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Ellucian Workflow + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Eaton + product: Undisclosed + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Undisclosed + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf + notes: Doesn't openly disclose what products are affected or not for quote 'security + purposes'. Needs email registration. No workaround provided due to registration + wall. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: EclecticIQ + product: '' cves: cve-2021-4104: investigated: false @@ -28534,13 +29052,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Ellucian - product: Enterprise Identity Services(BEIS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Eclipse Foundation + product: '' cves: cve-2021-4104: investigated: false @@ -28563,13 +29081,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + - https://wiki.eclipse.org/Eclipse_and_log4j2_vulnerability_(CVE-2021-44228) notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 148 Temperature Transmitter + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Edwards + product: '' cves: cve-2021-4104: investigated: false @@ -28592,13 +29110,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.edwards.com/devices/support/product-security notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 2051 Pressure Transmitter Family + last_updated: '2022-01-06T00:00:00' + - vendor: EFI + product: '' cves: cve-2021-4104: investigated: false @@ -28621,13 +29139,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://communities.efi.com/s/article/Are-Fiery-Servers-vulnerable-to-CVE-2021-44228-Apache-Log4j2?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 2088 Pressure Transmitter Family + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: EGroupware + product: '' cves: cve-2021-4104: investigated: false @@ -28650,13 +29168,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://help.egroupware.org/t/uk-de-statement-log4j-log4shell/76430 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 2090F/2090P Pressure Transmitters + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Elastic + product: APM Java Agent cves: cve-2021-4104: investigated: false @@ -28679,13 +29197,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 215 Pressure Sensor Module + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: APM Server cves: cve-2021-4104: investigated: false @@ -28708,13 +29226,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 248 Configuration Application + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Beats cves: cve-2021-4104: investigated: false @@ -28737,13 +29255,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 248 Temperature Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Cmd cves: cve-2021-4104: investigated: false @@ -28766,13 +29284,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 3051 & 3051S Pressure transmitter families + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elastic Agent cves: cve-2021-4104: investigated: false @@ -28795,13 +29313,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 3144P Temperature Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elastic Cloud cves: cve-2021-4104: investigated: false @@ -28824,13 +29342,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 326P Pressure Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elastic Cloud Enterprise cves: cve-2021-4104: investigated: false @@ -28853,13 +29371,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 326T Temperature Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elastic Cloud Enterprise cves: cve-2021-4104: investigated: false @@ -28882,13 +29400,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 327T Temperature Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elastic Cloud on Kubernetes cves: cve-2021-4104: investigated: false @@ -28911,13 +29429,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 4088 Pressure Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elastic Endgame cves: cve-2021-4104: investigated: false @@ -28940,13 +29458,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 4088 Upgrade Utility + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elastic Maps Service cves: cve-2021-4104: investigated: false @@ -28969,13 +29487,45 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 4600 Pressure Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Elasticsearch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '5' + - '6' + - '8' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Endpoint Security cves: cve-2021-4104: investigated: false @@ -28998,13 +29548,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 4732 Endeavor + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Enterprise Search cves: cve-2021-4104: investigated: false @@ -29027,13 +29577,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 4732 Endeavor + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Fleet Server cves: cve-2021-4104: investigated: false @@ -29056,13 +29606,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 550 PT Pressure Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Kibana cves: cve-2021-4104: investigated: false @@ -29085,13 +29635,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 5726 Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Logstash cves: cve-2021-4104: investigated: false @@ -29099,8 +29649,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <6.8.21 + - <7.16.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -29114,13 +29666,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 5726 Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Machine Learning cves: cve-2021-4104: investigated: false @@ -29143,13 +29695,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 644 Temperature Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: Elastic + product: Swiftype cves: cve-2021-4104: investigated: false @@ -29172,13 +29724,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 648 Temperature Transmitter + last_updated: '2021-12-15T00:00:00' + - vendor: ElasticSearch + product: all products cves: cve-2021-4104: investigated: false @@ -29200,14 +29752,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 848T Temperature Transmitter + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ellucian + product: Admin cves: cve-2021-4104: investigated: false @@ -29230,13 +29781,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Combustion: OCX OXT 6888 CX1100 6888Xi' + - vendor: Ellucian + product: Banner Analytics cves: cve-2021-4104: investigated: false @@ -29259,13 +29810,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT2211 QCL Aerosol Microleak Detection System + - vendor: Ellucian + product: Banner Document Management (includes Banner Document Retention) cves: cve-2021-4104: investigated: false @@ -29288,13 +29839,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT3000 QCL Automotive OEM Gas Analyzer + - vendor: Ellucian + product: Banner Event Publisher cves: cve-2021-4104: investigated: false @@ -29317,13 +29868,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT4000 QCL Marine OEM Gas Analyzer + - vendor: Ellucian + product: Banner Integration for eLearning cves: cve-2021-4104: investigated: false @@ -29346,13 +29897,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT4215 QCL Packaging Leak Detection System + - vendor: Ellucian + product: Banner Integration for eProcurement cves: cve-2021-4104: investigated: false @@ -29375,13 +29926,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT4400 QCL General Purpose Continuous Gas Analyzer + - vendor: Ellucian + product: Banner Self Service cves: cve-2021-4104: investigated: false @@ -29404,13 +29955,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT4404 QCL pMDI Leak Detection Analyzer + - vendor: Ellucian + product: Banner Workflow cves: cve-2021-4104: investigated: false @@ -29433,13 +29984,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT5100 QCL Field Housing Continuous Gas Analyzer + - vendor: Ellucian + product: Colleague cves: cve-2021-4104: investigated: false @@ -29462,13 +30013,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue + notes: On-prem and cloud deployements expect fixed 12/18/2021 references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT5400 QCL General Purpose Continuous Gas Analyzer + - vendor: Ellucian + product: Colleague Analytics cves: cve-2021-4104: investigated: false @@ -29491,13 +30042,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: CT5800 QCL Flameproof Housing Continuous Gas Analyzer + - vendor: Ellucian + product: CRM Advance cves: cve-2021-4104: investigated: false @@ -29520,13 +30071,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: DHNC1 DHNC2 + - vendor: Ellucian + product: CRM Advise cves: cve-2021-4104: investigated: false @@ -29549,13 +30100,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: DHNC1 DHNC2 + - vendor: Ellucian + product: CRM Recruit cves: cve-2021-4104: investigated: false @@ -29578,13 +30129,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Emerson Aperio software + - vendor: Ellucian + product: Ellucian Advance Web Connector cves: cve-2021-4104: investigated: false @@ -29607,13 +30158,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Engineering Assistant 5.x & 6.x + - vendor: Ellucian + product: Ellucian Data Access cves: cve-2021-4104: investigated: false @@ -29636,13 +30187,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Fieldwatch and Service consoles + - vendor: Ellucian + product: Ellucian Design Path cves: cve-2021-4104: investigated: false @@ -29665,13 +30216,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Fieldwatch and Service consoles + - vendor: Ellucian + product: Ellucian Ellucian Portal cves: cve-2021-4104: investigated: false @@ -29694,14 +30245,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared - Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector' + - vendor: Ellucian + product: Ellucian ePrint cves: cve-2021-4104: investigated: false @@ -29724,13 +30274,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Flarecheck FlowCheck Flowel & PWAM software + - vendor: Ellucian + product: Ellucian Ethos API & API Management Center cves: cve-2021-4104: investigated: false @@ -29753,13 +30303,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Flarecheck FlowCheck Flowel & PWAM software + - vendor: Ellucian + product: Ellucian Ethos Extend cves: cve-2021-4104: investigated: false @@ -29782,13 +30332,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' + - vendor: Ellucian + product: Ellucian Ethos Integration cves: cve-2021-4104: investigated: false @@ -29811,13 +30361,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' + - vendor: Ellucian + product: Ellucian eTranscripts cves: cve-2021-4104: investigated: false @@ -29840,13 +30390,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' + - vendor: Ellucian + product: Ellucian Experience cves: cve-2021-4104: investigated: false @@ -29869,13 +30419,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' + - vendor: Ellucian + product: Ellucian Intelligent Platform (ILP) cves: cve-2021-4104: investigated: false @@ -29898,15 +30448,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless - Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle - Monitor' + - vendor: Ellucian + product: Ellucian International Student and Scholar Management (ISSM) cves: cve-2021-4104: investigated: false @@ -29929,15 +30477,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless - Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle - Monitor' + - vendor: Ellucian + product: Ellucian Message Service (EMS) cves: cve-2021-4104: investigated: false @@ -29960,13 +30506,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Incus Ultrasonic gas leak detector + - vendor: Ellucian + product: Ellucian Messaging Adapter (EMA) cves: cve-2021-4104: investigated: false @@ -29989,13 +30535,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: K-Series Coriolis Transmitters + - vendor: Ellucian + product: Ellucian Mobile cves: cve-2021-4104: investigated: false @@ -30018,13 +30564,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: K-Series Coriolis Transmitters + - vendor: Ellucian + product: Ellucian Payment Gateway cves: cve-2021-4104: investigated: false @@ -30047,13 +30593,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Liquid Transmitters: 5081 1066 1056 1057 56' + - vendor: Ellucian + product: Ellucian PowerCampus cves: cve-2021-4104: investigated: false @@ -30076,13 +30622,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Mark III Gas and Liquid USM + - vendor: Ellucian + product: Ellucian Solution Manager cves: cve-2021-4104: investigated: false @@ -30105,13 +30651,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Mark III Gas and Liquid USM + - vendor: Ellucian + product: Ellucian Workflow cves: cve-2021-4104: investigated: false @@ -30134,13 +30680,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: MPFM2600 & MPFM5726 + - vendor: Ellucian + product: Enterprise Identity Services(BEIS) cves: cve-2021-4104: investigated: false @@ -30163,13 +30709,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: MPFM2600 & MPFM5726 + product: 148 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -30198,7 +30744,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Plantweb Advisor for Metrology and Metering Suite SDK + product: 2051 Pressure Transmitter Family cves: cve-2021-4104: investigated: false @@ -30227,7 +30773,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Plantweb Advisor for Metrology and Metering Suite SDK + product: 2088 Pressure Transmitter Family cves: cve-2021-4104: investigated: false @@ -30256,7 +30802,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Configuration Software + product: 2090F/2090P Pressure Transmitters cves: cve-2021-4104: investigated: false @@ -30285,7 +30831,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Configuration Software + product: 215 Pressure Sensor Module cves: cve-2021-4104: investigated: false @@ -30314,7 +30860,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Mobile Application & ProcessViz Software + product: 248 Configuration Application cves: cve-2021-4104: investigated: false @@ -30343,7 +30889,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Mobile Application & ProcessViz Software + product: 248 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -30372,7 +30918,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2230 Graphical Field Display + product: 3051 & 3051S Pressure transmitter families cves: cve-2021-4104: investigated: false @@ -30401,7 +30947,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2240S Multi-input Temperature Transmitter + product: 3144P Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -30430,7 +30976,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2410 Tank Hub + product: 326P Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -30459,7 +31005,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2460 System Hub + product: 326T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -30488,7 +31034,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 3490 Controller + product: 327T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -30517,7 +31063,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount CMS/IOU 61 + product: 4088 Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -30546,7 +31092,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount CMS/SCU 51/SCC + product: 4088 Upgrade Utility cves: cve-2021-4104: investigated: false @@ -30575,7 +31121,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount CMS/WSU 51/SWF 51 + product: 4600 Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -30604,7 +31150,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount IO-Link Assistant + product: 4732 Endeavor cves: cve-2021-4104: investigated: false @@ -30633,7 +31179,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Level Detectors (21xx) + product: 4732 Endeavor cves: cve-2021-4104: investigated: false @@ -30662,7 +31208,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) + product: 550 PT Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -30691,7 +31237,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Radar Configuration Tool + product: 5726 Transmitter cves: cve-2021-4104: investigated: false @@ -30720,7 +31266,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Radar Level Gauges (Pro 39xx 59xx) + product: 5726 Transmitter cves: cve-2021-4104: investigated: false @@ -30749,7 +31295,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount RadarMaster and RadarMaster Plus + product: 644 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -30778,7 +31324,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Tank Radar Gauges (TGUxx) + product: 648 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -30807,7 +31353,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount TankMaster and TankMaster Mobile + product: 848T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -30836,7 +31382,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Spectrex family Flame Detectors and Rosemount 975 flame detector + product: 'Combustion: OCX OXT 6888 CX1100 6888Xi' cves: cve-2021-4104: investigated: false @@ -30865,7 +31411,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: USM 3410 and 3810 Series Ultrasonic Transmitters + product: CT2211 QCL Aerosol Microleak Detection System cves: cve-2021-4104: investigated: false @@ -30894,7 +31440,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: USM 3410 and 3810 Series Ultrasonic Transmitters + product: CT3000 QCL Automotive OEM Gas Analyzer cves: cve-2021-4104: investigated: false @@ -30923,7 +31469,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Vortex and Magmeter Transmitters + product: CT4000 QCL Marine OEM Gas Analyzer cves: cve-2021-4104: investigated: false @@ -30952,7 +31498,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Vortex and Magmeter Transmitters + product: CT4215 QCL Packaging Leak Detection System cves: cve-2021-4104: investigated: false @@ -30981,7 +31527,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: WCM SWGM + product: CT4400 QCL General Purpose Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -31010,7 +31556,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: WCM SWGM + product: CT4404 QCL pMDI Leak Detection Analyzer cves: cve-2021-4104: investigated: false @@ -31038,8 +31584,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: EnterpriseDT - product: '' + - vendor: Emerson + product: CT5100 QCL Field Housing Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -31062,13 +31608,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/ + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ESET - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: CT5400 QCL General Purpose Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -31091,13 +31637,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ESRI - product: ArcGIS Data Store + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: CT5800 QCL Flameproof Housing Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -31105,42 +31651,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS Enterprise - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31152,14 +31666,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS GeoEvent Server + - vendor: Emerson + product: DHNC1 DHNC2 cves: cve-2021-4104: investigated: false @@ -31167,42 +31680,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] - cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS Server - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31214,14 +31695,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS Workflow Manager Server + - vendor: Emerson + product: DHNC1 DHNC2 cves: cve-2021-4104: investigated: false @@ -31229,10 +31709,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -31245,14 +31724,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: Portal for ArcGIS + - vendor: Emerson + product: Emerson Aperio software cves: cve-2021-4104: investigated: false @@ -31260,10 +31738,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -31276,14 +31753,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Estos - product: '' + - vendor: Emerson + product: Engineering Assistant 5.x & 6.x cves: cve-2021-4104: investigated: false @@ -31306,13 +31782,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.estos.de/de/sicherheitshinweise/estos-von-kritischer-schwachstelle-in-log4j-cve-2021-44228-nicht-betroffen + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Evolveum Midpoint - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Fieldwatch and Service consoles cves: cve-2021-4104: investigated: false @@ -31335,13 +31811,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://evolveum.com/midpoint-not-vulnerable-to-log4shell/ + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ewon - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Fieldwatch and Service consoles cves: cve-2021-4104: investigated: false @@ -31364,13 +31840,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Exabeam - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 'Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared + Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector' cves: cve-2021-4104: investigated: false @@ -31393,14 +31870,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.exabeam.com/s/discussions?t=1639379479381 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Exact - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Flarecheck FlowCheck Flowel & PWAM software cves: cve-2021-4104: investigated: false @@ -31423,13 +31899,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.exact.com/news/general-statement-apache-leak + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Exivity - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Flarecheck FlowCheck Flowel & PWAM software cves: cve-2021-4104: investigated: false @@ -31452,13 +31928,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.exivity.com/getting-started/releases/announcements#announcement-regarding-cve-2021-44228 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ExtraHop - product: Reveal(x) + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' cves: cve-2021-4104: investigated: false @@ -31466,11 +31942,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <=8.4.6 - - <=8.5.3 - - <=8.6.4 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -31484,13 +31957,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.extrahop.com/t/extrahop-update-on-log4shell/8148 - notes: Versions >8.4.7, >8.5.4, >8.6.5 and >=8.7 are fixed. + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: eXtreme Hosting - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' cves: cve-2021-4104: investigated: false @@ -31513,13 +31986,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://extremehosting.nl/log4shell-log4j/ + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Extreme Networks - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' cves: cve-2021-4104: investigated: false @@ -31542,13 +32015,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Extron - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' cves: cve-2021-4104: investigated: false @@ -31571,13 +32044,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.extron.com/featured/Security-at-Extron/extron-security + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F-Secure - product: Elements Connector + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless + Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle + Monitor' cves: cve-2021-4104: investigated: false @@ -31600,13 +32075,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F-Secure - product: Endpoint Proxy + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless + Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle + Monitor' cves: cve-2021-4104: investigated: false @@ -31614,9 +32091,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 13-15 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -31630,13 +32106,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.f-secure.com/incidents/sk8vmr0h34pd + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F-Secure - product: Messaging Security Gateway + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Incus Ultrasonic gas leak detector cves: cve-2021-4104: investigated: false @@ -31659,13 +32135,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F-Secure - product: Policy Manager + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: K-Series Coriolis Transmitters cves: cve-2021-4104: investigated: false @@ -31673,41 +32149,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 13-15 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://status.f-secure.com/incidents/sk8vmr0h34pd - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F-Secure - product: Policy Manager Proxy - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 13-15 - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31719,13 +32164,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.f-secure.com/incidents/sk8vmr0h34pd + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: BIG-IP (all modules) + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: K-Series Coriolis Transmitters cves: cve-2021-4104: investigated: false @@ -31733,11 +32178,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 11.x - 16.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31749,13 +32193,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: BIG-IQ Centralized Management + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: 'Liquid Transmitters: 5081 1066 1056 1057 56' cves: cve-2021-4104: investigated: false @@ -31763,11 +32207,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 7.x-8.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31779,13 +32222,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: F5OS + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Mark III Gas and Liquid USM cves: cve-2021-4104: investigated: false @@ -31793,11 +32236,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 1.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31809,13 +32251,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: NGINX App Protect + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Mark III Gas and Liquid USM cves: cve-2021-4104: investigated: false @@ -31823,11 +32265,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 3.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31839,13 +32280,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: NGINX Controller + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: MPFM2600 & MPFM5726 cves: cve-2021-4104: investigated: false @@ -31853,11 +32294,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 3.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31869,13 +32309,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: NGINX Ingress Controller + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: MPFM2600 & MPFM5726 cves: cve-2021-4104: investigated: false @@ -31883,11 +32323,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 1.x - 2.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31899,13 +32338,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: NGINX Instance Manager + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Plantweb Advisor for Metrology and Metering Suite SDK cves: cve-2021-4104: investigated: false @@ -31913,11 +32352,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 1.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31929,13 +32367,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: NGINX Open Source + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Plantweb Advisor for Metrology and Metering Suite SDK cves: cve-2021-4104: investigated: false @@ -31943,11 +32381,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 1.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31959,13 +32396,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: NGINX Plus + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Prolink Configuration Software cves: cve-2021-4104: investigated: false @@ -31973,11 +32410,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - R19 - R25 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -31989,13 +32425,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: NGINX Service Mesh + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Prolink Configuration Software cves: cve-2021-4104: investigated: false @@ -32003,11 +32439,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 1.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -32019,13 +32454,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: NGINX Unit + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Prolink Mobile Application & ProcessViz Software cves: cve-2021-4104: investigated: false @@ -32033,11 +32468,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 1.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -32049,13 +32483,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: F5 - product: Traffix SDC + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Prolink Mobile Application & ProcessViz Software cves: cve-2021-4104: investigated: false @@ -32063,10 +32497,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 5.x (5.2.0 CF1 - - 5.1.0 CF-30 - 5.1.0 CF-33) + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -32080,14 +32512,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.f5.com/csp/article/K19026212 - notes: 'Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + - Kibana), Element Management System' + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FAST LTA - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount 2230 Graphical Field Display cves: cve-2021-4104: investigated: false @@ -32110,13 +32541,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.fast-lta.de/en/log4j2-vulnerability + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fastly - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount 2240S Multi-input Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -32139,81 +32570,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FedEx - product: Ship Manager Software - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: - - Unknown - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4 - notes: 'Note: FedEx is aware of the issue related to the Log4j Remote Code Execution - vulnerability affecting various Apache products. We are actively assessing the - situation and taking necessary action as appropriate. As a result, we are temporarily - unable to provide a link to download the FedEx Ship Manager software or generate - product keys needed for registration of FedEx Ship Manager software. We are - working to have this resolved as quickly as possible and apologize for the inconvenience. - For related questions or the most updated information, customers should check - FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative.' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Fiix - product: Fiix CMMS Core - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - v5 - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: The product has been updated to Log4j version 2.15. An additional patch - is being developed to update to 2.16. No user interaction is required. - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: FileCap - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount 2410 Tank Hub cves: cve-2021-4104: investigated: false @@ -32236,13 +32599,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://mailchi.mp/3f82266e0717/filecap-update-version-511 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FileCatalyst - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount 2460 System Hub cves: cve-2021-4104: investigated: false @@ -32265,13 +32628,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.filecatalyst.com/index.php/Knowledgebase/Article/View/advisory-log4j-zero-day-security-vulnerability + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FileCloud - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount 3490 Controller cves: cve-2021-4104: investigated: false @@ -32294,13 +32657,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.getfilecloud.com/supportdocs/display/cloud/Advisory+2021-12-2+Impact+of+Apache+Log4j2+Vulnerability+on+FileCloud+Customers + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FileWave - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount CMS/IOU 61 cves: cve-2021-4104: investigated: false @@ -32323,13 +32686,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.filewave.com/display/KB/Security+Notice:+Apache+log4j+Vulnerability+CVE-2021-44228 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FINVI - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount CMS/SCU 51/SCC cves: cve-2021-4104: investigated: false @@ -32352,13 +32715,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://finvi.com/support/ + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FireDaemon - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount CMS/WSU 51/SWF 51 cves: cve-2021-4104: investigated: false @@ -32381,13 +32744,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.firedaemon.com/support/solutions/articles/4000178630 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fisher & Paykel Healthcare - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount IO-Link Assistant cves: cve-2021-4104: investigated: false @@ -32410,13 +32773,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fphcare.com/us/our-company/contact-us/product-security/ + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Flexagon - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount Level Detectors (21xx) cves: cve-2021-4104: investigated: false @@ -32439,13 +32802,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://flexagon.com/what-is-the-impact-of-log4j-vulnerability-cve-2021-44228-on-flexdeploy/ + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Flexera - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) cves: cve-2021-4104: investigated: false @@ -32468,13 +32831,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-2-remote-code-execution/ba-p/216934 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forcepoint - product: DLP Manager + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount Radar Configuration Tool cves: cve-2021-4104: investigated: false @@ -32497,13 +32860,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forcepoint - product: Forcepoint Cloud Security Gateway (CSG) + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount Radar Level Gauges (Pro 39xx 59xx) cves: cve-2021-4104: investigated: false @@ -32526,13 +32889,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forcepoint - product: Next Generation Firewall (NGFW) + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount RadarMaster and RadarMaster Plus cves: cve-2021-4104: investigated: false @@ -32555,14 +32918,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forcepoint - product: Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service - and Sidewinder + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount Tank Radar Gauges (TGUxx) cves: cve-2021-4104: investigated: false @@ -32585,13 +32947,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forcepoint - product: One Endpoint + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Rosemount TankMaster and TankMaster Mobile cves: cve-2021-4104: investigated: false @@ -32614,13 +32976,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forcepoint - product: Security Manager (Web, Email and DLP) + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Spectrex family Flame Detectors and Rosemount 975 flame detector cves: cve-2021-4104: investigated: false @@ -32643,13 +33005,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forescout - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: USM 3410 and 3810 Series Ultrasonic Transmitters cves: cve-2021-4104: investigated: false @@ -32672,42 +33034,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ForgeRock - product: Autonomous Identity - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa - notes: all other ForgeRock products Not vulnerable - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAIOps + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: USM 3410 and 3810 Series Ultrasonic Transmitters cves: cve-2021-4104: investigated: false @@ -32730,13 +33063,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAnalyzer + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Vortex and Magmeter Transmitters cves: cve-2021-4104: investigated: false @@ -32759,13 +33092,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAnalyzer Cloud + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: Vortex and Magmeter Transmitters cves: cve-2021-4104: investigated: false @@ -32788,13 +33121,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAP + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: WCM SWGM cves: cve-2021-4104: investigated: false @@ -32817,71 +33150,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAuthenticator - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiCASB - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiConvertor + last_updated: '2021-12-17T00:00:00' + - vendor: Emerson + product: WCM SWGM cves: cve-2021-4104: investigated: false @@ -32904,13 +33179,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiDeceptor + last_updated: '2021-12-17T00:00:00' + - vendor: EnterpriseDT + product: '' cves: cve-2021-4104: investigated: false @@ -32933,13 +33208,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiEDR Agent + - vendor: ESET + product: '' cves: cve-2021-4104: investigated: false @@ -32962,13 +33237,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiEDR Cloud + - vendor: ESRI + product: ArcGIS Data Store cves: cve-2021-4104: investigated: false @@ -32976,9 +33251,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -32991,13 +33267,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiGate Cloud + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: ArcGIS Enterprise cves: cve-2021-4104: investigated: false @@ -33005,9 +33282,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -33020,13 +33298,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiGSLB Cloud + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: ArcGIS GeoEvent Server cves: cve-2021-4104: investigated: false @@ -33034,9 +33313,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -33049,13 +33329,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiMail + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: ArcGIS Server cves: cve-2021-4104: investigated: false @@ -33063,9 +33344,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -33078,13 +33360,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiManager + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: ArcGIS Workflow Manager Server cves: cve-2021-4104: investigated: false @@ -33092,9 +33375,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -33107,13 +33391,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiManager Cloud + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: Portal for ArcGIS cves: cve-2021-4104: investigated: false @@ -33121,9 +33406,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -33136,13 +33422,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiNAC + last_updated: '2021-12-17T00:00:00' + - vendor: Estos + product: '' cves: cve-2021-4104: investigated: false @@ -33165,13 +33452,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://support.estos.de/de/sicherheitshinweise/estos-von-kritischer-schwachstelle-in-log4j-cve-2021-44228-nicht-betroffen notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiNAC + - vendor: Evolveum Midpoint + product: '' cves: cve-2021-4104: investigated: false @@ -33194,13 +33481,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://evolveum.com/midpoint-not-vulnerable-to-log4shell/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiOS (includes FortiGate & FortiWiFi) + - vendor: Ewon + product: All cves: cve-2021-4104: investigated: false @@ -33208,10 +33495,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -33223,13 +33511,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiPhish Cloud + last_updated: '2022-02-02T07:18:50+00:00' + - vendor: Exabeam + product: '' cves: cve-2021-4104: investigated: false @@ -33252,13 +33540,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://community.exabeam.com/s/discussions?t=1639379479381 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiPolicy + - vendor: Exact + product: '' cves: cve-2021-4104: investigated: false @@ -33281,13 +33570,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.exact.com/news/general-statement-apache-leak notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiPortal + - vendor: Exivity + product: '' cves: cve-2021-4104: investigated: false @@ -33310,13 +33599,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://docs.exivity.com/getting-started/releases/announcements#announcement-regarding-cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiRecorder + - vendor: ExtraHop + product: Reveal(x) cves: cve-2021-4104: investigated: false @@ -33324,8 +33613,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <=8.4.6 + - <=8.5.3 + - <=8.6.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -33339,13 +33631,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://forums.extrahop.com/t/extrahop-update-on-log4shell/8148 + notes: Versions >8.4.7, >8.5.4, >8.6.5 and >=8.7 are fixed. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiSIEM + last_updated: '2021-12-21T00:00:00' + - vendor: eXtreme Hosting + product: '' cves: cve-2021-4104: investigated: false @@ -33368,13 +33660,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://extremehosting.nl/log4shell-log4j/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiSOAR + - vendor: Extreme Networks + product: '' cves: cve-2021-4104: investigated: false @@ -33397,13 +33689,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiSwicth Cloud in FortiLANCloud + - vendor: Extron + product: '' cves: cve-2021-4104: investigated: false @@ -33426,13 +33718,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://www.extron.com/featured/Security-at-Extron/extron-security notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiSwitch & FortiSwitchManager + - vendor: F-Secure + product: Elements Connector cves: cve-2021-4104: investigated: false @@ -33455,13 +33747,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiToken Cloud + - vendor: F-Secure + product: Endpoint Proxy cves: cve-2021-4104: investigated: false @@ -33469,8 +33761,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 13-15 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -33484,13 +33777,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://status.f-secure.com/incidents/sk8vmr0h34pd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiVoice + - vendor: F-Secure + product: Messaging Security Gateway cves: cve-2021-4104: investigated: false @@ -33513,13 +33806,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiWeb Cloud + - vendor: F-Secure + product: Policy Manager cves: cve-2021-4104: investigated: false @@ -33527,8 +33820,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 13-15 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -33542,13 +33836,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://status.f-secure.com/incidents/sk8vmr0h34pd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: ShieldX + - vendor: F-Secure + product: Policy Manager Proxy cves: cve-2021-4104: investigated: false @@ -33556,8 +33850,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 13-15 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -33571,13 +33866,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://status.f-secure.com/incidents/sk8vmr0h34pd notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FTAPI - product: '' + - vendor: F5 + product: BIG-IP (all modules) cves: cve-2021-4104: investigated: false @@ -33585,10 +33880,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 11.x - 16.x cve-2021-45046: investigated: false affected_versions: [] @@ -33600,13 +33896,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/# + - https://support.f5.com/csp/article/K19026212 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fujitsu - product: '' + - vendor: F5 + product: BIG-IQ Centralized Management cves: cve-2021-4104: investigated: false @@ -33614,10 +33910,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 7.x-8.x cve-2021-45046: investigated: false affected_versions: [] @@ -33629,13 +33926,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + - https://support.f5.com/csp/article/K19026212 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FusionAuth - product: FusionAuth + - vendor: F5 + product: F5OS cves: cve-2021-4104: investigated: false @@ -33647,7 +33944,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.32' + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -33659,13 +33956,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/ + - https://support.f5.com/csp/article/K19026212 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GE Digital - product: '' + - vendor: F5 + product: NGINX App Protect cves: cve-2021-4104: investigated: false @@ -33673,10 +33970,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.x cve-2021-45046: investigated: false affected_versions: [] @@ -33688,14 +33986,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories - notes: This advisory is available to customers only and has not been reviewed - by CISA. + - https://support.f5.com/csp/article/K19026212 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Digital Grid - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX Controller cves: cve-2021-4104: investigated: false @@ -33703,10 +34000,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.x cve-2021-45046: investigated: false affected_versions: [] @@ -33718,14 +34016,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585 - notes: This advisory is available to customers only and has not been reviewed - by CISA. + - https://support.f5.com/csp/article/K19026212 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Asset Performance Management (APM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX Ingress Controller cves: cve-2021-4104: investigated: false @@ -33733,10 +34030,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.x - 2.x cve-2021-45046: investigated: false affected_versions: [] @@ -33748,13 +34046,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: GE verifying workaround. + - https://support.f5.com/csp/article/K19026212 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Baseline Security Center (BSC) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX Instance Manager cves: cve-2021-4104: investigated: false @@ -33762,10 +34060,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -33777,14 +34076,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details. + - https://support.f5.com/csp/article/K19026212 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Baseline Security Center (BSC) 2.0 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX Open Source cves: cve-2021-4104: investigated: false @@ -33792,10 +34090,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -33807,14 +34106,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details + - https://support.f5.com/csp/article/K19026212 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Control Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX Plus cves: cve-2021-4104: investigated: false @@ -33822,10 +34120,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - R19 - R25 cve-2021-45046: investigated: false affected_versions: [] @@ -33837,14 +34136,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: The Control Server is Affected via vCenter. There is a fix for vCenter. - Please see below. GE verifying the vCenter fix as proposed by the vendor. + - https://support.f5.com/csp/article/K19026212 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Tag Mapping Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX Service Mesh cves: cve-2021-4104: investigated: false @@ -33852,10 +34150,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -33867,13 +34166,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + - https://support.f5.com/csp/article/K19026212 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Healthcare - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: NGINX Unit cves: cve-2021-4104: investigated: false @@ -33881,10 +34180,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -33896,14 +34196,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://securityupdate.gehealthcare.com - notes: This advisory is not available at the time of this review, due to maintence - on the GE Healthcare website. + - https://support.f5.com/csp/article/K19026212 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Gearset - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: F5 + product: Traffix SDC cves: cve-2021-4104: investigated: false @@ -33911,8 +34210,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 5.x (5.2.0 CF1 + - 5.1.0 CF-30 - 5.1.0 CF-33) fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -33926,12 +34227,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021 - notes: '' + - https://support.f5.com/csp/article/K19026212 + notes: 'Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + + Kibana), Element Management System' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Genesys + - vendor: FAST LTA product: '' cves: cve-2021-4104: @@ -33955,12 +34257,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability + - https://blog.fast-lta.de/en/log4j2-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GeoServer + - vendor: Fastly product: '' cves: cve-2021-4104: @@ -33984,13 +34286,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html + - https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gerrit code review - product: '' + - vendor: FedEx + product: Ship Manager Software cves: cve-2021-4104: investigated: false @@ -33998,10 +34300,48 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: false + affected_versions: + - Unknown + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4 + notes: 'Note: FedEx is aware of the issue related to the Log4j Remote Code Execution + vulnerability affecting various Apache products. We are actively assessing the + situation and taking necessary action as appropriate. As a result, we are temporarily + unable to provide a link to download the FedEx Ship Manager software or generate + product keys needed for registration of FedEx Ship Manager software. We are + working to have this resolved as quickly as possible and apologize for the inconvenience. + For related questions or the most updated information, customers should check + FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative.' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Fiix + product: Fiix CMMS Core + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v5 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -34013,12 +34353,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gerritcodereview.com/2021-12-13-log4j-statement.html - notes: '' + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: The product has been updated to Log4j version 2.15. An additional patch + is being developed to update to 2.16. No user interaction is required. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GFI + last_updated: '2021-12-15T00:00:00' + - vendor: FileCap product: '' cves: cve-2021-4104: @@ -34042,12 +34383,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + - https://mailchi.mp/3f82266e0717/filecap-update-version-511 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ghidra + - vendor: FileCatalyst product: '' cves: cve-2021-4104: @@ -34071,13 +34412,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning + - https://support.filecatalyst.com/index.php/Knowledgebase/Article/View/advisory-log4j-zero-day-security-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gigamon - product: Fabric Manager + - vendor: FileCloud + product: '' cves: cve-2021-4104: investigated: false @@ -34085,9 +34426,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <5.13.01.02 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -34101,14 +34441,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.gigamon.com/gigamoncp/s/my-gigamon - notes: Updates available via the Gigamon Support Portal. This advisory available - to customers only and has not been reviewed by CISA. + - https://www.getfilecloud.com/supportdocs/display/cloud/Advisory+2021-12-2+Impact+of+Apache+Log4j2+Vulnerability+on+FileCloud+Customers + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: GitHub - product: GitHub + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FileWave + product: '' cves: cve-2021-4104: investigated: false @@ -34116,10 +34455,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - GitHub.com and GitHub Enterprise Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -34132,12 +34470,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + - https://kb.filewave.com/display/KB/Security+Notice:+Apache+log4j+Vulnerability+CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: GitLab + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FINVI product: '' cves: cve-2021-4104: @@ -34161,12 +34499,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763 + - https://finvi.com/support/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Globus + - vendor: FireDaemon product: '' cves: cve-2021-4104: @@ -34190,13 +34528,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4 + - https://kb.firedaemon.com/support/solutions/articles/4000178630 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GoAnywhere - product: Gateway + - vendor: Fisher & Paykel Healthcare + product: '' cves: cve-2021-4104: investigated: false @@ -34204,9 +34542,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 2.8.4 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -34220,13 +34557,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + - https://www.fphcare.com/us/our-company/contact-us/product-security/ notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' - - vendor: GoAnywhere - product: MFT + last_updated: '2021-12-21T00:00:00' + - vendor: Flexagon + product: '' cves: cve-2021-4104: investigated: false @@ -34234,9 +34571,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 6.8.6 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -34250,13 +34586,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + - https://flexagon.com/what-is-the-impact-of-log4j-vulnerability-cve-2021-44228-on-flexdeploy/ notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' - - vendor: GoAnywhere - product: MFT Agents + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Flexera + product: '' cves: cve-2021-4104: investigated: false @@ -34264,9 +34600,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 1.6.5 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -34280,13 +34615,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + - https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-2-remote-code-execution/ba-p/216934 notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' - - vendor: GoCD - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: DLP Manager cves: cve-2021-4104: investigated: false @@ -34309,13 +34644,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gocd.org/2021/12/14/log4j-vulnerability.html + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Google - product: Chrome + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Forcepoint Cloud Security Gateway (CSG) cves: cve-2021-4104: investigated: false @@ -34323,12 +34658,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -34338,14 +34673,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html - notes: Chrome Browser releases, infrastructure and admin console are not using - versions of Log4j affected by the vulnerability. + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: '' references: - '' - last_updated: '2022-01-14' - - vendor: Google Cloud - product: Access Transparency + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Next Generation Firewall (NGFW) cves: cve-2021-4104: investigated: false @@ -34368,14 +34702,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Actifio + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service + and Sidewinder cves: cve-2021-4104: investigated: false @@ -34398,16 +34732,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Actifio has identified limited exposure to the Log4j 2 vulnerability and - has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) - for the full statement and to obtain the hotfix (available to Actifio customers - only). + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AI Platform Data Labeling + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: One Endpoint cves: cve-2021-4104: investigated: false @@ -34430,14 +34761,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AI Platform Neural Architecture Search (NAS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Security Manager (Web, Email and DLP) cves: cve-2021-4104: investigated: false @@ -34460,14 +34790,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AI Platform Training and Prediction + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forescout + product: '' cves: cve-2021-4104: investigated: false @@ -34490,14 +34819,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ForgeRock + product: Autonomous Identity cves: cve-2021-4104: investigated: false @@ -34520,17 +34848,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Anthos environments to identify components dependent on Log4j 2 and update them - to the latest version. + - https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa + notes: all other ForgeRock products Not vulnerable references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Config Management + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiAIOps cves: cve-2021-4104: investigated: false @@ -34553,14 +34877,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Connect + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiAnalyzer cves: cve-2021-4104: investigated: false @@ -34583,14 +34906,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Hub + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiAnalyzer Cloud cves: cve-2021-4104: investigated: false @@ -34613,14 +34935,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Identity Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiAP cves: cve-2021-4104: investigated: false @@ -34643,14 +34964,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos on VMWare + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiAuthenticator cves: cve-2021-4104: investigated: false @@ -34673,18 +34993,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check - VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds - to their VMware products as they become available. We also recommend customers - review their respective applications and workloads affected by the same vulnerabilities - and apply appropriate patches. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Premium Software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiCASB cves: cve-2021-4104: investigated: false @@ -34707,14 +35022,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Anthos Service Mesh + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiConvertor cves: cve-2021-4104: investigated: false @@ -34737,14 +35051,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Apigee + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiDeceptor cves: cve-2021-4104: investigated: false @@ -34767,19 +35080,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not - used and therefore the VMs were not impacted by the issues in CVE-2021-44228 - and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. - It is possible that customers may have introduced custom resources that are - using vulnerable versions of Log4j. We strongly encourage customers who manage - Apigee environments to identify components dependent on Log4j and update them - to the latest version. Visit the Apigee Incident Report for more information. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Google Cloud - product: App Engine + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiEDR Agent cves: cve-2021-4104: investigated: false @@ -34802,17 +35109,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - App Engine environments to identify components dependent on Log4j 2 and update - them to the latest version. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AppSheet + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiEDR Cloud cves: cve-2021-4104: investigated: false @@ -34835,17 +35138,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At - this time, we have identified no impact to core AppSheet functionality. Additionally, - we have patched one Java-based auxiliary service in our platform. We will continue - to monitor for affected services and patch or remediate as required. If you - have any questions or require assistance, contact AppSheet Support. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Artifact Registry + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiGate Cloud cves: cve-2021-4104: investigated: false @@ -34868,14 +35167,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Assured Workloads + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiGSLB Cloud cves: cve-2021-4104: investigated: false @@ -34898,14 +35196,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiMail cves: cve-2021-4104: investigated: false @@ -34928,14 +35225,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML Natural Language + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiManager cves: cve-2021-4104: investigated: false @@ -34958,14 +35254,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML Tables + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiManager Cloud cves: cve-2021-4104: investigated: false @@ -34988,14 +35283,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML Translation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiNAC cves: cve-2021-4104: investigated: false @@ -35018,14 +35312,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML Video + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiNAC cves: cve-2021-4104: investigated: false @@ -35048,14 +35341,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: AutoML Vision + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiOS (includes FortiGate & FortiWiFi) cves: cve-2021-4104: investigated: false @@ -35078,14 +35370,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: BigQuery + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPhish Cloud cves: cve-2021-4104: investigated: false @@ -35108,14 +35399,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: BigQuery Data Transfer Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPolicy cves: cve-2021-4104: investigated: false @@ -35138,14 +35428,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: BigQuery Omni + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPortal cves: cve-2021-4104: investigated: false @@ -35168,15 +35457,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: BigQuery Omni, which runs on AWS and Azure infrastructure, does not use - Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. - We continue to work with AWS and Azure to assess the situation. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Binary Authorization + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiRecorder cves: cve-2021-4104: investigated: false @@ -35199,14 +35486,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Certificate Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSIEM cves: cve-2021-4104: investigated: false @@ -35229,14 +35515,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Chronicle + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSOAR cves: cve-2021-4104: investigated: false @@ -35259,14 +35544,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Asset Inventory + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSwicth Cloud in FortiLANCloud cves: cve-2021-4104: investigated: false @@ -35289,14 +35573,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Bigtable + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSwitch & FortiSwitchManager cves: cve-2021-4104: investigated: false @@ -35319,14 +35602,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Cloud Build + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiToken Cloud cves: cve-2021-4104: investigated: false @@ -35349,17 +35631,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Build environments to identify components dependent on Log4j 2 and update - them to the latest version. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud CDN + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiVoice cves: cve-2021-4104: investigated: false @@ -35382,14 +35660,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Composer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiWeb Cloud cves: cve-2021-4104: investigated: false @@ -35412,19 +35689,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and - is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible - that customers may have imported or introduced other dependencies via DAGs, - installed PyPI modules, plugins, or other services that are using vulnerable - versions of Log4j 2. We strongly encourage customers, who manage Composer environments - to identify components dependent on Log4j 2 and update them to the latest version. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Google Cloud - product: Cloud Console App + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: ShieldX cves: cve-2021-4104: investigated: false @@ -35447,14 +35718,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Data Loss Prevention + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FTAPI + product: '' cves: cve-2021-4104: investigated: false @@ -35477,257 +35747,255 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/# + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Debugger + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000 series cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Deployment Manager + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000S series cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud DNS + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS2000 series cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Endpoints + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V8 series cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud External Key Manager (EKM) + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V9 series cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Functions + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH X1 series cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Functions environments to identify components dependent on Log4j 2 and - update them to the latest version. + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Hardware Security Module (HSM) + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: TELLUS and V-Server cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Version 3 + - Version 4 cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Interconnect + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: V-SFT cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Version 5 + - Version 6 cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Intrusion Detection System (IDS) + last_updated: '2022-02-02T00:00:00' + - vendor: Fujitsu + product: '' cves: cve-2021-4104: investigated: false @@ -35750,14 +36018,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Key Management Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FusionAuth + product: FusionAuth cves: cve-2021-4104: investigated: false @@ -35765,10 +36032,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '1.32' cve-2021-45046: investigated: false affected_versions: [] @@ -35780,14 +36048,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Load Balancing + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GE Digital + product: All cves: cve-2021-4104: investigated: false @@ -35810,14 +36077,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories + notes: This advisory is available to customers only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Logging + last_updated: '2021-12-22T00:00:00' + - vendor: GE Digital Grid + product: All cves: cve-2021-4104: investigated: false @@ -35840,14 +36107,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585 + notes: This advisory is available to customers only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Natural Language API + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Asset Performance Management (APM) cves: cve-2021-4104: investigated: false @@ -35855,9 +36122,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -35870,14 +36138,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed + in development environment and the team is currently deploying the fixes in + the production environment. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Network Address Translation (NAT) + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Baseline Security Center (BSC) cves: cve-2021-4104: investigated: false @@ -35885,8 +36154,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -35900,14 +36170,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power is still validating the workaround provided by FoxGuard in + Technical Information Notice – M1221-S01. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Profiler + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Baseline Security Center (BSC) 2.0 cves: cve-2021-4104: investigated: false @@ -35915,9 +36185,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -35930,14 +36201,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the component of the BSC 2.0 that + is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded + from link in reference section. This update is available to customer only and + has not been reviewed by CISA. references: - - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Router + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Control Server cves: cve-2021-4104: investigated: false @@ -35945,8 +36218,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -35960,14 +36234,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Please see vCenter. Control Server is not directly impacted. It is impacted + through vCenter. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Run + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: MyFleet cves: cve-2021-4104: investigated: false @@ -35975,9 +36249,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -35990,17 +36265,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Run environments to identify components dependent on Log4j 2 and update - them to the latest version. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Run for Anthos + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: OPM Performance Intelligence cves: cve-2021-4104: investigated: false @@ -36008,9 +36279,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36023,17 +36295,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Run for Anthos environments to identify components dependent on Log4j - 2 and update them to the latest version. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Scheduler + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: OPM Performance Planning cves: cve-2021-4104: investigated: false @@ -36041,9 +36309,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36056,14 +36325,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud SDK + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Tag Mapping Service cves: cve-2021-4104: investigated: false @@ -36071,9 +36339,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36086,14 +36355,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Shell + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: vCenter cves: cve-2021-4104: investigated: false @@ -36101,9 +36369,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36116,17 +36385,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Shell environments to identify components dependent on Log4j 2 and update - them to the latest version. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the update provided by Vmware. The + update and instructions can be downloaded from link in reference section. This + update is available to customer only and has not been reviewed by CISA. references: - - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Source Repositories + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Healthcare + product: '' cves: cve-2021-4104: investigated: false @@ -36149,14 +36416,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://securityupdate.gehealthcare.com + notes: This advisory is not available at the time of this review, due to maintence + on the GE Healthcare website. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Spanner + last_updated: '2021-12-22T00:00:00' + - vendor: Gearset + product: All cves: cve-2021-4104: investigated: false @@ -36179,14 +36446,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021 + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Cloud SQL + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Genesys + product: All cves: cve-2021-4104: investigated: false @@ -36209,14 +36475,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Cloud Storage + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GeoServer + product: All cves: cve-2021-4104: investigated: false @@ -36239,14 +36504,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Tasks + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GeoSolutions + product: GeoNetwork cves: cve-2021-4104: investigated: false @@ -36254,9 +36518,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: All unaffected_versions: [] cve-2021-45046: investigated: false @@ -36269,14 +36533,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Trace + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: GeoSolutions + product: GeoServer cves: cve-2021-4104: investigated: false @@ -36284,10 +36547,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -36299,14 +36563,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Traffic Director + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: Gerrit Code Review + product: All cves: cve-2021-4104: investigated: false @@ -36329,14 +36592,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.gerritcodereview.com/2021-12-13-log4j-statement.html + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Cloud Translation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GFI Software + product: All cves: cve-2021-4104: investigated: false @@ -36359,14 +36621,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Vision + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GFI Software + product: Kerio Connect cves: cve-2021-4104: investigated: false @@ -36374,9 +36635,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36389,14 +36651,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud Vision OCR On-Prem + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ghidra + product: All cves: cve-2021-4104: investigated: false @@ -36419,14 +36680,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Cloud VPN + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ghisler + product: Total Commander cves: cve-2021-4104: investigated: false @@ -36434,10 +36694,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36449,14 +36710,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.ghisler.com/whatsnew.htm + notes: Third Party plugins might contain log4j. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: CompilerWorks + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gigamon + product: Fabric Manager cves: cve-2021-4104: investigated: false @@ -36464,9 +36724,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - <5.13.01.02 unaffected_versions: [] cve-2021-45046: investigated: false @@ -36479,14 +36740,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://community.gigamon.com/gigamoncp/s/my-gigamon + notes: Updates available via the Gigamon Support Portal. This advisory available + to customers only and has not been reviewed by CISA. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Compute Engine + last_updated: '2021-12-21T00:00:00' + - vendor: GitHub + product: GitHub cves: cve-2021-4104: investigated: false @@ -36494,9 +36755,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - GitHub.com and GitHub Enterprise Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -36509,26 +36771,27 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Compute Engine does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, - we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes - to Google Cloud VMware Engine as they become available. + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Contact Center AI (CCAI) - cves: + last_updated: '2021-12-17T00:00:00' + - vendor: GitHub + product: GitHub Enterprise Server + cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.0.22 + - 3.1.14 + - 3.2.6 + - 3.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -36541,14 +36804,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Contact Center AI Insights + last_updated: '2021-12-17T00:00:00' + - vendor: GitLab + product: All cves: cve-2021-4104: investigated: false @@ -36556,10 +36818,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36571,14 +36834,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Container Registry + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: DAST Analyzer cves: cve-2021-4104: investigated: false @@ -36586,10 +36848,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36601,14 +36864,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Data Catalog + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Dependency Scanning cves: cve-2021-4104: investigated: false @@ -36616,9 +36878,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36631,16 +36894,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 - and CVE-2021-45046. We strongly encourage customers who introduced their own - connectors to identify dependencies on Log4j 2 and update them to the latest - version. + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Data Fusion + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Gemnasium-Maven cves: cve-2021-4104: investigated: false @@ -36648,9 +36908,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36663,17 +36924,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Data Fusion does not use Log4j 2, but uses Dataproc as one of the options - to execute pipelines. Dataproc released new images on December 18, 2021 to address - the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow - instructions in a notification sent on December 18, 2021 with the subject line - “Important information about Data Fusion.” + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Database Migration Service (DMS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: PMD OSS cves: cve-2021-4104: investigated: false @@ -36681,9 +36938,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36696,14 +36954,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Dataflow + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: SAST cves: cve-2021-4104: investigated: false @@ -36711,9 +36968,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36726,18 +36984,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: 'Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 - and CVE-2021-45046. If you have changed dependencies or default behavior, it - is strongly recommended you verify there is no dependency on vulnerable versions - Log4j 2. Customers have been provided details and instructions in a notification - sent on December 17, 2021 with the subject line “Update #1 to Important information - about Dataflow.”' + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Google Cloud - product: Dataproc + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Spotbugs cves: cve-2021-4104: investigated: false @@ -36745,9 +36998,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36760,16 +37014,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Dataproc released new images on December 18, 2021 to address the vulnerabilities - in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions - in notifications sent on December 18, 2021 with the subject line “Important - information about Dataproc” with Dataproc documentation. + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Dataproc Metastore + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Globus + product: All cves: cve-2021-4104: investigated: false @@ -36792,17 +37043,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Dataproc Metastore has been updated to mitigate the issues identified in - CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent - two notifications with instructions on December 17, 2021 with the subject line - “Important information regarding Log4j 2 vulnerability in your gRPC-enabled - Dataproc Metastore.” + - https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Google Cloud - product: Datastore + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GoAnywhere + product: Agents cves: cve-2021-4104: investigated: false @@ -36810,9 +37057,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36825,14 +37073,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Datastream + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Gateway cves: cve-2021-4104: investigated: false @@ -36840,9 +37087,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Version 2.7.0 or later unaffected_versions: [] cve-2021-45046: investigated: false @@ -36855,14 +37103,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Google Cloud - product: Dialogflow Essentials (ES) + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: MFT cves: cve-2021-4104: investigated: false @@ -36870,9 +37117,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Version 5.3.0 or later unaffected_versions: [] cve-2021-45046: investigated: false @@ -36885,14 +37133,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Document AI + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: MFT Agents cves: cve-2021-4104: investigated: false @@ -36900,8 +37147,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.4.2 or later fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -36915,14 +37163,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: Versions less than GoAnywhere Agent version 1.4.2 are not affected. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Event Threat Detection + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Open PGP Studio cves: cve-2021-4104: investigated: false @@ -36930,9 +37177,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36945,14 +37193,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Eventarc + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Suveyor/400 cves: cve-2021-4104: investigated: false @@ -36960,10 +37207,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36975,14 +37223,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Filestore + last_updated: '2021-12-18T00:00:00' + - vendor: GoCD + product: All cves: cve-2021-4104: investigated: false @@ -37005,16 +37252,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Log4j 2 is contained within the Filestore service; there is a technical - control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. - Log4j 2 will be updated to the latest version as part of the scheduled rollout - in January 2022. + - https://www.gocd.org/2021/12/14/log4j-vulnerability.html + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Google Cloud - product: Firebase + last_updated: '2022-01-12T07:18:52+00:00' + - vendor: Google + product: Chrome cves: cve-2021-4104: investigated: false @@ -37022,12 +37266,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -37037,14 +37282,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html + notes: Chrome Browser releases, infrastructure and admin console are not using + versions of Log4j affected by the vulnerability. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2022-01-14' - vendor: Google Cloud - product: Firestore + product: Access Transparency cves: cve-2021-4104: investigated: false @@ -37052,10 +37297,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37072,9 +37318,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-19T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Game Servers + product: Actifio cves: cve-2021-4104: investigated: false @@ -37082,10 +37328,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37098,13 +37345,15 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + notes: Actifio has identified limited exposure to the Log4j 2 vulnerability and + has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) + for the full statement and to obtain the hotfix (available to Actifio customers + only). references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Google Cloud Armor + product: AI Platform Data Labeling cves: cve-2021-4104: investigated: false @@ -37112,10 +37361,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37132,9 +37382,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Google Cloud Armor Managed Protection Plus + product: AI Platform Neural Architecture Search (NAS) cves: cve-2021-4104: investigated: false @@ -37142,10 +37392,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37162,9 +37413,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Google Cloud VMware Engine + product: AI Platform Training and Prediction cves: cve-2021-4104: investigated: false @@ -37172,10 +37423,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37188,13 +37440,13 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: We are working with VMware and tracking VMSA-2021-0028.1. We will deploy - fixes as they become available. + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-11T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Google Kubernetes Engine + product: Anthos cves: cve-2021-4104: investigated: false @@ -37202,10 +37454,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37218,16 +37471,16 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: Google Kubernetes Engine does not use Log4j 2 and is not impacted by the - issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have - introduced a separate logging solution that uses Log4j 2. We strongly encourage - customers who manage Google Kubernetes Engine environments to identify components - dependent on Log4j 2 and update them to the latest version. + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Anthos environments to identify components dependent on Log4j 2 and update them + to the latest version. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Healthcare Data Engine (HDE) + product: Anthos Config Management cves: cve-2021-4104: investigated: false @@ -37235,10 +37488,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37257,7 +37511,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Human-in-the-Loop AI + product: Anthos Connect cves: cve-2021-4104: investigated: false @@ -37265,10 +37519,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37287,7 +37542,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: IoT Core + product: Anthos Hub cves: cve-2021-4104: investigated: false @@ -37295,10 +37550,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37317,7 +37573,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Key Access Justifications (KAJ) + product: Anthos Identity Service cves: cve-2021-4104: investigated: false @@ -37325,10 +37581,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37347,7 +37604,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Looker + product: Anthos on VMWare cves: cve-2021-4104: investigated: false @@ -37355,10 +37612,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37371,20 +37629,17 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. - Looker is currently working with third-party driver vendors to evaluate the - impact of the Log4j vulnerability. As Looker does not enable logging for these - drivers in Looker-hosted instances, no messages are logged. We conclude that - the vulnerability is mitigated. We continue to actively work with the vendors - to deploy a fix for these drivers. Looker customers who self-manage their Looker - instances have received instructions through their technical contacts on how - to take the necessary steps to address the vulnerability. Looker customers who - have questions or require assistance, please visit Looker Support. + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check + VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds + to their VMware products as they become available. We also recommend customers + review their respective applications and workloads affected by the same vulnerabilities + and apply appropriate patches. references: - '' - last_updated: '2021-12-18T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Media Translation API + product: Anthos Premium Software cves: cve-2021-4104: investigated: false @@ -37392,10 +37647,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37414,7 +37670,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Memorystore + product: Anthos Service Mesh cves: cve-2021-4104: investigated: false @@ -37422,10 +37678,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37442,9 +37699,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-19T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Migrate for Anthos + product: Apigee cves: cve-2021-4104: investigated: false @@ -37452,10 +37709,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37468,13 +37726,18 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + notes: Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not + used and therefore the VMs were not impacted by the issues in CVE-2021-44228 + and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. + It is possible that customers may have introduced custom resources that are + using vulnerable versions of Log4j. We strongly encourage customers who manage + Apigee environments to identify components dependent on Log4j and update them + to the latest version. Visit the Apigee Incident Report for more information. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-17T00:00:00' - vendor: Google Cloud - product: Migrate for Compute Engine (M4CE) + product: App Engine cves: cve-2021-4104: investigated: false @@ -37482,10 +37745,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37498,16 +37762,16 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: M4CE has been updated to mitigate the issues identified in CVE-2021-44228 - and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. - A notification was sent to customers on December 17, 2021 with subject line - “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 - or below. If you are on M4CE v5.0 or above, no action is needed. + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + App Engine environments to identify components dependent on Log4j 2 and update + them to the latest version. references: - '' - last_updated: '2021-12-19T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Network Connectivity Center + product: AppSheet cves: cve-2021-4104: investigated: false @@ -37515,10 +37779,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37531,13 +37796,16 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + notes: The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At + this time, we have identified no impact to core AppSheet functionality. Additionally, + we have patched one Java-based auxiliary service in our platform. We will continue + to monitor for affected services and patch or remediate as required. If you + have any questions or require assistance, contact AppSheet Support. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Network Intelligence Center + product: Artifact Registry cves: cve-2021-4104: investigated: false @@ -37545,10 +37813,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37565,9 +37834,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Network Service Tiers + product: Assured Workloads cves: cve-2021-4104: investigated: false @@ -37575,10 +37844,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37595,9 +37865,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Persistent Disk + product: AutoML cves: cve-2021-4104: investigated: false @@ -37605,10 +37875,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37625,9 +37896,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Pub/Sub + product: AutoML Natural Language cves: cve-2021-4104: investigated: false @@ -37635,10 +37906,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37655,9 +37927,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-16T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Pub/Sub Lite + product: AutoML Tables cves: cve-2021-4104: investigated: false @@ -37665,10 +37937,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37682,15 +37955,12 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Pub/Sub Lite environments to identify components dependent on Log4j 2 and update - them to the latest version. + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-16T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: reCAPTCHA Enterprise + product: AutoML Translation cves: cve-2021-4104: investigated: false @@ -37698,10 +37968,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37720,7 +37991,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Recommendations AI + product: AutoML Video cves: cve-2021-4104: investigated: false @@ -37728,10 +37999,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37750,7 +38022,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Retail Search + product: AutoML Vision cves: cve-2021-4104: investigated: false @@ -37758,10 +38030,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37780,7 +38053,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Risk Manager + product: BigQuery cves: cve-2021-4104: investigated: false @@ -37788,10 +38061,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37810,7 +38084,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Secret Manager + product: BigQuery Data Transfer Service cves: cve-2021-4104: investigated: false @@ -37818,10 +38092,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37840,7 +38115,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Security Command Center + product: BigQuery Omni cves: cve-2021-4104: investigated: false @@ -37848,10 +38123,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37864,13 +38140,14 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + notes: BigQuery Omni, which runs on AWS and Azure infrastructure, does not use + Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. + We continue to work with AWS and Azure to assess the situation. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-19T00:00:00' - vendor: Google Cloud - product: Service Directory + product: Binary Authorization cves: cve-2021-4104: investigated: false @@ -37878,10 +38155,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37900,7 +38178,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Service Infrastructure + product: Certificate Manager cves: cve-2021-4104: investigated: false @@ -37908,10 +38186,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37930,7 +38209,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Speaker ID + product: Chronicle cves: cve-2021-4104: investigated: false @@ -37938,10 +38217,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37958,9 +38238,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Google Cloud - product: Speech-to-Text + product: Cloud Asset Inventory cves: cve-2021-4104: investigated: false @@ -37968,10 +38248,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37990,7 +38271,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Speech-to-Text On-Prem + product: Cloud Bigtable cves: cve-2021-4104: investigated: false @@ -37998,10 +38279,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38018,9 +38300,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-19T00:00:00' - vendor: Google Cloud - product: Storage Transfer Service + product: Cloud Build cves: cve-2021-4104: investigated: false @@ -38028,10 +38310,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38045,12 +38328,15 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Build environments to identify components dependent on Log4j 2 and update + them to the latest version. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Talent Solution + product: Cloud CDN cves: cve-2021-4104: investigated: false @@ -38058,10 +38344,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38078,9 +38365,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Google Cloud - product: Text-to-Speech + product: Cloud Composer cves: cve-2021-4104: investigated: false @@ -38088,10 +38375,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38105,12 +38393,17 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and + is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible + that customers may have imported or introduced other dependencies via DAGs, + installed PyPI modules, plugins, or other services that are using vulnerable + versions of Log4j 2. We strongly encourage customers, who manage Composer environments + to identify components dependent on Log4j 2 and update them to the latest version. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-15T00:00:00' - vendor: Google Cloud - product: Transcoder API + product: Cloud Console App cves: cve-2021-4104: investigated: false @@ -38118,10 +38411,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38140,7 +38434,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Transfer Appliance + product: Cloud Data Loss Prevention cves: cve-2021-4104: investigated: false @@ -38148,10 +38442,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38170,7 +38465,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Video Intelligence API + product: Cloud Debugger cves: cve-2021-4104: investigated: false @@ -38178,10 +38473,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38200,7 +38496,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Virtual Private Cloud + product: Cloud Deployment Manager cves: cve-2021-4104: investigated: false @@ -38208,10 +38504,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38228,9 +38525,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Web Security Scanner + product: Cloud DNS cves: cve-2021-4104: investigated: false @@ -38238,10 +38535,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38258,9 +38556,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Google Cloud - product: Workflows + product: Cloud Endpoints cves: cve-2021-4104: investigated: false @@ -38268,10 +38566,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38289,8 +38588,8 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Gradle - product: Gradle + - vendor: Google Cloud + product: Cloud External Key Manager (EKM) cves: cve-2021-4104: investigated: false @@ -38298,10 +38597,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38313,13 +38613,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.gradle.org/log4j-vulnerability - notes: Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gradle - product: Gradle Enterprise + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Functions cves: cve-2021-4104: investigated: false @@ -38328,10 +38629,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2021.3.6 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38343,13 +38644,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.gradle.com/advisory/2021-11 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Functions environments to identify components dependent on Log4j 2 and + update them to the latest version. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gradle - product: Gradle Enterprise Build Cache Node + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Hardware Security Module (HSM) cves: cve-2021-4104: investigated: false @@ -38358,10 +38663,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 10.1 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38373,13 +38678,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.gradle.com/advisory/2021-11 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gradle - product: Gradle Enterprise Test Distribution Agent + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Interconnect cves: cve-2021-4104: investigated: false @@ -38388,10 +38694,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 1.6.2 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38403,13 +38709,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.gradle.com/advisory/2021-11 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Grafana - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Intrusion Detection System (IDS) cves: cve-2021-4104: investigated: false @@ -38417,10 +38724,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38432,13 +38740,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/ - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Grandstream - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Key Management Service cves: cve-2021-4104: investigated: false @@ -38446,10 +38755,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38461,13 +38771,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee - product: Access Management + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Load Balancing cves: cve-2021-4104: investigated: false @@ -38479,7 +38790,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38491,13 +38802,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee - product: Access Management + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Logging cves: cve-2021-4104: investigated: false @@ -38509,7 +38821,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38521,13 +38833,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee - product: Alert Engine + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Natural Language API cves: cve-2021-4104: investigated: false @@ -38539,7 +38852,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.5.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38551,13 +38864,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee - product: Alert Engine + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Network Address Translation (NAT) cves: cve-2021-4104: investigated: false @@ -38569,7 +38883,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.4.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38581,13 +38895,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee - product: API Management + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Profiler cves: cve-2021-4104: investigated: false @@ -38599,7 +38914,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38611,13 +38926,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee - product: API Management + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Router cves: cve-2021-4104: investigated: false @@ -38629,7 +38945,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38641,13 +38957,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee - product: Cockpit + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Run cves: cve-2021-4104: investigated: false @@ -38659,7 +38976,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.4.x + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38671,13 +38988,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Run environments to identify components dependent on Log4j 2 and update + them to the latest version. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee.io - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Run for Anthos cves: cve-2021-4104: investigated: false @@ -38685,10 +39006,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38700,13 +39022,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Run for Anthos environments to identify components dependent on Log4j + 2 and update them to the latest version. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravwell - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Scheduler cves: cve-2021-4104: investigated: false @@ -38714,10 +39040,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38729,13 +39056,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Graylog - product: Graylog Server + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud SDK cves: cve-2021-4104: investigated: false @@ -38744,10 +39072,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All versions >= 1.2.0 and <= 4.2.2 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38759,13 +39087,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.graylog.org/post/graylog-update-for-log4j - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GreenShot - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Shell cves: cve-2021-4104: investigated: false @@ -38773,10 +39102,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38788,13 +39118,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://greenshot.atlassian.net/browse/BUG-2871 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Shell environments to identify components dependent on Log4j 2 and update + them to the latest version. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GSA - product: Cloud.gov + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Source Repositories cves: cve-2021-4104: investigated: false @@ -38802,10 +39136,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38817,13 +39152,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cloud.gov/2021/12/14/log4j-buildpack-updates/ - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Guidewire - product: '' + - vendor: Google Cloud + product: Cloud Spanner cves: cve-2021-4104: investigated: false @@ -38831,10 +39167,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38846,13 +39183,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HAProxy - product: '' + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Cloud SQL cves: cve-2021-4104: investigated: false @@ -38860,10 +39198,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38875,13 +39214,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.haproxy.com/blog/december-2021-log4shell-mitigation/ - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HarmanPro AMX - product: '' + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Cloud Storage cves: cve-2021-4104: investigated: false @@ -38889,10 +39229,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38904,13 +39245,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.harmanpro.com/apache-log4j-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Boundary + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Tasks cves: cve-2021-4104: investigated: false @@ -38918,10 +39260,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38933,13 +39276,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Consul + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Trace cves: cve-2021-4104: investigated: false @@ -38947,11 +39291,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] @@ -38962,13 +39307,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Consul Enterprise + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Traffic Director cves: cve-2021-4104: investigated: false @@ -38976,10 +39322,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38991,13 +39338,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Nomad + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Cloud Translation cves: cve-2021-4104: investigated: false @@ -39005,10 +39353,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39020,13 +39369,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Nomad Enterprise + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Vision cves: cve-2021-4104: investigated: false @@ -39034,10 +39384,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39049,13 +39400,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Packer + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud Vision OCR On-Prem cves: cve-2021-4104: investigated: false @@ -39063,10 +39415,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39078,13 +39431,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Terraform + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Cloud VPN cves: cve-2021-4104: investigated: false @@ -39092,10 +39446,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39107,13 +39462,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Terraform Enterprise + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: CompilerWorks cves: cve-2021-4104: investigated: false @@ -39121,10 +39477,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39136,13 +39493,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Vagrant + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Compute Engine cves: cve-2021-4104: investigated: false @@ -39150,10 +39508,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39165,13 +39524,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Compute Engine does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, + we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes + to Google Cloud VMware Engine as they become available. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Vault + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Contact Center AI (CCAI) cves: cve-2021-4104: investigated: false @@ -39179,10 +39541,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39194,13 +39557,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Vault Enterprise + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Contact Center AI Insights cves: cve-2021-4104: investigated: false @@ -39208,10 +39572,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39223,13 +39588,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HashiCorp - product: Waypoint + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Container Registry cves: cve-2021-4104: investigated: false @@ -39237,10 +39603,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39252,13 +39619,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HCL Software - product: BigFix Compliance + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Data Catalog cves: cve-2021-4104: investigated: false @@ -39270,7 +39638,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39282,13 +39650,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://cloud.google.com/log4j2-security-advisory + notes: Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 + and CVE-2021-45046. We strongly encourage customers who introduced their own + connectors to identify dependencies on Log4j 2 and update them to the latest + version. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Insights + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Data Fusion cves: cve-2021-4104: investigated: false @@ -39300,7 +39671,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39312,13 +39683,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://cloud.google.com/log4j2-security-advisory + notes: Data Fusion does not use Log4j 2, but uses Dataproc as one of the options + to execute pipelines. Dataproc released new images on December 18, 2021 to address + the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow + instructions in a notification sent on December 18, 2021 with the subject line + “Important information about Data Fusion.” references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Insights for Vulnerability Remediation + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Database Migration Service (DMS) cves: cve-2021-4104: investigated: false @@ -39330,7 +39705,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39342,13 +39717,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Inventory + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Dataflow cves: cve-2021-4104: investigated: false @@ -39358,9 +39734,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < 10.0.7 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39372,13 +39748,18 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://cloud.google.com/log4j2-security-advisory + notes: 'Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 + and CVE-2021-45046. If you have changed dependencies or default behavior, it + is strongly recommended you verify there is no dependency on vulnerable versions + Log4j 2. Customers have been provided details and instructions in a notification + sent on December 17, 2021 with the subject line “Update #1 to Important information + about Dataflow.”' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Lifecycle + last_updated: '2021-12-17T00:00:00' + - vendor: Google Cloud + product: Dataproc cves: cve-2021-4104: investigated: false @@ -39390,7 +39771,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39402,13 +39783,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://cloud.google.com/log4j2-security-advisory + notes: Dataproc released new images on December 18, 2021 to address the vulnerabilities + in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions + in notifications sent on December 18, 2021 with the subject line “Important + information about Dataproc” with Dataproc documentation. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Mobile + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Dataproc Metastore cves: cve-2021-4104: investigated: false @@ -39420,7 +39804,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39432,13 +39816,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://cloud.google.com/log4j2-security-advisory + notes: Dataproc Metastore has been updated to mitigate the issues identified in + CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent + two notifications with instructions on December 17, 2021 with the subject line + “Important information regarding Log4j 2 vulnerability in your gRPC-enabled + Dataproc Metastore.” references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HCL Software - product: BigFix Patch + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Datastore cves: cve-2021-4104: investigated: false @@ -39450,7 +39838,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39462,13 +39850,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 - notes: Not Affected for related CVE-2021-45046 + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: HelpSystems Clearswift - product: '' + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Datastream cves: cve-2021-4104: investigated: false @@ -39476,10 +39865,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39491,13 +39881,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.helpsystems.com/kb-nav/kb-article/?id=37becc1c-255c-ec11-8f8f-6045bd006687 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HENIX - product: Squash TM + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Dialogflow Essentials (ES) cves: cve-2021-4104: investigated: false @@ -39507,11 +39898,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 1.21.7-1.22.9 - - 2.0.3-2.1.5 - - 2.2.0-3.0.2 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39523,13 +39912,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tm-en.doc.squashtest.com/v3/downloads.html#download-previous-versions - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Hexagon - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Document AI cves: cve-2021-4104: investigated: false @@ -39537,10 +39927,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39552,13 +39943,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2?language=en_US - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Hikvision - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Event Threat Detection cves: cve-2021-4104: investigated: false @@ -39566,10 +39958,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39581,13 +39974,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://video.xortec.de/media/pdf/87/e8/03/kw50_Update-for-Apache-Log4j2-Issue-Hikvision_official.pdf - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Hitachi Energy - product: 3rd party - Elastic Search, Kibana + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Eventarc cves: cve-2021-4104: investigated: false @@ -39597,9 +39991,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Elasticsearch 5.0.0+ - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39611,14 +40005,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: Set the JVM option -Dlog4j2.formatMsgNoLookups=true and restart each node - of the cluster. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: 3rd party - Oracle Database Components + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Filestore cves: cve-2021-4104: investigated: false @@ -39628,11 +40022,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '12.1' - - '12.2' - - 19c - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39644,15 +40036,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: As this is a third-party component, a separate patch management report - will be provided to customers with the steps to apply the Oracle provided patches - for these components. + - https://cloud.google.com/log4j2-security-advisory + notes: Log4j 2 is contained within the Filestore service; there is a technical + control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. + Log4j 2 will be updated to the latest version as part of the scheduled rollout + in January 2022. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Axis + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Firebase cves: cve-2021-4104: investigated: false @@ -39662,9 +40055,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '3.6' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39676,14 +40069,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: No action is required by customers. Axis is a fully SaaS hosted solution - and the environment has been patched per the recommendations + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Counterparty Settlement and Billing (CSB) + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Firestore cves: cve-2021-4104: investigated: false @@ -39693,9 +40086,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - v6 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39707,13 +40100,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: e-Mesh Monitor + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Game Servers cves: cve-2021-4104: investigated: false @@ -39721,10 +40115,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39736,16 +40131,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: No end-user action needed. The affected e-Mesh Monitor part is at the cloud - offering side of which the remediation is handled by Hitachi Energy team. Remediation - is currently ongoing, and during this time period, e-Mesh Monitor edge device - is not able to upload data to cloud. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: eSOMS + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Google Cloud Armor cves: cve-2021-4104: investigated: false @@ -39753,10 +40146,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39768,13 +40162,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hitachienergy.com/offering/solutions/cybersecurity/alerts-and-notifications - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Hitachi Energy - product: FOXMAN-UN + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Google Cloud Armor Managed Protection Plus cves: cve-2021-4104: investigated: false @@ -39784,12 +40179,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - R15A - - R14B - - R14A - - R11B SP1 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39801,16 +40193,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. . For - details on how to apply such patch, please refer to the technical bulletin “FOXMAN-UN - - Installation of Log4j Patch”, version A (1KHW029176) available in the Hitachi - Energy Customer Connect Portal. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: FOXMAN-UN + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Google Cloud VMware Engine cves: cve-2021-4104: investigated: false @@ -39820,9 +40210,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - R11A and R10 series - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39834,14 +40224,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: Apply General Mitigations and upgrade to latest version. For upgrades, - please get in touch with your Hitachi Energy contacts. + - https://cloud.google.com/log4j2-security-advisory + notes: We are working with VMware and tracking VMSA-2021-0028.1. We will deploy + fixes as they become available. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Lumada APM On-premises + last_updated: '2021-12-11T00:00:00' + - vendor: Google Cloud + product: Google Kubernetes Engine cves: cve-2021-4104: investigated: false @@ -39849,10 +40239,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39864,13 +40255,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See vendor advisory for instructions for various versions. - references: + - https://cloud.google.com/log4j2-security-advisory + notes: Google Kubernetes Engine does not use Log4j 2 and is not impacted by the + issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have + introduced a separate logging solution that uses Log4j 2. We strongly encourage + customers who manage Google Kubernetes Engine environments to identify components + dependent on Log4j 2 and update them to the latest version. + references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Lumada APM SaaS offering + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Healthcare Data Engine (HDE) cves: cve-2021-4104: investigated: false @@ -39878,10 +40273,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39893,14 +40289,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: No action is required by customers. The SaaS offering has been patched - per the recommendations. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Lumada EAM / FSM + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Human-in-the-Loop AI cves: cve-2021-4104: investigated: false @@ -39910,11 +40306,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - v1.7.x - - v1.8.x - - v1.9.x - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39926,13 +40320,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See Section Mitigation Strategy in vendor advisory. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: MMS Internal facing subcomponent. + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: IoT Core cves: cve-2021-4104: investigated: false @@ -39940,10 +40335,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39955,13 +40351,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Network Manager ADMS Network Model Server + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Key Access Justifications (KAJ) cves: cve-2021-4104: investigated: false @@ -39971,9 +40368,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 9.1.0.32-9.1.0.44 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39985,13 +40382,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See vendor advisory for instructions on mitigation steps. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Network Manager Outage Management Interface (CMI) + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Looker cves: cve-2021-4104: investigated: false @@ -40001,11 +40399,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 9.0-9.10.44 - - 9.1.1 - - 10.3.4 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40017,13 +40413,21 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See vendor advisory for instructions on mitigation steps. + - https://cloud.google.com/log4j2-security-advisory + notes: \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. + Looker is currently working with third-party driver vendors to evaluate the + impact of the Log4j vulnerability. As Looker does not enable logging for these + drivers in Looker-hosted instances, no messages are logged. We conclude that + the vulnerability is mitigated. We continue to actively work with the vendors + to deploy a fix for these drivers. Looker customers who self-manage their Looker + instances have received instructions through their technical contacts on how + to take the necessary steps to address the vulnerability. Looker customers who + have questions or require assistance, please visit Looker Support. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: nMarket Global I-SEM + last_updated: '2021-12-18T00:00:00' + - vendor: Google Cloud + product: Media Translation API cves: cve-2021-4104: investigated: false @@ -40033,10 +40437,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 3.7.15 - - 3.7.16 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40048,13 +40451,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: RelCare + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Memorystore cves: cve-2021-4104: investigated: false @@ -40064,9 +40468,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 2.0.0 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40078,14 +40482,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: No action is required by customers. The RelCare SaaS hosted solution and - the on-premises have been patched per the recommendations. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: UNEM + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Migrate for Anthos cves: cve-2021-4104: investigated: false @@ -40095,12 +40499,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - R15A - - R14B - - R14A - - R11B SP1 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40112,16 +40513,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. For details - on how to apply such patch, please refer to the technical bulletin “UNEM - Installation - of Log4j Patch”, version A (1KHW029176) available in the Hitachi Energy Customer - Connect Portal. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: UNEM + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Migrate for Compute Engine (M4CE) cves: cve-2021-4104: investigated: false @@ -40131,9 +40530,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - R11A and R10 series - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40145,14 +40544,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: Apply General Mitigations and upgrade to latest version. For upgrades, - please get in touch with your Hitachi Energy contacts. + - https://cloud.google.com/log4j2-security-advisory + notes: M4CE has been updated to mitigate the issues identified in CVE-2021-44228 + and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. + A notification was sent to customers on December 17, 2021 with subject line + “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 + or below. If you are on M4CE v5.0 or above, no action is needed. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Vantara - product: '' + last_updated: '2021-12-19T00:00:00' + - vendor: Google Cloud + product: Network Connectivity Center cves: cve-2021-4104: investigated: false @@ -40160,10 +40562,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40175,13 +40578,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HMS Industrial Networks AB - product: Cosy, Flexy and Ewon CD + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Network Intelligence Center cves: cve-2021-4104: investigated: false @@ -40189,10 +40593,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40204,13 +40609,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: HMS Industrial Networks AB - product: eCatcher Mobile applications + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Network Service Tiers cves: cve-2021-4104: investigated: false @@ -40218,10 +40624,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40233,13 +40640,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: HMS Industrial Networks AB - product: eCatcher Windows software + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Persistent Disk cves: cve-2021-4104: investigated: false @@ -40247,10 +40655,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40262,13 +40671,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: HMS Industrial Networks AB - product: Netbiter Hardware including EC, WS, and LC + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Pub/Sub cves: cve-2021-4104: investigated: false @@ -40276,10 +40686,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40291,13 +40702,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: HMS Industrial Networks AB - product: Talk2M including M2Web + last_updated: '2021-12-16T00:00:00' + - vendor: Google Cloud + product: Pub/Sub Lite cves: cve-2021-4104: investigated: false @@ -40305,10 +40717,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40320,13 +40733,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Pub/Sub Lite environments to identify components dependent on Log4j 2 and update + them to the latest version. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: HOLOGIC - product: Advanced Workflow Manager (AWM) + last_updated: '2021-12-16T00:00:00' + - vendor: Google Cloud + product: reCAPTCHA Enterprise cves: cve-2021-4104: investigated: false @@ -40334,10 +40751,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40349,15 +40767,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, the installed - APC PowerChute UPS with Business Edition v9.5 software installed may. APC is - still assessing its PowerChute software to determine if it is vulnerable. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Affirm Prone Biopsy System + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Recommendations AI cves: cve-2021-4104: investigated: false @@ -40365,10 +40782,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40380,13 +40798,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Brevera Breast Biopsy System + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Retail Search cves: cve-2021-4104: investigated: false @@ -40394,10 +40813,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40409,13 +40829,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Cenova Image Analytics Server + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Risk Manager cves: cve-2021-4104: investigated: false @@ -40423,10 +40844,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40438,13 +40860,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Dimensions / 3Dimensions Mammography System + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Secret Manager cves: cve-2021-4104: investigated: false @@ -40452,10 +40875,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40467,13 +40891,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Discovery Bone Densitometer + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Security Command Center cves: cve-2021-4104: investigated: false @@ -40481,10 +40906,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40496,13 +40922,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Faxitron CT Specimen Radiography System + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Service Directory cves: cve-2021-4104: investigated: false @@ -40510,10 +40937,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40525,16 +40953,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, there is - a utility program installed that may utilize Java and Log4J. This utility program - does not run on startup and is not required for system operation. Please contact - Hologic Service for assistance in removing this program. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Faxitron Specimen Radiography Systems + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Service Infrastructure cves: cve-2021-4104: investigated: false @@ -40542,10 +40968,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40557,13 +40984,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Fluoroscan Insight Mini C-Arm + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Speaker ID cves: cve-2021-4104: investigated: false @@ -40571,10 +40999,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40586,13 +41015,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Horizon DXA Bone Densitometer + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Speech-to-Text cves: cve-2021-4104: investigated: false @@ -40600,10 +41030,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40615,13 +41046,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Rosetta DC Tomosynthesis Data Converter + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Speech-to-Text On-Prem cves: cve-2021-4104: investigated: false @@ -40629,10 +41061,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40644,13 +41077,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SecurView DX Workstation + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Storage Transfer Service cves: cve-2021-4104: investigated: false @@ -40658,10 +41092,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40673,13 +41108,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SecurXChange Router + - vendor: Google Cloud + product: Talent Solution cves: cve-2021-4104: investigated: false @@ -40687,10 +41123,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40702,13 +41139,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SuperSonic Imagine Ultrasound Products (Aixplorer & Aixplorer Mach) + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Text-to-Speech cves: cve-2021-4104: investigated: false @@ -40716,10 +41154,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40731,24 +41170,26 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Trident HD Specimen Radiography System - cves: + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Transcoder API + cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40760,13 +41201,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Unifi Workspace + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Transfer Appliance cves: cve-2021-4104: investigated: false @@ -40774,10 +41216,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40789,15 +41232,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, the installed - APC PowerChute UPS with Business Edition v9.5 software installed may. APC is - still assessing its PowerChute software to determine if it is vulnerable. + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Windows Selenia Mammography System + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Video Intelligence API cves: cve-2021-4104: investigated: false @@ -40805,10 +41247,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40820,13 +41263,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Honeywell - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Virtual Private Cloud cves: cve-2021-4104: investigated: false @@ -40834,10 +41278,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40849,13 +41294,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: HP - product: Teradici Cloud Access Controller + last_updated: '2021-12-20T00:00:00' + - vendor: Google Cloud + product: Web Security Scanner cves: cve-2021-4104: investigated: false @@ -40865,9 +41311,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < v113 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40879,13 +41325,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici EMSDK + last_updated: '2021-12-21T00:00:00' + - vendor: Google Cloud + product: Workflows cves: cve-2021-4104: investigated: false @@ -40895,9 +41342,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < 1.0.6 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40909,13 +41356,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 - notes: '' + - https://cloud.google.com/log4j2-security-advisory + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici Management Console + last_updated: '2021-12-21T00:00:00' + - vendor: Gradle + product: All cves: cve-2021-4104: investigated: false @@ -40925,9 +41373,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < 21.10.3 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40939,13 +41387,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 - notes: '' + - https://blog.gradle.org/log4j-vulnerability + notes: Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP Connection Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gradle + product: Gradle Enterprise cves: cve-2021-4104: investigated: false @@ -40956,8 +41404,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 21.03.6 - - < 20.07.4 + - < 2021.3.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -40970,13 +41417,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://security.gradle.com/advisory/2021-11 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP License Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gradle + product: Gradle Enterprise Build Cache Node cves: cve-2021-4104: investigated: false @@ -40984,9 +41431,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 10.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -40999,13 +41447,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://security.gradle.com/advisory/2021-11 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HPE - product: 3PAR StoreServ Arrays + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gradle + product: Gradle Enterprise Test Distribution Agent cves: cve-2021-4104: investigated: false @@ -41013,9 +41461,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 1.6.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -41028,13 +41477,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://security.gradle.com/advisory/2021-11 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: AirWave Management Platform + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Grafana + product: All cves: cve-2021-4104: investigated: false @@ -41042,10 +41491,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41057,13 +41507,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Alletra 6000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Grandstream + product: All cves: cve-2021-4104: investigated: false @@ -41086,13 +41536,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Alletra 9k + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: Access Management cves: cve-2021-4104: investigated: false @@ -41100,10 +41550,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -41115,13 +41566,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Central + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: Access Management cves: cve-2021-4104: investigated: false @@ -41129,10 +41580,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -41144,13 +41596,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba ClearPass Policy Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: Alert Engine cves: cve-2021-4104: investigated: false @@ -41158,10 +41610,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -41173,13 +41626,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba ClearPass Policy Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: Alert Engine cves: cve-2021-4104: investigated: false @@ -41187,10 +41640,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -41202,13 +41656,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Instant (IAP) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: API Management cves: cve-2021-4104: investigated: false @@ -41216,10 +41670,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -41231,13 +41686,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Location Services + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: API Management cves: cve-2021-4104: investigated: false @@ -41245,10 +41700,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -41260,13 +41716,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba NetEdit + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravitee + product: Cockpit cves: cve-2021-4104: investigated: false @@ -41274,10 +41730,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -41289,13 +41746,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba PVOS Switches + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gravwell + product: All cves: cve-2021-4104: investigated: false @@ -41303,10 +41760,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41318,13 +41776,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products + notes: Gravwell products do not use Java. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba SDN VAN Controller + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Graylog + product: All cves: cve-2021-4104: investigated: false @@ -41332,9 +41790,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.3.15 + - 4.0.14 + - 4.1.9 + - 4.2.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -41347,13 +41809,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.graylog.org/post/graylog-update-for-log4j + notes: The vulnerable Log4j library is used to record GrayLogs own log information. + Vulnerability is not triggered when GrayLog stores exploitation vector from + an outer system. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba User Experience Insight (UXI) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Graylog + product: Graylog Server cves: cve-2021-4104: investigated: false @@ -41361,9 +41825,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All versions >= 1.2.0 and <= 4.2.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -41376,13 +41841,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.graylog.org/post/graylog-update-for-log4j + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba VIA Client + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GreenShot + product: All cves: cve-2021-4104: investigated: false @@ -41390,10 +41855,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41405,13 +41871,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://greenshot.atlassian.net/browse/BUG-2871 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS SD-WAN Controllers and Gateways + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GSA + product: Cloud.gov cves: cve-2021-4104: investigated: false @@ -41434,13 +41900,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://cloud.gov/2021/12/14/log4j-buildpack-updates/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS Wi-Fi Controllers and Gateways + last_updated: '2021-12-21T00:00:00' + - vendor: GuardedBox + product: All cves: cve-2021-4104: investigated: false @@ -41448,9 +41914,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.1.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -41463,13 +41930,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://twitter.com/GuardedBox/status/1469739834117799939 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS-CX switches + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Guidewire + product: All cves: cve-2021-4104: investigated: false @@ -41492,13 +41959,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS-S switches + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HAProxy + product: '' cves: cve-2021-4104: investigated: false @@ -41521,13 +41988,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.haproxy.com/blog/december-2021-log4shell-mitigation/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: BladeSystem Onboard Administrator + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HarmanPro AMX + product: '' cves: cve-2021-4104: investigated: false @@ -41550,13 +42017,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://help.harmanpro.com/apache-log4j-vulnerability + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Boundary cves: cve-2021-4104: investigated: false @@ -41579,13 +42046,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Brocade 16Gb SAN Switch for HPE BladeSystem c-Class + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Consul cves: cve-2021-4104: investigated: false @@ -41608,13 +42075,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Consul Enterprise cves: cve-2021-4104: investigated: false @@ -41637,13 +42104,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Brocade Network Advisor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Nomad cves: cve-2021-4104: investigated: false @@ -41666,13 +42133,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: CloudAuth + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Nomad Enterprise cves: cve-2021-4104: investigated: false @@ -41695,13 +42162,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: CloudPhysics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Packer cves: cve-2021-4104: investigated: false @@ -41724,13 +42191,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Compute Cloud Console + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Terraform cves: cve-2021-4104: investigated: false @@ -41753,13 +42220,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Compute operations manager- FW UPDATE SERVICE + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Terraform Enterprise cves: cve-2021-4104: investigated: false @@ -41782,13 +42249,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: COS (Cray Operating System) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Vagrant cves: cve-2021-4104: investigated: false @@ -41811,13 +42278,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Cray Systems Management (CSM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Vault cves: cve-2021-4104: investigated: false @@ -41840,13 +42307,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Custom SPP Portal [Link](https://spp.hpe.com/custom) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Vault Enterprise cves: cve-2021-4104: investigated: false @@ -41869,13 +42336,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Data Services Cloud Console + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HashiCorp + product: Waypoint cves: cve-2021-4104: investigated: false @@ -41898,13 +42365,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Harmony Data Platform + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HCL Software + product: BigFix Compliance cves: cve-2021-4104: investigated: false @@ -41912,10 +42379,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -41927,13 +42395,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HOP public services (grafana, vault, rancher, Jenkins) + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Insights cves: cve-2021-4104: investigated: false @@ -41941,10 +42409,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -41956,13 +42425,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN2600B SAN Extension Switch + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Insights for Vulnerability Remediation cves: cve-2021-4104: investigated: false @@ -41970,10 +42439,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -41985,13 +42455,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN4000B SAN Extension Switch + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Inventory cves: cve-2021-4104: investigated: false @@ -41999,9 +42469,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 10.0.7 unaffected_versions: [] cve-2021-45046: investigated: false @@ -42014,13 +42485,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN6000B Fibre Channel Switch + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Lifecycle cves: cve-2021-4104: investigated: false @@ -42028,10 +42499,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -42043,13 +42515,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN6500B Fibre Channel Switch + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Mobile cves: cve-2021-4104: investigated: false @@ -42057,10 +42529,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -42072,13 +42545,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN6600B Fibre Channel Switch + last_updated: '2021-12-15T00:00:00' + - vendor: HCL Software + product: BigFix Patch cves: cve-2021-4104: investigated: false @@ -42086,10 +42559,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -42101,13 +42575,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486 + notes: Not Affected for related CVE-2021-45046 references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN6650B Fibre Channel Switch + last_updated: '2021-12-15T00:00:00' + - vendor: HelpSystems Clearswift + product: '' cves: cve-2021-4104: investigated: false @@ -42130,13 +42604,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://community.helpsystems.com/kb-nav/kb-article/?id=37becc1c-255c-ec11-8f8f-6045bd006687 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE B-series SN6700B Fibre Channel Switch + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HENIX + product: Squash TM cves: cve-2021-4104: investigated: false @@ -42144,9 +42618,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.21.7-1.22.9 + - 2.0.3-2.1.5 + - 2.2.0-3.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -42159,13 +42636,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://tm-en.doc.squashtest.com/v3/downloads.html#download-previous-versions + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Customer Experience Assurance (CEA) + last_updated: '2021-12-23T00:00:00' + - vendor: Hexagon + product: '' cves: cve-2021-4104: investigated: false @@ -42188,13 +42665,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2?language=en_US + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Hikvision + product: '' cves: cve-2021-4104: investigated: false @@ -42217,13 +42694,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://video.xortec.de/media/pdf/87/e8/03/kw50_Update-for-Apache-Log4j2-Issue-Hikvision_official.pdf + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Home Location Register (HLR/I-HLR) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Hitachi Energy + product: 3rd party - Elastic Search, Kibana cves: cve-2021-4104: investigated: false @@ -42231,9 +42708,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Elasticsearch 5.0.0+ unaffected_versions: [] cve-2021-45046: investigated: false @@ -42246,13 +42724,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: Set the JVM option -Dlog4j2.formatMsgNoLookups=true and restart each node + of the cluster. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Infosight for Servers + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: 3rd party - Oracle Database Components cves: cve-2021-4104: investigated: false @@ -42260,9 +42739,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '12.1' + - '12.2' + - 19c unaffected_versions: [] cve-2021-45046: investigated: false @@ -42275,13 +42757,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: As this is a third-party component, a separate patch management report + will be provided to customers with the steps to apply the Oracle provided patches + for these components. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Integrated Home Subscriber Server (I-HSS) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Axis cves: cve-2021-4104: investigated: false @@ -42289,9 +42773,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '3.6' unaffected_versions: [] cve-2021-45046: investigated: false @@ -42304,13 +42789,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: No action is required by customers. Axis is a fully SaaS hosted solution + and the environment has been patched per the recommendations references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Intelligent Messaging (IM) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Counterparty Settlement and Billing (CSB) cves: cve-2021-4104: investigated: false @@ -42318,9 +42804,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -42333,13 +42820,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Intelligent Network Server (INS) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: e-Mesh Monitor cves: cve-2021-4104: investigated: false @@ -42362,13 +42849,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: No end-user action needed. The affected e-Mesh Monitor part is at the cloud + offering side of which the remediation is handled by Hitachi Energy team. Remediation + is currently ongoing, and during this time period, e-Mesh Monitor edge device + is not able to upload data to cloud. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Multimedia Services Environment (MSE) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: eSOMS cves: cve-2021-4104: investigated: false @@ -42391,13 +42881,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hitachienergy.com/offering/solutions/cybersecurity/alerts-and-notifications + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OC Convergent Communications Platform (OCCP) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Hitachi Energy + product: FOXMAN-UN cves: cve-2021-4104: investigated: false @@ -42405,9 +42895,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - R15A + - R14B + - R14A + - R11B SP1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -42420,13 +42914,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. . For + details on how to apply such patch, please refer to the technical bulletin “FOXMAN-UN + - Installation of Log4j Patch”, version A (1KHW029176) available in the Hitachi + Energy Customer Connect Portal. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OC Media Platform Media Resource Function (OCMP-MRF) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: FOXMAN-UN cves: cve-2021-4104: investigated: false @@ -42434,9 +42931,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - R11A and R10 series unaffected_versions: [] cve-2021-45046: investigated: false @@ -42449,13 +42947,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: Apply General Mitigations and upgrade to latest version. For upgrades, + please get in touch with your Hitachi Energy contacts. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OC Service Access Controller (OC SAC) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Lumada APM On-premises cves: cve-2021-4104: investigated: false @@ -42478,13 +42977,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: See vendor advisory for instructions for various versions. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OC Service Controller (OCSC) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Lumada APM SaaS offering cves: cve-2021-4104: investigated: false @@ -42507,13 +43006,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: No action is required by customers. The SaaS offering has been patched + per the recommendations. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OC Universal Signaling Platform (OC-USP-M) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Lumada EAM / FSM cves: cve-2021-4104: investigated: false @@ -42521,9 +43021,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v1.7.x + - v1.8.x + - v1.9.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -42536,13 +43039,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: See Section Mitigation Strategy in vendor advisory. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE OneView + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: MMS Internal facing subcomponent. cves: cve-2021-4104: investigated: false @@ -42565,13 +43068,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE OneView for VMware vRealize Operations (vROps) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Network Manager ADMS Network Model Server cves: cve-2021-4104: investigated: false @@ -42579,9 +43082,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 9.1.0.32-9.1.0.44 unaffected_versions: [] cve-2021-45046: investigated: false @@ -42594,13 +43098,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: See vendor advisory for instructions on mitigation steps. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE OneView Global Dashboard + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: Network Manager Outage Management Interface (CMI) cves: cve-2021-4104: investigated: false @@ -42608,9 +43112,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 9.0-9.10.44 + - 9.1.1 + - 10.3.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -42623,13 +43130,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: See vendor advisory for instructions on mitigation steps. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Performance Cluster Manager (HPCM) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: nMarket Global I-SEM cves: cve-2021-4104: investigated: false @@ -42637,9 +43144,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.7.15 + - 3.7.16 unaffected_versions: [] cve-2021-45046: investigated: false @@ -42652,13 +43161,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Performance Manager (PM) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: RelCare cves: cve-2021-4104: investigated: false @@ -42666,9 +43175,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2.0.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -42681,13 +43191,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: No action is required by customers. The RelCare SaaS hosted solution and + the on-premises have been patched per the recommendations. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Position Determination Entity (PDE) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: UNEM cves: cve-2021-4104: investigated: false @@ -42695,9 +43206,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - R15A + - R14B + - R14A + - R11B SP1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -42710,13 +43225,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. For details + on how to apply such patch, please refer to the technical bulletin “UNEM - Installation + of Log4j Patch”, version A (1KHW029176) available in the Hitachi Energy Customer + Connect Portal. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Secure Identity Broker (SIB) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: UNEM cves: cve-2021-4104: investigated: false @@ -42724,9 +43242,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - R11A and R10 series unaffected_versions: [] cve-2021-45046: investigated: false @@ -42739,13 +43258,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: Apply General Mitigations and upgrade to latest version. For upgrades, + please get in touch with your Hitachi Energy contacts. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Service Activator (SA) + last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Vantara + product: '' cves: cve-2021-4104: investigated: false @@ -42768,13 +43288,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Service Governance Framework (SGF) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HMS Industrial Networks AB + product: Cosy, Flexy and Ewon CD cves: cve-2021-4104: investigated: false @@ -42797,13 +43317,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Service Orchestration Manager (SOM) + last_updated: '2022-01-05T00:00:00' + - vendor: HMS Industrial Networks AB + product: eCatcher Mobile applications cves: cve-2021-4104: investigated: false @@ -42826,13 +43346,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Service Provisioner (SP) + last_updated: '2022-01-05T00:00:00' + - vendor: HMS Industrial Networks AB + product: eCatcher Windows software cves: cve-2021-4104: investigated: false @@ -42855,13 +43375,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Short Message Point-to-Point Gateway (SMPP) + last_updated: '2022-01-05T00:00:00' + - vendor: HMS Industrial Networks AB + product: Netbiter Hardware including EC, WS, and LC cves: cve-2021-4104: investigated: false @@ -42884,13 +43404,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Slingshot + last_updated: '2022-01-05T00:00:00' + - vendor: HMS Industrial Networks AB + product: Talk2M including M2Web cves: cve-2021-4104: investigated: false @@ -42913,13 +43433,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Smart Interaction Server (SIS) + last_updated: '2022-01-05T00:00:00' + - vendor: HOLOGIC + product: Advanced Workflow Manager (AWM) cves: cve-2021-4104: investigated: false @@ -42942,13 +43462,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, the installed + APC PowerChute UPS with Business Edition v9.5 software installed may. APC is + still assessing its PowerChute software to determine if it is vulnerable. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE SN3000B Fibre Channel Switch + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Affirm Prone Biopsy System cves: cve-2021-4104: investigated: false @@ -42971,13 +43493,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8000B 4-Slot SAN Director Switch + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Brevera Breast Biopsy System cves: cve-2021-4104: investigated: false @@ -43000,13 +43522,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8000B 8-Slot SAN Backbone Director Switch + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Cenova Image Analytics Server cves: cve-2021-4104: investigated: false @@ -43029,13 +43551,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8600B 4-Slot SAN Director Switch + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Dimensions / 3Dimensions Mammography System cves: cve-2021-4104: investigated: false @@ -43058,13 +43580,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8600B 8-Slot SAN Director Switch + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Discovery Bone Densitometer cves: cve-2021-4104: investigated: false @@ -43087,13 +43609,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8700B 4-Slot Director Switch + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Faxitron CT Specimen Radiography System cves: cve-2021-4104: investigated: false @@ -43116,13 +43638,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, there is + a utility program installed that may utilize Java and Log4J. This utility program + does not run on startup and is not required for system operation. Please contact + Hologic Service for assistance in removing this program. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE SN8700B 8-Slot Director Switch + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Faxitron Specimen Radiography Systems cves: cve-2021-4104: investigated: false @@ -43145,13 +43670,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Subscriber, Network, and Application Policy (SNAP) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Fluoroscan Insight Mini C-Arm cves: cve-2021-4104: investigated: false @@ -43174,13 +43699,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Subscription Manager (SM) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Horizon DXA Bone Densitometer cves: cve-2021-4104: investigated: false @@ -43203,13 +43728,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Synergy Image Streamer + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Rosetta DC Tomosynthesis Data Converter cves: cve-2021-4104: investigated: false @@ -43232,13 +43757,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Systems Insight Manager (SIM) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SecurView DX Workstation cves: cve-2021-4104: investigated: false @@ -43261,13 +43786,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Telecom Application Server (TAS) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SecurXChange Router cves: cve-2021-4104: investigated: false @@ -43290,13 +43815,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Unified Correlation and Automation (UCA) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SuperSonic Imagine Ultrasound Products (Aixplorer & Aixplorer Mach) cves: cve-2021-4104: investigated: false @@ -43319,13 +43844,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Unified Mediation Bus (UMB) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Trident HD Specimen Radiography System cves: cve-2021-4104: investigated: false @@ -43348,13 +43873,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Unified OSS Console (UOC) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Unifi Workspace cves: cve-2021-4104: investigated: false @@ -43377,13 +43902,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, the installed + APC PowerChute UPS with Business Edition v9.5 software installed may. APC is + still assessing its PowerChute software to determine if it is vulnerable. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Unified Topology Manager (UTM) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Windows Selenia Mammography System cves: cve-2021-4104: investigated: false @@ -43406,13 +43933,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Universal Identity Repository (VIR) + last_updated: '2021-12-20T00:00:00' + - vendor: Honeywell + product: '' cves: cve-2021-4104: investigated: false @@ -43435,13 +43962,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Universal SLA Manager (uSLAM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: HP + product: Teradici Cloud Access Controller cves: cve-2021-4104: investigated: false @@ -43449,9 +43976,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < v113 unaffected_versions: [] cve-2021-45046: investigated: false @@ -43464,13 +43992,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Virtual Connect + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici EMSDK cves: cve-2021-4104: investigated: false @@ -43478,9 +44006,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 1.0.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -43493,13 +44022,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Virtual Connect Enterprise Manager (VCEM) + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici Management Console cves: cve-2021-4104: investigated: false @@ -43507,9 +44036,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 21.10.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -43522,13 +44052,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: HPE Virtual Provisioning Gateway (vPGW) + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP Connection Manager cves: cve-2021-4104: investigated: false @@ -43536,9 +44066,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 21.03.6 + - < 20.07.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -43551,13 +44083,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: HPE - product: HPE Virtual Server Environment (VSE) + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP License Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: HPE + product: 3PAR StoreServ Arrays cves: cve-2021-4104: investigated: false @@ -43586,7 +44147,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Subscriber Data Management (vSDM) + product: AirWave Management Platform cves: cve-2021-4104: investigated: false @@ -43613,9 +44174,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE WebRTC Gateway Controller (WGW) + product: Alletra 6000 cves: cve-2021-4104: investigated: false @@ -43642,9 +44203,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Wi-Fi Authentication Gateway (WauG) + product: Alletra 9k cves: cve-2021-4104: investigated: false @@ -43673,7 +44234,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Insight Cluster Management Utility (CMU) + product: Aruba Central cves: cve-2021-4104: investigated: false @@ -43702,7 +44263,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrated Lights-Out (iLO) Amplifier Pack + product: Aruba ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -43731,7 +44292,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrated Lights-Out 4 (iLO 4) + product: Aruba ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -43739,11 +44300,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '4' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -43761,7 +44321,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrated Lights-Out 5 (iLO 5) + product: Aruba Instant (IAP) cves: cve-2021-4104: investigated: false @@ -43769,11 +44329,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '5' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -43791,7 +44350,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrity BL860c, BL870c, BL890c + product: Aruba Location Services cves: cve-2021-4104: investigated: false @@ -43820,7 +44379,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrity Rx2800/Rx2900 + product: Aruba NetEdit cves: cve-2021-4104: investigated: false @@ -43849,7 +44408,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrity Superdome 2 + product: Aruba PVOS Switches cves: cve-2021-4104: investigated: false @@ -43878,7 +44437,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrity Superdome X + product: Aruba SDN VAN Controller cves: cve-2021-4104: investigated: false @@ -43907,7 +44466,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Intelligent Provisioning + product: Aruba User Experience Insight (UXI) cves: cve-2021-4104: investigated: false @@ -43936,7 +44495,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: iSUT integrated smart update tool + product: Aruba VIA Client cves: cve-2021-4104: investigated: false @@ -43965,7 +44524,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Maven Artifacts (Atlas) + product: ArubaOS SD-WAN Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -43994,7 +44553,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: MSA + product: ArubaOS Wi-Fi Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -44023,7 +44582,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: NetEdit + product: ArubaOS-CX switches cves: cve-2021-4104: investigated: false @@ -44052,7 +44611,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Nimble Storage + product: ArubaOS-S switches cves: cve-2021-4104: investigated: false @@ -44081,7 +44640,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: NS-T0634-OSM CONSOLE TOOLS + product: BladeSystem Onboard Administrator cves: cve-2021-4104: investigated: false @@ -44110,7 +44669,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: NS-T0977-SCHEMA VALIDATOR + product: Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy cves: cve-2021-4104: investigated: false @@ -44139,7 +44698,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: OfficeConnect + product: Brocade 16Gb SAN Switch for HPE BladeSystem c-Class cves: cve-2021-4104: investigated: false @@ -44168,7 +44727,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Primera Storage + product: Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy cves: cve-2021-4104: investigated: false @@ -44197,7 +44756,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: RepoServer part of OPA (on Premises aggregator) + product: Brocade Network Advisor cves: cve-2021-4104: investigated: false @@ -44226,7 +44785,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Resource Aggregator for Open Distributed Infrastructure Management + product: CloudAuth cves: cve-2021-4104: investigated: false @@ -44234,7 +44793,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -44255,7 +44814,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: RESTful Interface Tool (iLOREST) + product: CloudPhysics cves: cve-2021-4104: investigated: false @@ -44284,7 +44843,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SAT (System Admin Toolkit) + product: Compute Cloud Console cves: cve-2021-4104: investigated: false @@ -44313,7 +44872,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Scripting Tools for Windows PowerShell (HPEiLOCmdlets) + product: Compute operations manager- FW UPDATE SERVICE cves: cve-2021-4104: investigated: false @@ -44342,7 +44901,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI MC990 X Server + product: COS (Cray Operating System) cves: cve-2021-4104: investigated: false @@ -44371,7 +44930,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI UV 2000 Server + product: Cray Systems Management (CSM) cves: cve-2021-4104: investigated: false @@ -44400,7 +44959,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI UV 300, 300H, 300RL, 30EX + product: Custom SPP Portal [Link](https://spp.hpe.com/custom) cves: cve-2021-4104: investigated: false @@ -44429,7 +44988,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI UV 3000 Server + product: Data Services Cloud Console cves: cve-2021-4104: investigated: false @@ -44458,7 +45017,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SN8700B 8-Slot Director Switch + product: Harmony Data Platform cves: cve-2021-4104: investigated: false @@ -44487,7 +45046,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreEasy + product: HOP public services (grafana, vault, rancher, Jenkins) cves: cve-2021-4104: investigated: false @@ -44516,7 +45075,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreEver CVTL + product: HPE B-series SN2600B SAN Extension Switch cves: cve-2021-4104: investigated: false @@ -44545,7 +45104,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreEver LTO Tape Drives + product: HPE B-series SN4000B SAN Extension Switch cves: cve-2021-4104: investigated: false @@ -44574,7 +45133,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreEver MSL Tape Libraries + product: HPE B-series SN6000B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -44603,7 +45162,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreOnce + product: HPE B-series SN6500B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -44632,7 +45191,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SUM (Smart Update Manager) + product: HPE B-series SN6600B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -44661,7 +45220,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Superdome Flex 280 + product: HPE B-series SN6650B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -44690,7 +45249,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Superdome Flex Server + product: HPE B-series SN6700B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -44719,7 +45278,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: UAN (User Access Node) + product: HPE Customer Experience Assurance (CEA) cves: cve-2021-4104: investigated: false @@ -44746,9 +45305,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE/Micro Focus - product: Data Protector + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager cves: cve-2021-4104: investigated: false @@ -44756,10 +45315,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '9.09' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -44772,13 +45330,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.microfocus.com/s/article/KM000003243 - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' - last_updated: '2021-12-17T00:00:00' - - vendor: Huawei - product: '' + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Home Location Register (HLR/I-HLR) cves: cve-2021-4104: investigated: false @@ -44801,13 +45359,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Hubspot - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Infosight for Servers cves: cve-2021-4104: investigated: false @@ -44830,13 +45388,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.hubspot.com/t5/APIs-Integrations/Log4J-day-zero-exploit-CVE-2021-44228/td-p/541949 - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: I-Net software - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Integrated Home Subscriber Server (I-HSS) cves: cve-2021-4104: investigated: false @@ -44859,13 +45417,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://faq.inetsoftware.de/t/statement-about-cve-2021-44228-log4j-vulnerability-concerning-i-net-software-products/269/3 - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: I2P - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Intelligent Messaging (IM) cves: cve-2021-4104: investigated: false @@ -44888,13 +45446,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://geti2p.net/en/blog/post/2021/12/11/i2p-unaffected-cve-2021-44228 - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: IBA-AG - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Intelligent Network Server (INS) cves: cve-2021-4104: investigated: false @@ -44917,13 +45475,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.iba-ag.com/en/security - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ibexa - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Multimedia Services Environment (MSE) cves: cve-2021-4104: investigated: false @@ -44946,13 +45504,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://developers.ibexa.co/security-advisories/cve-2021-44228-log4j-vulnerability - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: IBM - product: Analytics Engine + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OC Convergent Communications Platform (OCCP) cves: cve-2021-4104: investigated: false @@ -44975,13 +45533,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: App Configuration + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OC Media Platform Media Resource Function (OCMP-MRF) cves: cve-2021-4104: investigated: false @@ -45004,13 +45562,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: App Connect + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OC Service Access Controller (OC SAC) cves: cve-2021-4104: investigated: false @@ -45033,13 +45591,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: App ID + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OC Service Controller (OCSC) cves: cve-2021-4104: investigated: false @@ -45062,13 +45620,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Application Gateway + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OC Universal Signaling Platform (OC-USP-M) cves: cve-2021-4104: investigated: false @@ -45091,13 +45649,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Aspera + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE OneView cves: cve-2021-4104: investigated: false @@ -45120,13 +45678,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Aspera Endpoint + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE OneView for VMware vRealize Operations (vROps) cves: cve-2021-4104: investigated: false @@ -45149,13 +45707,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Aspera Enterprise + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE OneView Global Dashboard cves: cve-2021-4104: investigated: false @@ -45178,13 +45736,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Aspera fasp.io + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Performance Cluster Manager (HPCM) cves: cve-2021-4104: investigated: false @@ -45207,13 +45765,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Bare Metal Servers + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Performance Manager (PM) cves: cve-2021-4104: investigated: false @@ -45236,13 +45794,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: BigFix Compliance + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Position Determination Entity (PDE) cves: cve-2021-4104: investigated: false @@ -45264,44 +45822,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: IBM - product: BigFix Inventory - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - VM Manager Tool & SAP Tool - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: [] - notes: To verify if your instance is affected, go to the lib subdirectory of the - tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version - of log4j is included. Version is included in the name of the library. + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: IBM - product: Block Storage + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Secure Identity Broker (SIB) cves: cve-2021-4104: investigated: false @@ -45324,13 +45852,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Block Storage for VPC + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Service Activator (SA) cves: cve-2021-4104: investigated: false @@ -45353,13 +45881,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Block Storage Snapshots for VPC + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Service Governance Framework (SGF) cves: cve-2021-4104: investigated: false @@ -45382,13 +45910,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Case Manager + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Service Orchestration Manager (SOM) cves: cve-2021-4104: investigated: false @@ -45411,13 +45939,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Certificate Manager + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Service Provisioner (SP) cves: cve-2021-4104: investigated: false @@ -45440,13 +45968,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Client VPN for VPC + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Short Message Point-to-Point Gateway (SMPP) cves: cve-2021-4104: investigated: false @@ -45469,13 +45997,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Activity Tracker + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Slingshot cves: cve-2021-4104: investigated: false @@ -45498,13 +46026,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Backup + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Smart Interaction Server (SIS) cves: cve-2021-4104: investigated: false @@ -45527,13 +46055,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Monitoring + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE SN3000B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -45556,13 +46084,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Object Storage + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8000B 4-Slot SAN Director Switch cves: cve-2021-4104: investigated: false @@ -45585,13 +46113,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloud Object Storage + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8000B 8-Slot SAN Backbone Director Switch cves: cve-2021-4104: investigated: false @@ -45614,13 +46142,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cloudant + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8600B 4-Slot SAN Director Switch cves: cve-2021-4104: investigated: false @@ -45643,13 +46171,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Code Engine + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8600B 8-Slot SAN Director Switch cves: cve-2021-4104: investigated: false @@ -45672,13 +46200,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cognos Command Center + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8700B 4-Slot Director Switch cves: cve-2021-4104: investigated: false @@ -45701,13 +46229,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cognos Controller + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE SN8700B 8-Slot Director Switch cves: cve-2021-4104: investigated: false @@ -45715,9 +46243,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 10.4.2 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -45731,13 +46258,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/support/pages/node/6526468> - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Cognos Integration Server + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Subscriber, Network, and Application Policy (SNAP) cves: cve-2021-4104: investigated: false @@ -45760,13 +46287,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose Enterprise + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Subscription Manager (SM) cves: cve-2021-4104: investigated: false @@ -45789,13 +46316,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for Elasticsearch + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Synergy Image Streamer cves: cve-2021-4104: investigated: false @@ -45818,13 +46345,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for etcd + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Systems Insight Manager (SIM) cves: cve-2021-4104: investigated: false @@ -45847,13 +46374,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for MongoDB + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Telecom Application Server (TAS) cves: cve-2021-4104: investigated: false @@ -45876,13 +46403,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for MySQL + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Unified Correlation and Automation (UCA) cves: cve-2021-4104: investigated: false @@ -45905,13 +46432,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for PostgreSQL + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Unified Mediation Bus (UMB) cves: cve-2021-4104: investigated: false @@ -45934,13 +46461,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for RabbitMQ + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Unified OSS Console (UOC) cves: cve-2021-4104: investigated: false @@ -45963,13 +46490,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for Redis + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Unified Topology Manager (UTM) cves: cve-2021-4104: investigated: false @@ -45992,13 +46519,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for RethinkDB + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Universal Identity Repository (VIR) cves: cve-2021-4104: investigated: false @@ -46021,13 +46548,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Compose for ScyllaDB + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Universal SLA Manager (uSLAM) cves: cve-2021-4104: investigated: false @@ -46050,13 +46577,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Container Registry + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Virtual Connect cves: cve-2021-4104: investigated: false @@ -46079,13 +46606,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Container Security Services + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Virtual Connect Enterprise Manager (VCEM) cves: cve-2021-4104: investigated: false @@ -46108,13 +46635,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Content Delivery Network + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Virtual Provisioning Gateway (vPGW) cves: cve-2021-4104: investigated: false @@ -46137,13 +46664,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Continuous Delivery + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Virtual Server Environment (VSE) cves: cve-2021-4104: investigated: false @@ -46166,13 +46693,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Copy Services Manager + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: HPE Virtual Subscriber Data Management (vSDM) cves: cve-2021-4104: investigated: false @@ -46195,13 +46722,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for DataStax + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE WebRTC Gateway Controller (WGW) cves: cve-2021-4104: investigated: false @@ -46224,13 +46751,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for EDB + last_updated: '2021-12-14T00:00:00' + - vendor: HPE + product: HPE Wi-Fi Authentication Gateway (WauG) cves: cve-2021-4104: investigated: false @@ -46253,13 +46780,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for Elasticsearch + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Insight Cluster Management Utility (CMU) cves: cve-2021-4104: investigated: false @@ -46282,13 +46809,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for etcd + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrated Lights-Out (iLO) Amplifier Pack cves: cve-2021-4104: investigated: false @@ -46311,13 +46838,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for MongoDB + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrated Lights-Out 4 (iLO 4) cves: cve-2021-4104: investigated: false @@ -46325,10 +46852,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '4' cve-2021-45046: investigated: false affected_versions: [] @@ -46340,13 +46868,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for PostgreSQL + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrated Lights-Out 5 (iLO 5) cves: cve-2021-4104: investigated: false @@ -46354,10 +46882,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '5' cve-2021-45046: investigated: false affected_versions: [] @@ -46369,13 +46898,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Databases for Redis + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrity BL860c, BL870c, BL890c cves: cve-2021-4104: investigated: false @@ -46398,13 +46927,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Datapower Gateway + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrity Rx2800/Rx2900 cves: cve-2021-4104: investigated: false @@ -46427,13 +46956,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Dedicated Host for VPC + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrity Superdome 2 cves: cve-2021-4104: investigated: false @@ -46456,13 +46985,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Connect + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Integrity Superdome X cves: cve-2021-4104: investigated: false @@ -46485,13 +47014,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Connect on Classic + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Intelligent Provisioning cves: cve-2021-4104: investigated: false @@ -46514,13 +47043,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Dedicated (2.0) + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: iSUT integrated smart update tool cves: cve-2021-4104: investigated: false @@ -46543,13 +47072,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Dedicated Hosting on Classic + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Maven Artifacts (Atlas) cves: cve-2021-4104: investigated: false @@ -46572,13 +47101,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Dedicated on Classic + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: MSA cves: cve-2021-4104: investigated: false @@ -46601,13 +47130,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Direct Link Exchange on Classic + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: NetEdit cves: cve-2021-4104: investigated: false @@ -46630,13 +47159,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: DNS Services + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Nimble Storage cves: cve-2021-4104: investigated: false @@ -46659,13 +47188,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Emptoris Contract Management + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: NS-T0634-OSM CONSOLE TOOLS cves: cve-2021-4104: investigated: false @@ -46688,13 +47217,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Emptoris Program Management + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: NS-T0977-SCHEMA VALIDATOR cves: cve-2021-4104: investigated: false @@ -46717,13 +47246,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Emptoris Sourcing + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: OfficeConnect cves: cve-2021-4104: investigated: false @@ -46746,13 +47275,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Emptoris Spend Analysis + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Primera Storage cves: cve-2021-4104: investigated: false @@ -46775,13 +47304,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Emptoris Supplier Lifecycle Management + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: RepoServer part of OPA (on Premises aggregator) cves: cve-2021-4104: investigated: false @@ -46804,13 +47333,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Enterprise Tape Controller Model C07 (3592) (ETC) + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Resource Aggregator for Open Distributed Infrastructure Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: RESTful Interface Tool (iLOREST) cves: cve-2021-4104: investigated: false @@ -46833,13 +47391,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Event Notifications + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SAT (System Admin Toolkit) cves: cve-2021-4104: investigated: false @@ -46862,13 +47420,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Event Streams + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Scripting Tools for Windows PowerShell (HPEiLOCmdlets) cves: cve-2021-4104: investigated: false @@ -46891,13 +47449,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: File Storage + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI MC990 X Server cves: cve-2021-4104: investigated: false @@ -46920,13 +47478,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Flash System 900 (& 840) + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 2000 Server cves: cve-2021-4104: investigated: false @@ -46949,13 +47507,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Flow Logs for VPC + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 300, 300H, 300RL, 30EX cves: cve-2021-4104: investigated: false @@ -46978,13 +47536,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Functions + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 3000 Server cves: cve-2021-4104: investigated: false @@ -47007,13 +47565,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: GSKit + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SN8700B 8-Slot Director Switch cves: cve-2021-4104: investigated: false @@ -47036,13 +47594,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Guardium S-TAP for Data Sets on z/OS + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEasy cves: cve-2021-4104: investigated: false @@ -47065,13 +47623,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Guardium S-TAP for DB2 on z/OS + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver CVTL cves: cve-2021-4104: investigated: false @@ -47094,13 +47652,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Guardium S-TAP for IMS on z/OS + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver LTO Tape Drives cves: cve-2021-4104: investigated: false @@ -47123,13 +47681,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Hyper Protect Crypto Services + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver MSL Tape Libraries cves: cve-2021-4104: investigated: false @@ -47152,13 +47710,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Hyper Protect DBaaS for MongoDB + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreOnce cves: cve-2021-4104: investigated: false @@ -47181,13 +47739,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Hyper Protect DBaaS for PostgreSQL + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SUM (Smart Update Manager) cves: cve-2021-4104: investigated: false @@ -47210,13 +47768,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: Hyper Protect Virtual Server + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Superdome Flex 280 cves: cve-2021-4104: investigated: false @@ -47239,13 +47797,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: i2 Analyst’s Notebook + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Superdome Flex Server cves: cve-2021-4104: investigated: false @@ -47268,13 +47826,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: i2 Base + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: UAN (User Access Node) cves: cve-2021-4104: investigated: false @@ -47297,13 +47855,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Application Runtime Expert for i + last_updated: '2021-12-12T00:00:00' + - vendor: HPE/Micro Focus + product: Data Protector cves: cve-2021-4104: investigated: false @@ -47311,9 +47869,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '9.09' unaffected_versions: [] cve-2021-45046: investigated: false @@ -47326,13 +47885,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://portal.microfocus.com/s/article/KM000003243 notes: '' references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Backup, Recovery and Media Services for i + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + last_updated: '2021-12-17T00:00:00' + - vendor: Huawei + product: '' cves: cve-2021-4104: investigated: false @@ -47355,13 +47914,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM Db2 Mirror for i + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Hubspot + product: '' cves: cve-2021-4104: investigated: false @@ -47384,13 +47943,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://community.hubspot.com/t5/APIs-Integrations/Log4J-day-zero-exploit-CVE-2021-44228/td-p/541949 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM HTTP Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: I-Net software + product: '' cves: cve-2021-4104: investigated: false @@ -47413,13 +47972,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://faq.inetsoftware.de/t/statement-about-cve-2021-44228-log4j-vulnerability-concerning-i-net-software-products/269/3 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM i Access Family + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: I2P + product: '' cves: cve-2021-4104: investigated: false @@ -47442,13 +48001,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://geti2p.net/en/blog/post/2021/12/11/i2p-unaffected-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM i Portfolio of products under the Group SWMA + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IBA-AG + product: '' cves: cve-2021-4104: investigated: false @@ -47471,13 +48030,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://www.iba-ag.com/en/security notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: IBM - product: IBM PowerHA System Mirror for i + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ibexa + product: '' cves: cve-2021-4104: investigated: false @@ -47500,13 +48059,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + - https://developers.ibexa.co/security-advisories/cve-2021-44228-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM - product: IBM Sterling Connect:Direct Browser User Interface + product: Analytics Engine cves: cve-2021-4104: investigated: false @@ -47535,7 +48094,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: IBM Sterling Connect:Direct File Agent + product: App Configuration cves: cve-2021-4104: investigated: false @@ -47543,9 +48102,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - See Vendor Links + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -47559,15 +48117,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-sterling-connectdirect-for-unix-cve-2021-44228/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - - '[https://www.ibm.com/support/pages/node/6526688](https://www.ibm.com/support/pages/node/6526688), - [https://www.ibm.com/support/pages/node/6528324](https://www.ibm.com/support/pages/node/6528324), - [https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/)' - last_updated: '2021-12-20T00:00:00' + - '' + last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: IBM Sterling Connect:Direct for HP NonStop + product: App Connect cves: cve-2021-4104: investigated: false @@ -47596,7 +48152,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: IBM Sterling Connect:Direct for i5/OS + product: App ID cves: cve-2021-4104: investigated: false @@ -47625,7 +48181,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: IBM Sterling Connect:Direct for OpenVMS + product: Application Gateway cves: cve-2021-4104: investigated: false @@ -47654,7 +48210,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: IBM Sterling Connect:Express for Microsoft Windows + product: Aspera cves: cve-2021-4104: investigated: false @@ -47683,7 +48239,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: IBM Sterling Connect:Express for UNIX + product: Aspera Endpoint cves: cve-2021-4104: investigated: false @@ -47712,7 +48268,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: IBM Sterling Connect:Express for z/OS + product: Aspera Enterprise cves: cve-2021-4104: investigated: false @@ -47741,7 +48297,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Instana Agent + product: Aspera fasp.io cves: cve-2021-4104: investigated: false @@ -47749,9 +48305,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Timestamp lower than 12-11-2021 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -47765,13 +48320,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.instana.io/incidents/4zgcd2gzf4jw + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Internet Services + product: Bare Metal Servers cves: cve-2021-4104: investigated: false @@ -47800,7 +48355,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Key Lifecycle Manager for z/OS + product: BigFix Compliance cves: cve-2021-4104: investigated: false @@ -47822,14 +48377,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM - product: Key Protect + product: BigFix Inventory cves: cve-2021-4104: investigated: false @@ -47837,8 +48391,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - VM Manager Tool & SAP Tool fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -47851,14 +48406,15 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + vendor_links: [] + notes: To verify if your instance is affected, go to the lib subdirectory of the + tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version + of log4j is included. Version is included in the name of the library. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM - product: Knowledge Studio + product: Block Storage cves: cve-2021-4104: investigated: false @@ -47887,7 +48443,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Kubernetes Service + product: Block Storage for VPC cves: cve-2021-4104: investigated: false @@ -47916,7 +48472,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Load Balancer for VPC + product: Block Storage Snapshots for VPC cves: cve-2021-4104: investigated: false @@ -47945,7 +48501,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Log Analysis + product: Case Manager cves: cve-2021-4104: investigated: false @@ -47974,7 +48530,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Managed VMware Service + product: Certificate Manager cves: cve-2021-4104: investigated: false @@ -48003,7 +48559,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Management Extender for VMware vCenter + product: Client VPN for VPC cves: cve-2021-4104: investigated: false @@ -48025,13 +48581,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Mass Data Migration + product: Cloud Activity Tracker cves: cve-2021-4104: investigated: false @@ -48060,7 +48617,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Maximo EAM SaaS + product: Cloud Backup cves: cve-2021-4104: investigated: false @@ -48089,7 +48646,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Message Hub + product: Cloud Monitoring cves: cve-2021-4104: investigated: false @@ -48118,7 +48675,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: MQ Appliance + product: Cloud Object Storage cves: cve-2021-4104: investigated: false @@ -48147,7 +48704,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: MQ on IBM Cloud + product: Cloud Object Storage cves: cve-2021-4104: investigated: false @@ -48176,7 +48733,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Natural Language Understanding + product: Cloudant cves: cve-2021-4104: investigated: false @@ -48205,7 +48762,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: OmniFind Text Search Server for DB2 for i + product: Code Engine cves: cve-2021-4104: investigated: false @@ -48234,7 +48791,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: OPENBMC + product: Cognos Command Center cves: cve-2021-4104: investigated: false @@ -48263,7 +48820,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Planning Analytics Workspace + product: Cognos Controller cves: cve-2021-4104: investigated: false @@ -48273,7 +48830,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '>2.0.57' + - 10.4.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -48287,13 +48844,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/support/pages/node/6525700 + - https://www.ibm.com/support/pages/node/6526468> notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Power HMC + product: Cognos Integration Server cves: cve-2021-4104: investigated: false @@ -48301,9 +48858,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - V9.2.950.0 & V10.1.1010.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -48317,13 +48873,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/support/pages/node/6526172?myns=pwrsmc&mynp=OCSGGSNP&mync=E&cm_sp=pwrsmc-_-OCSGGSNP-_-E + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: PowerSC + product: Compose Enterprise cves: cve-2021-4104: investigated: false @@ -48352,7 +48908,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: PowerVM Hypervisor + product: Compose for Elasticsearch cves: cve-2021-4104: investigated: false @@ -48381,7 +48937,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: PowerVM VIOS + product: Compose for etcd cves: cve-2021-4104: investigated: false @@ -48410,7 +48966,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: QRadar Advisor + product: Compose for MongoDB cves: cve-2021-4104: investigated: false @@ -48439,7 +48995,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Qradar Network Threat Analytics + product: Compose for MySQL cves: cve-2021-4104: investigated: false @@ -48468,7 +49024,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: QRadar SIEM + product: Compose for PostgreSQL cves: cve-2021-4104: investigated: false @@ -48497,7 +49053,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Quantum Services + product: Compose for RabbitMQ cves: cve-2021-4104: investigated: false @@ -48526,7 +49082,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Rational Developer for AIX and Linux + product: Compose for Redis cves: cve-2021-4104: investigated: false @@ -48555,7 +49111,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Rational Developer for i + product: Compose for RethinkDB cves: cve-2021-4104: investigated: false @@ -48584,7 +49140,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Red Hat OpenShift on IBM Cloud + product: Compose for ScyllaDB cves: cve-2021-4104: investigated: false @@ -48613,7 +49169,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Resilient + product: Container Registry cves: cve-2021-4104: investigated: false @@ -48635,13 +49191,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Robotic Process Automation + product: Container Security Services cves: cve-2021-4104: investigated: false @@ -48670,7 +49227,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: SAN Volume Controller and Storwize Family + product: Content Delivery Network cves: cve-2021-4104: investigated: false @@ -48699,7 +49256,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Satellite Infrastructure Service + product: Continuous Delivery cves: cve-2021-4104: investigated: false @@ -48728,7 +49285,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Schematics + product: Copy Services Manager cves: cve-2021-4104: investigated: false @@ -48757,7 +49314,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Secrets Manager + product: Databases for DataStax cves: cve-2021-4104: investigated: false @@ -48786,7 +49343,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Secure Gateway + product: Databases for EDB cves: cve-2021-4104: investigated: false @@ -48815,7 +49372,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Server Automation + product: Databases for Elasticsearch cves: cve-2021-4104: investigated: false @@ -48837,13 +49394,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Archive Library Edition + product: Databases for etcd cves: cve-2021-4104: investigated: false @@ -48872,7 +49430,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Discover + product: Databases for MongoDB cves: cve-2021-4104: investigated: false @@ -48901,7 +49459,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Client Management Service + product: Databases for PostgreSQL cves: cve-2021-4104: investigated: false @@ -48930,7 +49488,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: 'Spectrum Protect for Databases: Data Protection for Oracle' + product: Databases for Redis cves: cve-2021-4104: investigated: false @@ -48959,7 +49517,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: 'Spectrum Protect for Databases: Data Protection for SQL' + product: Datapower Gateway cves: cve-2021-4104: investigated: false @@ -48988,7 +49546,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect for Enterprise Resource Planning + product: Dedicated Host for VPC cves: cve-2021-4104: investigated: false @@ -49017,7 +49575,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: 'Spectrum Protect for Mail: Data Protection for Domino' + product: Direct Link Connect cves: cve-2021-4104: investigated: false @@ -49046,7 +49604,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: 'Spectrum Protect for Mail: Data Protection for Exchange' + product: Direct Link Connect on Classic cves: cve-2021-4104: investigated: false @@ -49075,7 +49633,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect for Workstations + product: Direct Link Dedicated (2.0) cves: cve-2021-4104: investigated: false @@ -49104,7 +49662,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect for z/OS USS Client and API + product: Direct Link Dedicated Hosting on Classic cves: cve-2021-4104: investigated: false @@ -49133,7 +49691,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Plus Db2 Agent + product: Direct Link Dedicated on Classic cves: cve-2021-4104: investigated: false @@ -49162,7 +49720,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Plus Exchange Agent + product: Direct Link Exchange on Classic cves: cve-2021-4104: investigated: false @@ -49191,7 +49749,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Plus File Systems Agent + product: DNS Services cves: cve-2021-4104: investigated: false @@ -49220,7 +49778,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Plus MongoDB Agent + product: Emptoris Contract Management cves: cve-2021-4104: investigated: false @@ -49249,7 +49807,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Plus O365 Agent + product: Emptoris Program Management cves: cve-2021-4104: investigated: false @@ -49278,7 +49836,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Server + product: Emptoris Sourcing cves: cve-2021-4104: investigated: false @@ -49307,7 +49865,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Snapshot for UNIX + product: Emptoris Spend Analysis cves: cve-2021-4104: investigated: false @@ -49336,7 +49894,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Spectrum Protect Snapshot for UNIX + product: Emptoris Supplier Lifecycle Management cves: cve-2021-4104: investigated: false @@ -49365,7 +49923,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: SQL Query + product: Enterprise Tape Controller Model C07 (3592) (ETC) cves: cve-2021-4104: investigated: false @@ -49394,7 +49952,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Gentran + product: Event Notifications cves: cve-2021-4104: investigated: false @@ -49423,7 +49981,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Order Management + product: Event Streams cves: cve-2021-4104: investigated: false @@ -49452,7 +50010,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for ACORD + product: File Storage cves: cve-2021-4104: investigated: false @@ -49481,7 +50039,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for Financial Services + product: Flash System 900 (& 840) cves: cve-2021-4104: investigated: false @@ -49510,7 +50068,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for FIX + product: Flow Logs for VPC cves: cve-2021-4104: investigated: false @@ -49539,7 +50097,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for NACHA + product: Functions cves: cve-2021-4104: investigated: false @@ -49568,7 +50126,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for PeopleSoft + product: GSKit cves: cve-2021-4104: investigated: false @@ -49597,7 +50155,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for SAP R/3 + product: Guardium S-TAP for Data Sets on z/OS cves: cve-2021-4104: investigated: false @@ -49626,7 +50184,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for SEPA + product: Guardium S-TAP for DB2 on z/OS cves: cve-2021-4104: investigated: false @@ -49655,7 +50213,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for Siebel + product: Guardium S-TAP for IMS on z/OS cves: cve-2021-4104: investigated: false @@ -49684,7 +50242,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Pack for SWIFT + product: Hyper Protect Crypto Services cves: cve-2021-4104: investigated: false @@ -49713,7 +50271,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Packs for EDI + product: Hyper Protect DBaaS for MongoDB cves: cve-2021-4104: investigated: false @@ -49742,7 +50300,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Packs for Healthcare + product: Hyper Protect DBaaS for PostgreSQL cves: cve-2021-4104: investigated: false @@ -49771,7 +50329,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Sterling Transformation Extender Trading Manager + product: Hyper Protect Virtual Server cves: cve-2021-4104: investigated: false @@ -49800,7 +50358,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Storage TS1160 + product: i2 Analyst’s Notebook cves: cve-2021-4104: investigated: false @@ -49829,7 +50387,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Storage TS2280 + product: i2 Base cves: cve-2021-4104: investigated: false @@ -49858,7 +50416,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Storage TS2900 Library + product: IBM Application Runtime Expert for i cves: cve-2021-4104: investigated: false @@ -49887,7 +50445,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Storage TS3100-TS3200 Library + product: IBM Backup, Recovery and Media Services for i cves: cve-2021-4104: investigated: false @@ -49916,7 +50474,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Storage TS4500 Library + product: IBM Db2 Mirror for i cves: cve-2021-4104: investigated: false @@ -49945,7 +50503,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Storage Virtualization Engine TS7700 + product: IBM HTTP Server cves: cve-2021-4104: investigated: false @@ -49974,7 +50532,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Tape System Library Manager + product: IBM i Access Family cves: cve-2021-4104: investigated: false @@ -50003,7 +50561,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: TDMF for zOS + product: IBM i Portfolio of products under the Group SWMA cves: cve-2021-4104: investigated: false @@ -50032,7 +50590,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Total Storage Service Console (TSSC) / TS4500 IMC + product: IBM PowerHA System Mirror for i cves: cve-2021-4104: investigated: false @@ -50061,7 +50619,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Transit Gateway + product: IBM Sterling Connect:Direct Browser User Interface cves: cve-2021-4104: investigated: false @@ -50090,7 +50648,39 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Tririga Anywhere + product: IBM Sterling Connect:Direct File Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - See Vendor Links + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerability-affects-ibm-sterling-connectdirect-for-unix-cve-2021-44228/ + notes: '' + references: + - '[https://www.ibm.com/support/pages/node/6526688](https://www.ibm.com/support/pages/node/6526688), + [https://www.ibm.com/support/pages/node/6528324](https://www.ibm.com/support/pages/node/6528324), + [https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/)' + last_updated: '2021-12-20T00:00:00' + - vendor: IBM + product: IBM Sterling Connect:Direct for HP NonStop cves: cve-2021-4104: investigated: false @@ -50119,7 +50709,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: TS4300 + product: IBM Sterling Connect:Direct for i5/OS cves: cve-2021-4104: investigated: false @@ -50148,7 +50738,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Urbancode Deploy + product: IBM Sterling Connect:Direct for OpenVMS cves: cve-2021-4104: investigated: false @@ -50177,7 +50767,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Virtual Private Cloud + product: IBM Sterling Connect:Express for Microsoft Windows cves: cve-2021-4104: investigated: false @@ -50206,7 +50796,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Virtual Server for Classic + product: IBM Sterling Connect:Express for UNIX cves: cve-2021-4104: investigated: false @@ -50235,7 +50825,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Virtualization Management Interface + product: IBM Sterling Connect:Express for z/OS cves: cve-2021-4104: investigated: false @@ -50264,7 +50854,37 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: VMware Solutions + product: Instana Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Timestamp lower than 12-11-2021 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://status.instana.io/incidents/4zgcd2gzf4jw + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: IBM + product: Internet Services cves: cve-2021-4104: investigated: false @@ -50293,7 +50913,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: VMware vCenter Server + product: Key Lifecycle Manager for z/OS cves: cve-2021-4104: investigated: false @@ -50322,7 +50942,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: VMware vSphere + product: Key Protect cves: cve-2021-4104: investigated: false @@ -50351,7 +50971,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: VPN for VPC + product: Knowledge Studio cves: cve-2021-4104: investigated: false @@ -50380,7 +51000,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: vRealize Operations and Log Insight + product: Kubernetes Service cves: cve-2021-4104: investigated: false @@ -50409,7 +51029,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Workload Automation + product: Load Balancer for VPC cves: cve-2021-4104: investigated: false @@ -50437,8 +51057,8 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: ICONICS - product: All + - vendor: IBM + product: Log Analysis cves: cve-2021-4104: investigated: false @@ -50461,13 +51081,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://iconics.com/News/Press-Releases/2021/ICONICS-Not-Subject-to-Apache-Log4j-Vulnerability + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: IFS - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Managed VMware Service cves: cve-2021-4104: investigated: false @@ -50490,13 +51110,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.ifs.com/announcements-278/urgent-bulletin-ifs-advisory-ifs-products-services-and-log4j-cve-2021-44228-16436 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: IGEL - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Management Extender for VMware vCenter cves: cve-2021-4104: investigated: false @@ -50518,14 +51138,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://kb.igel.com/securitysafety/en/isn-2021-11-ums-log4j-vulnerability-54086712.html + vendor_links: [] notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ignite Realtime - product: '' + - vendor: IBM + product: Mass Data Migration cves: cve-2021-4104: investigated: false @@ -50548,13 +51167,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discourse.igniterealtime.org/t/openfire-4-6-5-released/91108 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: iGrafx - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Maximo EAM SaaS cves: cve-2021-4104: investigated: false @@ -50577,13 +51196,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.igrafx.com/igrafx-thwarts-log4j-vulnerability/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Illuminated Cloud - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Message Hub cves: cve-2021-4104: investigated: false @@ -50606,13 +51225,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://illuminatedcloud.blogspot.com/2021/12/illuminated-cloud-2-and-log4j-security.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Illumio - product: C-VEN + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: MQ Appliance cves: cve-2021-4104: investigated: false @@ -50635,13 +51254,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: CLI + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: MQ on IBM Cloud cves: cve-2021-4104: investigated: false @@ -50664,13 +51283,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: CloudSecure + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Natural Language Understanding cves: cve-2021-4104: investigated: false @@ -50693,13 +51312,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Core on-premise PCE + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: OmniFind Text Search Server for DB2 for i cves: cve-2021-4104: investigated: false @@ -50722,13 +51341,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Core SaaS PCE + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: OPENBMC cves: cve-2021-4104: investigated: false @@ -50751,13 +51370,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Edge SaaS PCE + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Planning Analytics Workspace cves: cve-2021-4104: investigated: false @@ -50765,8 +51384,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '>2.0.57' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -50780,13 +51400,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/support/pages/node/6525700 notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Edge-CrowdStrike + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Power HMC cves: cve-2021-4104: investigated: false @@ -50794,8 +51414,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - V9.2.950.0 & V10.1.1010.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -50809,13 +51430,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/support/pages/node/6526172?myns=pwrsmc&mynp=OCSGGSNP&mync=E&cm_sp=pwrsmc-_-OCSGGSNP-_-E notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Flowlink + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: PowerSC cves: cve-2021-4104: investigated: false @@ -50838,13 +51459,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Kubelink + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: PowerVM Hypervisor cves: cve-2021-4104: investigated: false @@ -50867,13 +51488,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: NEN + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: PowerVM VIOS cves: cve-2021-4104: investigated: false @@ -50896,13 +51517,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: QRadar App + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: QRadar Advisor cves: cve-2021-4104: investigated: false @@ -50925,13 +51546,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: Splunk App + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Qradar Network Threat Analytics cves: cve-2021-4104: investigated: false @@ -50954,13 +51575,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Illumio - product: VEN + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: QRadar SIEM cves: cve-2021-4104: investigated: false @@ -50983,13 +51604,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: IManage - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Quantum Services cves: cve-2021-4104: investigated: false @@ -51012,13 +51633,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.imanage.com/hc/en-us/articles/4412696236699-ADVISORY-Security-vulnerability-CVE-2021-44228-in-third-party-component-Apache-Log4j2#h_3164fa6c-4717-4aa1-b2dc-d14d4112595e + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Imperva - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Rational Developer for AIX and Linux cves: cve-2021-4104: investigated: false @@ -51041,44 +51662,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Inductive Automation - product: Ignition - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day - notes: Older versions of Ignition (7.8 and older) did use the Log4j library, but - they used an older version (1.2) that was not affected by this vulnerability. - references: - - '' - last_updated: '2022-01-19T00:00:00' - - vendor: IndustrialDefender - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Rational Developer for i cves: cve-2021-4104: investigated: false @@ -51101,13 +51691,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.industrialdefender.com/cve-2021-44228-log4j/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: infinidat - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Red Hat OpenShift on IBM Cloud cves: cve-2021-4104: investigated: false @@ -51130,13 +51720,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.infinidat.com/hc/en-us/articles/4413483145489-INFINIDAT-Support-Announcement-2021-010-Log4Shell-CVE-2021-44228 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: InfluxData - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Resilient cves: cve-2021-4104: investigated: false @@ -51158,14 +51748,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.influxdata.com/blog/apache-log4j-vulnerability-cve-2021-44228/ + vendor_links: [] notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Infoblox - product: '' + - vendor: IBM + product: Robotic Process Automation cves: cve-2021-4104: investigated: false @@ -51188,13 +51777,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.infoblox.com/articles/Knowledge/Infoblox-NIOS-and-BloxOne-products-not-vulnerable-to-CVE-2021-44228 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Informatica - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: SAN Volume Controller and Storwize Family cves: cve-2021-4104: investigated: false @@ -51217,13 +51806,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://network.informatica.com/community/informatica-network/blog/2021/12/10/log4j-vulnerability-update + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Instana - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Satellite Infrastructure Service cves: cve-2021-4104: investigated: false @@ -51246,13 +51835,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.instana.io/incidents/4zgcd2gzf4jw + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Instructure - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Schematics cves: cve-2021-4104: investigated: false @@ -51275,13 +51864,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.canvaslms.com/t5/Community-Users/Instructure-amp-the-Apache-Log4j2-Vulnerability/ba-p/501907 + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Intel - product: Audio Development Kit + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Secrets Manager cves: cve-2021-4104: investigated: false @@ -51304,13 +51893,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: Computer Vision Annotation Tool maintained by Intel + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Secure Gateway cves: cve-2021-4104: investigated: false @@ -51333,13 +51922,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: Datacenter Manager + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Server Automation cves: cve-2021-4104: investigated: false @@ -51361,14 +51950,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: Genomics Kernel Library + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IBM + product: Spectrum Archive Library Edition cves: cve-2021-4104: investigated: false @@ -51391,13 +51979,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: oneAPI sample browser plugin for Eclipse + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Discover cves: cve-2021-4104: investigated: false @@ -51420,13 +52008,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: Secure Device Onboard + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Client Management Service cves: cve-2021-4104: investigated: false @@ -51449,13 +52037,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: Sensor Solution Firmware Development Kit + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: 'Spectrum Protect for Databases: Data Protection for Oracle' cves: cve-2021-4104: investigated: false @@ -51478,13 +52066,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: System Debugger + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: 'Spectrum Protect for Databases: Data Protection for SQL' cves: cve-2021-4104: investigated: false @@ -51507,13 +52095,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Intel - product: System Studio + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect for Enterprise Resource Planning cves: cve-2021-4104: investigated: false @@ -51536,13 +52124,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Internet Systems Consortium(ISC) - product: BIND 9 + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: 'Spectrum Protect for Mail: Data Protection for Domino' cves: cve-2021-4104: investigated: false @@ -51550,11 +52138,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -51566,13 +52153,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.isc.org/blogs/2021-log4j/ - notes: no JAVA Code + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Internet Systems Consortium(ISC) - product: ISC DHCP, aka dhcpd + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: 'Spectrum Protect for Mail: Data Protection for Exchange' cves: cve-2021-4104: investigated: false @@ -51580,11 +52167,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -51596,13 +52182,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.isc.org/blogs/2021-log4j/ - notes: no JAVA Code + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Internet Systems Consortium(ISC) - product: Kea DHCP + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect for Workstations cves: cve-2021-4104: investigated: false @@ -51610,11 +52196,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -51626,13 +52211,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.isc.org/blogs/2021-log4j/ - notes: no JAVA Code + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: InterSystems - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect for z/OS USS Client and API cves: cve-2021-4104: investigated: false @@ -51655,13 +52240,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.intersystems.com/gt/apache-log4j2/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Intland - product: codebeamer + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Plus Db2 Agent cves: cve-2021-4104: investigated: false @@ -51669,10 +52254,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <= 20.11-SP11 - - <= 21.09-SP3 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -51686,14 +52269,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://codebeamer.com/cb/wiki/19872365 - notes: A fix has been released for [20.11](https://codebeamer.com/cb/wiki/13134438) - and [21.09](https://codebeamer.com/cb/wiki/19418497), but not yet for [21.04](https://codebeamer.com/cb/wiki/16937839) + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: IPRO - product: Netgovern + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Plus Exchange Agent cves: cve-2021-4104: investigated: false @@ -51715,13 +52297,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: iRedMail - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Plus File Systems Agent cves: cve-2021-4104: investigated: false @@ -51744,13 +52327,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.iredmail.org/topic18605-log4j-cve202144228.html + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ironnet - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Plus MongoDB Agent cves: cve-2021-4104: investigated: false @@ -51773,13 +52356,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ironnet.com/blog/ironnet-security-notifications-related-to-log4j-vulnerability + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ISLONLINE - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Plus O365 Agent cves: cve-2021-4104: investigated: false @@ -51802,1858 +52385,1785 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.islonline.com/2021/12/13/isl-online-is-not-affected-by-log4shell-vulnerability/ + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ivanti - product: Application Control for Linux + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Server cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Application Control for Windows + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Snapshot for UNIX cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Automation + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Spectrum Protect Snapshot for UNIX cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Avalanche + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: SQL Query cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 6.2.2 - - 6.3.0 to 6.3.3 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Avalanche Remote Control + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Gentran cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: CETerm (Naurtech) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Order Management cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Cherwell Asset Management (CAM) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for ACORD cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Cherwell Service Management (CSM) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for Financial Services cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Connect Pro + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for FIX cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: ConnectPro (Termproxy) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for NACHA cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Credential mgr (PivD Manager) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for PeopleSoft cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Discovery Classic + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for SAP R/3 cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: DSM + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for SEPA cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Environment Manager + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for Siebel cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: GoldMine + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Pack for SWIFT cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: HEAT Classic + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Packs for EDI cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: IIRIS (Neurons for IIOT) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Packs for Healthcare cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Incapptic Connect + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Sterling Transformation Extender Trading Manager cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Insight + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage TS1160 cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: ITSM 6/7 + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage TS2280 cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Asset Lifecycle Management + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage TS2900 Library cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Device Application Control + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage TS3100-TS3200 Library cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Endpoint Manager + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage TS4500 Library cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Endpoint Security + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Storage Virtualization Engine TS7700 cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Environment Manager + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Tape System Library Manager cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti EPM - Cloud Service Appliance + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: TDMF for zOS cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti File Director + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Total Storage Service Console (TSSC) / TS4500 IMC cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 2019.1.* - - 2020.1.* - - 2020.3.* - - 2021.1.* - - 4.4.* - fixed_versions: - - 2021.3 HF2 - - 2021.1 HF1 - - 2020.3 HF2 + investigated: false + affected_versions: [] + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Identity Director + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Transit Gateway cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti License Optimizer (ILO) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Tririga Anywhere cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Management Center + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: TS4300 cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Neurons Platform + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Urbancode Deploy cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Performance Manager + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Virtual Private Cloud cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Security Controls (Patch ISec) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Virtual Server for Classic cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See More INFO for Ivanti Security Controls (Patch ISec) in the Advisory - Page + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Service Desk + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Virtualization Management Interface cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: Not Affected. Java is no longer required since version 2018.3U3 Customers - on older versions can uninstall JRE on their ISD Servers for mitigation. This - will disable indexing of Attachments and Documents for full-text search. + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Service Manager + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: VMware Solutions cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Service Manager for Neurons (Cloud) + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: VMware vCenter Server cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Voice + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: VMware vSphere cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Ivanti Workspace Control + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: VPN for VPC cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MI Appconnect + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: vRealize Operations and Log Insight cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MI Email+ + last_updated: '2021-12-15T00:00:00' + - vendor: IBM + product: Workload Automation cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MI Go Client + last_updated: '2021-12-15T00:00:00' + - vendor: ICONICS + product: All cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://iconics.com/News/Press-Releases/2021/ICONICS-Not-Subject-to-Apache-Log4j-Vulnerability notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MI MobileAtWork + last_updated: '2021-12-21T00:00:00' + - vendor: IFS + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://community.ifs.com/announcements-278/urgent-bulletin-ifs-advisory-ifs-products-services-and-log4j-cve-2021-44228-16436 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MI Security Productivity Apps + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: IGEL + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://kb.igel.com/securitysafety/en/isn-2021-11-ums-log4j-vulnerability-54086712.html notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Mi Tunnel App + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ignite Realtime + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://discourse.igniterealtime.org/t/openfire-4-6-5-released/91108 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron Access ZSO + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: iGrafx + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: Mitigated. No Impact + - https://www.igrafx.com/igrafx-thwarts-log4j-vulnerability/ + notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron BYOD Portal + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Illuminated Cloud + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://illuminatedcloud.blogspot.com/2021/12/illuminated-cloud-2-and-log4j-security.html notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Illumio + product: C-VEN cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron Cloud Connector + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: CLI cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron Core + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: CloudSecure cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Core. + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron Core Connector + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Core on-premise PCE cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Core Connector. + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: MobileIron Sentry (Core/Cloud) + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Core SaaS PCE cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '9.13' - - '9.14' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Sentry. + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html + notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Patch MEM (Microsoft Endpoint Manager) + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Edge SaaS PCE cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Patch OEM APIs + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Edge-CrowdStrike cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Performance Manager + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Flowlink cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse Connect Secure + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Kubelink cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse Desktop Client + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: NEN cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse Mobile Client + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: QRadar App cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse One + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: Splunk App cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse Policy Secure + last_updated: '2021-12-16T00:00:00' + - vendor: Illumio + product: VEN cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse Services Director + last_updated: '2021-12-16T00:00:00' + - vendor: IManage + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://help.imanage.com/hc/en-us/articles/4412696236699-ADVISORY-Security-vulnerability-CVE-2021-44228-in-third-party-component-Apache-Log4j2#h_3164fa6c-4717-4aa1-b2dc-d14d4112595e notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse Virtual Traffic Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Imperva + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/ notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse Web Application Firewall + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Inductive Automation + product: Ignition cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -53664,323 +54174,314 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: '' + - https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day + notes: Older versions of Ignition (7.8 and older) did use the Log4j library, but + they used an older version (1.2) that was not affected by this vulnerability. references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Pulse ZTA + last_updated: '2022-01-19T00:00:00' + - vendor: IndustrialDefender + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.industrialdefender.com/cve-2021-44228-log4j/ notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Risksense Threat and Vulnerability Management + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: infinidat + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://support.infinidat.com/hc/en-us/articles/4413483145489-INFINIDAT-Support-Announcement-2021-010-Log4Shell-CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: SpeakEasy (add-on to Velocity) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: InfluxData + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.influxdata.com/blog/apache-log4j-vulnerability-cve-2021-44228/ notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: SpeakEasy (WinCE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Infoblox + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://support.infoblox.com/articles/Knowledge/Infoblox-NIOS-and-BloxOne-products-not-vulnerable-to-CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Terminal Emulation and Industrial Browser + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Informatica + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://network.informatica.com/community/informatica-network/blog/2021/12/10/log4j-vulnerability-update notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Velocity + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Instana + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://status.instana.io/incidents/4zgcd2gzf4jw notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: VelocityCE + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Instructure + product: '' cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://community.canvaslms.com/t5/Community-Users/Instructure-amp-the-Apache-Log4j2-Vulnerability/ba-p/501907 notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Virtual Desktop Extender + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Intel + product: Audio Development Kit cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Wavelink License Server + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: Computer Vision Annotation Tool maintained by Intel cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Xtraction + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: Datacenter Manager cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Jamasoftware - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: Genomics Kernel Library cves: cve-2021-4104: investigated: false @@ -54003,13 +54504,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22 + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jamf - product: Jamf Pro + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: oneAPI sample browser plugin for Eclipse cves: cve-2021-4104: investigated: false @@ -54017,9 +54518,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 10.31.0 – 10.34.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -54033,13 +54533,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Janitza - product: GridVis + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: Secure Device Onboard cves: cve-2021-4104: investigated: false @@ -54047,11 +54547,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 8.0.82 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54063,15 +54562,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.janitza.com/us/gridvis-download.html + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Jaspersoft - product: '' - cves: - cve-2021-4104: + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: Sensor Solution Firmware Development Kit + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] @@ -54092,13 +54591,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jedox - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: System Debugger cves: cve-2021-4104: investigated: false @@ -54121,13 +54620,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.jedox.com/en/trust/ + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jenkins - product: CI/CD Core + last_updated: '2021-12-16T00:00:00' + - vendor: Intel + product: System Studio cves: cve-2021-4104: investigated: false @@ -54149,13 +54648,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jenkins - product: Plugins + last_updated: '2021-12-16T00:00:00' + - vendor: Internet Systems Consortium(ISC) + product: BIND 9 cves: cve-2021-4104: investigated: false @@ -54163,10 +54663,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -54178,14 +54679,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ - notes: '[Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/)' + - https://www.isc.org/blogs/2021-log4j/ + notes: no JAVA Code references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: JetBrains - product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, - dotCover, dotPeek) + last_updated: '2021-12-17T00:00:00' + - vendor: Internet Systems Consortium(ISC) + product: ISC DHCP, aka dhcpd cves: cve-2021-4104: investigated: false @@ -54197,7 +54697,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - All cve-2021-45046: investigated: false affected_versions: [] @@ -54209,13 +54709,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ - notes: '' + - https://www.isc.org/blogs/2021-log4j/ + notes: no JAVA Code references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jetbrains - product: Code With Me + last_updated: '2021-12-17T00:00:00' + - vendor: Internet Systems Consortium(ISC) + product: Kea DHCP cves: cve-2021-4104: investigated: false @@ -54225,9 +54725,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -54239,13 +54739,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ - notes: '' + - https://www.isc.org/blogs/2021-log4j/ + notes: no JAVA Code references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Datalore + last_updated: '2021-12-17T00:00:00' + - vendor: InterSystems + product: '' cves: cve-2021-4104: investigated: false @@ -54253,11 +54753,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54269,13 +54768,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.intersystems.com/gt/apache-log4j2/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Floating license server + - vendor: Intland + product: codebeamer cves: cve-2021-4104: investigated: false @@ -54284,9 +54783,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - '30211' + affected_versions: + - <= 20.11-SP11 + - <= 21.09-SP3 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -54299,13 +54799,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ - notes: '' + - https://codebeamer.com/cb/wiki/19872365 + notes: A fix has been released for [20.11](https://codebeamer.com/cb/wiki/13134438) + and [21.09](https://codebeamer.com/cb/wiki/19418497), but not yet for [21.04](https://codebeamer.com/cb/wiki/16937839) references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Gateway + - vendor: IPRO + product: Netgovern cves: cve-2021-4104: investigated: false @@ -54313,11 +54814,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54328,14 +54828,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + vendor_links: [] notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Hub + - vendor: iRedMail + product: '' cves: cve-2021-4104: investigated: false @@ -54343,10 +54842,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 2021.1.14080 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -54359,15 +54857,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/ + - https://forum.iredmail.org/topic18605-log4j-cve202144228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, - IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, - Rider, RubyMine, WebStorm) + - vendor: Ironnet + product: '' cves: cve-2021-4104: investigated: false @@ -54375,11 +54871,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54391,13 +54886,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.ironnet.com/blog/ironnet-security-notifications-related-to-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Kotlin + - vendor: ISLONLINE + product: '' cves: cve-2021-4104: investigated: false @@ -54405,11 +54900,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -54421,16 +54915,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://blog.islonline.com/2021/12/13/isl-online-is-not-affected-by-log4shell-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Ktor + - vendor: Ivanti + product: Application Control for Linux cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -54439,28 +54933,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: MPS + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Application Control for Windows cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -54469,28 +54963,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Space + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Automation cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -54499,58 +54993,59 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: TeamCity + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Avalanche cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 6.2.2 + - 6.3.0 to 6.3.3 fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://youtrack.jetbrains.com/issue/TW-74298 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: ToolBox + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Avalanche Remote Control cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -54559,205 +55054,208 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: UpSource + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: CETerm (Naurtech) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 2020.1.1952 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: YouTrack InCloud + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Cherwell Asset Management (CAM) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: YouTrack Standalone + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Cherwell Service Management (CSM) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 2021.4.35970 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JFROG - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Connect Pro cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jitsi - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: ConnectPro (Termproxy) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jitterbit - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Credential mgr (PivD Manager) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Johnson Controls - product: BCPro + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Discovery Classic cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -54766,28 +55264,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CEM AC2000 + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: DSM cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -54796,28 +55294,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CEM Hardware Products + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Environment Manager cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -54826,28 +55324,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CloudVue Gateway + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: GoldMine cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -54856,28 +55354,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CloudVue Web + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: HEAT Classic cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -54886,28 +55384,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: IIRIS (Neurons for IIOT) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -54916,28 +55414,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.90.x (all 2.90 versions) + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Incapptic Connect cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -54946,28 +55444,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.80.x (all 2.80 versions) + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Insight cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -54976,28 +55474,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.70 (All versions) + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: ITSM 6/7 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -55006,28 +55504,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.60 (All versions) + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: DLS + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Asset Lifecycle Management cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -55036,28 +55534,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Entrapass + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Device Application Control cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -55066,28 +55564,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: exacqVision Client + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Endpoint Manager cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -55096,28 +55594,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: exacqVision Server + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Endpoint Security cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -55126,28 +55624,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: exacqVision WebService + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Environment Manager cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -55156,28 +55654,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Facility Explorer + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti EPM - Cloud Service Appliance cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -55186,58 +55684,65 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 14.x + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Illustra Cameras + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti File Director cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All versions + affected_versions: + - 2019.1.* + - 2020.1.* + - 2020.3.* + - 2021.1.* + - 4.4.* + fixed_versions: + - 2021.3 HF2 + - 2021.1 HF1 + - 2020.3 HF2 + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Illustra Insight + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Identity Director cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -55246,28 +55751,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: iSTAR + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti License Optimizer (ILO) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -55276,28 +55781,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Metasys Products and Tools + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Management Center cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -55306,28 +55811,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: PowerSeries NEO + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Neurons Platform cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -55336,28 +55841,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: PowerSeries Pro + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Performance Manager cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -55366,28 +55871,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Qolsys IQ Panels + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Security Controls (Patch ISec) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -55396,28 +55901,29 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories - notes: '' + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See More INFO for Ivanti Security Controls (Patch ISec) in the Advisory + Page references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Sur‐Gard Receivers + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Service Desk cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -55426,28 +55932,30 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories - notes: '' + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: Not Affected. Java is no longer required since version 2018.3U3 Customers + on older versions can uninstall JRE on their ISD Servers for mitigation. This + will disable indexing of Attachments and Documents for full-text search. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Tyco AI + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Service Manager cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -55456,28 +55964,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: victor + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Service Manager for Neurons (Cloud) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -55486,28 +55994,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 5.x + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: victor/ C•CURE‐9000 Unified + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Voice cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -55516,28 +56024,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: victor/ C•CURE‐9000 Unified + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Workspace Control cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -55546,28 +56054,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.91.x / victor 5.6.1 / C•CURE‐9000 2.90 + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: VideoEdge + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Appconnect cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -55576,57 +56084,58 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 5.x + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Journyx - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Email+ cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228- + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: jPOS - product: (ISO-8583) bridge + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Go Client cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -55635,924 +56144,956 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jump Desktop - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI MobileAtWork cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Security Productivity Apps cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Justice Systems - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Mi Tunnel App cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.justicesystems.com/services/support/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: K15t - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Access ZSO cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.k15t.com/k15t-apps-and-log4shell-193401141.html - notes: '' + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: Mitigated. No Impact references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: K6 - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron BYOD Portal cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Karakun - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Cloud cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://board.karakun.com/viewtopic.php?f=21&t=8351 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Kaseya - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Cloud Connector cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Keeper Security - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/ - notes: '' + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Core. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core Connector cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit - notes: '' + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Core Connector. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP 2 - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Sentry (Core/Cloud) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '9.13' + - '9.14' fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228- - notes: '' + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Sentry. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Kofax - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Patch MEM (Microsoft Endpoint Manager) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228) + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Konica Minolta - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Patch OEM APIs cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.konicaminolta.de/de-de/support/log4j + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Kronos UKG - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Performance Manager cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Kyberna - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Connect Secure cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.kyberna.com/detail/log4j-sicherheitsluecke + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: L-Soft - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Desktop Client cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - http://www.lsoft.com/news/log4jinfo.asp + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: L3Harris Geospatial - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Mobile Client cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.l3harrisgeospatial.com/Support/Self-Help-Tools/Help-Articles/Help-Articles-Detail/ArtMID/10220/ArticleID/24141/Impact-of-Log4j-Java-Security-Vulnerability-CVE-2021-44228-on-L3Harris-Geospatial-software + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Lancom Systems - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse One cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.lancom-systems.com/service-support/instant-help/general-security-information/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Lansweeper - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Policy Secure cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.lansweeper.com/vulnerability/critical-log4j-vulnerability-affects-millions-of-applications/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Laserfiche - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Services Director cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://answers.laserfiche.com/questions/194037/Do-any-Laserfiche-products-use-the-Apache-log4j-library#194038 + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LastPass - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Virtual Traffic Manager cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.logmeininc.com/lastpass/help/log4j-vulnerability-faq-for-lastpass-universal-proxy + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LaunchDarkly - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Web Application Firewall cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://launchdarkly.com/blog/audit-shows-systems-unaffected-by-log4j/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Leanix - product: '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse ZTA cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leanix.net/en/blog/log4j-vulnerability-log4shell + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio AT2 + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Risksense Threat and Vulnerability Management cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio AT2 DX + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: SpeakEasy (add-on to Velocity) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio CS2 + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: SpeakEasy (WinCE) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio eSlide Manager + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Terminal Emulation and Industrial Browser cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio GT 450 + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Velocity cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio GT 450 DX + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: VelocityCE cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio ImageScope + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Virtual Desktop Extender cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio ImageScope DX + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Wavelink License Server cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio LV1 + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Xtraction cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio SAM DX Server For GT 450 DX + last_updated: '2022-01-18T00:00:00' + - vendor: Jamasoftware + product: '' cves: cve-2021-4104: investigated: false @@ -56575,13 +57116,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio Scanner Administration Manager (SAM) Server for GT 450 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Pro cves: cve-2021-4104: investigated: false @@ -56589,8 +57130,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 10.31.0 – 10.34.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -56604,13 +57146,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio VERSA + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Janitza + product: GridVis cves: cve-2021-4104: investigated: false @@ -56618,10 +57160,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.82 cve-2021-45046: investigated: false affected_versions: [] @@ -56633,13 +57176,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://www.janitza.com/us/gridvis-download.html notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Aperio WebViewer DX + last_updated: '2022-01-05T00:00:00' + - vendor: Jaspersoft + product: '' cves: cve-2021-4104: investigated: false @@ -56662,13 +57205,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND Controller + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jedox + product: '' cves: cve-2021-4104: investigated: false @@ -56691,13 +57234,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://www.jedox.com/en/trust/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND RX + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jenkins + product: CI/CD Core cves: cve-2021-4104: investigated: false @@ -56719,14 +57262,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND RXm + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jenkins + product: Plugins cves: cve-2021-4104: investigated: false @@ -56749,13 +57291,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ - notes: '' + - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ + notes: '[Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/)' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND-ADVANCE + last_updated: '2021-12-16T00:00:00' + - vendor: JetBrains + product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, + dotCover, dotPeek) cves: cve-2021-4104: investigated: false @@ -56763,10 +57306,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -56778,13 +57322,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND-III + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jetbrains + product: Code With Me cves: cve-2021-4104: investigated: false @@ -56792,9 +57336,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Unknown unaffected_versions: [] cve-2021-45046: investigated: false @@ -56807,13 +57352,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: BOND-MAX + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Datalore cves: cve-2021-4104: investigated: false @@ -56821,10 +57366,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -56836,13 +57382,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: CEREBRO + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Floating license server cves: cve-2021-4104: investigated: false @@ -56850,9 +57396,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '30211' unaffected_versions: [] cve-2021-45046: investigated: false @@ -56865,13 +57412,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: CytoVision + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Gateway cves: cve-2021-4104: investigated: false @@ -56879,10 +57426,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -56894,13 +57442,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore PEARL + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Hub cves: cve-2021-4104: investigated: false @@ -56908,9 +57456,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2021.1.14080 unaffected_versions: [] cve-2021-45046: investigated: false @@ -56923,13 +57472,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore PEGASUS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, + IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, + Rider, RubyMine, WebStorm) cves: cve-2021-4104: investigated: false @@ -56937,10 +57488,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -56952,13 +57504,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore SPECTRA CV + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Kotlin cves: cve-2021-4104: investigated: false @@ -56966,10 +57518,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -56981,13 +57534,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore SPECTRA ST + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Ktor cves: cve-2021-4104: investigated: false @@ -56995,10 +57548,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -57010,13 +57564,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore SPIRIT ST + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: MPS cves: cve-2021-4104: investigated: false @@ -57024,10 +57578,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -57039,13 +57594,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: HistoCore SPRING ST + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Space cves: cve-2021-4104: investigated: false @@ -57053,10 +57608,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -57068,13 +57624,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica ASP300S + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: TeamCity cves: cve-2021-4104: investigated: false @@ -57082,10 +57638,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -57097,13 +57654,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://youtrack.jetbrains.com/issue/TW-74298 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica CV5030 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: ToolBox cves: cve-2021-4104: investigated: false @@ -57111,10 +57668,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -57126,13 +57684,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica ST4020 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: UpSource cves: cve-2021-4104: investigated: false @@ -57140,9 +57698,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2020.1.1952 unaffected_versions: [] cve-2021-45046: investigated: false @@ -57155,13 +57714,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica ST5010 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: YouTrack InCloud cves: cve-2021-4104: investigated: false @@ -57169,9 +57728,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Unknown unaffected_versions: [] cve-2021-45046: investigated: false @@ -57184,13 +57744,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica ST5020 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: YouTrack Standalone cves: cve-2021-4104: investigated: false @@ -57198,9 +57758,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2021.4.35970 unaffected_versions: [] cve-2021-45046: investigated: false @@ -57213,13 +57774,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: Leica TP1020 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JFROG + product: '' cves: cve-2021-4104: investigated: false @@ -57242,13 +57803,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: LIS Connect + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jitsi + product: '' cves: cve-2021-4104: investigated: false @@ -57271,13 +57832,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: PathDX + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jitterbit + product: '' cves: cve-2021-4104: investigated: false @@ -57300,13 +57861,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Leica BIOSYSTEMS - product: ThermoBrite Elite + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Johnson Controls + product: BCPro cves: cve-2021-4104: investigated: false @@ -57314,10 +57875,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -57329,13 +57891,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.leicabiosystems.com/about/product-security/ + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Lenovo - product: BIOS/UEFI + - vendor: Johnson Controls + product: CEM AC2000 cves: cve-2021-4104: investigated: false @@ -57343,10 +57905,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -57358,13 +57921,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Chassis Management Module 2 (CMM) + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CEM Hardware Products cves: cve-2021-4104: investigated: false @@ -57372,10 +57935,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -57387,13 +57951,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Commercial Vantage + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CloudVue Gateway cves: cve-2021-4104: investigated: false @@ -57401,10 +57965,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -57416,13 +57981,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Confluent + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: CloudVue Web cves: cve-2021-4104: investigated: false @@ -57430,10 +57995,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -57445,13 +58011,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: DSS-G + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: C•CURE‐9000 cves: cve-2021-4104: investigated: false @@ -57459,10 +58025,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2.90.x (all 2.90 versions) cve-2021-45046: investigated: false affected_versions: [] @@ -57474,13 +58041,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Embedded System Management Java-based KVM clients + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: C•CURE‐9000 cves: cve-2021-4104: investigated: false @@ -57488,10 +58055,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2.80.x (all 2.80 versions) cve-2021-45046: investigated: false affected_versions: [] @@ -57503,13 +58071,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Fan Power Controller (FPC) + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: C•CURE‐9000 cves: cve-2021-4104: investigated: false @@ -57517,10 +58085,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2.70 (All versions) cve-2021-45046: investigated: false affected_versions: [] @@ -57532,13 +58101,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Fan Power Controller2 (FPC2) + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: C•CURE‐9000 cves: cve-2021-4104: investigated: false @@ -57546,10 +58115,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2.60 (All versions) cve-2021-45046: investigated: false affected_versions: [] @@ -57561,13 +58131,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Integrated Management Module II (IMM2) + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: DLS cves: cve-2021-4104: investigated: false @@ -57575,10 +58145,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -57590,13 +58161,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: NetApp ONTAP Tools for VMware vSphere + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Entrapass cves: cve-2021-4104: investigated: false @@ -57604,10 +58175,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -57619,15 +58191,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: See [NetApp](https://security.netapp.com/advisory/ntap-20211210-0007/) - advisory. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: 'Network Switches running: Lenovo CNOS, Lenovo ENOS, IBM ENOS, or Brocade - FOS' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: exacqVision Client cves: cve-2021-4104: investigated: false @@ -57635,10 +58205,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -57650,13 +58221,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Storage Management utilities + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: exacqVision Server cves: cve-2021-4104: investigated: false @@ -57664,10 +58235,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -57679,13 +58251,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: System Management Module (SMM) + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: exacqVision WebService cves: cve-2021-4104: investigated: false @@ -57693,10 +58265,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -57708,13 +58281,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: System Management Module 2 (SMM2) + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Facility Explorer cves: cve-2021-4104: investigated: false @@ -57722,10 +58295,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 14.x cve-2021-45046: investigated: false affected_versions: [] @@ -57737,13 +58311,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: System Update + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Illustra Cameras cves: cve-2021-4104: investigated: false @@ -57751,10 +58325,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -57766,13 +58341,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Thin Installer + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Illustra Insight cves: cve-2021-4104: investigated: false @@ -57780,10 +58355,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -57795,13 +58371,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkAgile HX + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: iSTAR cves: cve-2021-4104: investigated: false @@ -57809,10 +58385,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -57824,15 +58401,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: Nutanix and VMware components only; hardware not affected. See [Nutanix](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) - and [VMWare](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) - advisories. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkAgile VX + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Metasys Products and Tools cves: cve-2021-4104: investigated: false @@ -57840,10 +58415,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -57855,14 +58431,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: VMware components only; hardware not affected. See [VMWare](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) - advisory. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkSystem 2x1x16 Digital KVM Switch - Type 1754D1T + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: PowerSeries NEO cves: cve-2021-4104: investigated: false @@ -57870,10 +58445,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -57885,13 +58461,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkSystem DE Series Storage + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: PowerSeries Pro cves: cve-2021-4104: investigated: false @@ -57899,10 +58475,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -57914,13 +58491,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: See also NetApp advisory. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkSystem DM Series Storage + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Qolsys IQ Panels cves: cve-2021-4104: investigated: false @@ -57928,10 +58505,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -57943,24 +58521,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 - notes: See also NetApp advisory. + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkSystem DS Series Storage - cves: - cve-2021-4104: + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Sur‐Gard Receivers + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -57972,13 +58551,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: ThinkSystem Manager (TSM) + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Tyco AI cves: cve-2021-4104: investigated: false @@ -57986,10 +58565,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -58001,13 +58581,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Update Retriever + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: victor cves: cve-2021-4104: investigated: false @@ -58015,10 +58595,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 5.x cve-2021-45046: investigated: false affected_versions: [] @@ -58030,13 +58611,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: Vantage + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: victor/ C•CURE‐9000 Unified cves: cve-2021-4104: investigated: false @@ -58044,10 +58625,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 cve-2021-45046: investigated: false affected_versions: [] @@ -58059,13 +58641,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Administrator (LXCA) + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: victor/ C•CURE‐9000 Unified cves: cve-2021-4104: investigated: false @@ -58073,10 +58655,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.91.x / victor 5.6.1 / C•CURE‐9000 2.90 cve-2021-45046: investigated: false affected_versions: [] @@ -58088,13 +58671,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Controller (XCC) + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: VideoEdge cves: cve-2021-4104: investigated: false @@ -58102,10 +58685,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 5.x cve-2021-45046: investigated: false affected_versions: [] @@ -58117,13 +58701,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Energy Manager (LXEM) + last_updated: '2021-12-21T00:00:00' + - vendor: Journyx + product: '' cves: cve-2021-4104: investigated: false @@ -58146,13 +58730,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228- notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Essentials (LXCE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: jPOS + product: (ISO-8583) bridge cves: cve-2021-4104: investigated: false @@ -58160,10 +58744,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -58175,13 +58760,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for Microsoft Azure Log Analytics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jump Desktop + product: '' cves: cve-2021-4104: investigated: false @@ -58204,13 +58789,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for Microsoft System Center + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: '' cves: cve-2021-4104: investigated: false @@ -58233,13 +58818,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for Nagios + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Justice Systems + product: '' cves: cve-2021-4104: investigated: false @@ -58262,13 +58847,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://www.justicesystems.com/services/support/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for ServiceNow + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: K15t + product: All cves: cve-2021-4104: investigated: false @@ -58291,13 +58876,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://help.k15t.com/k15t-apps-and-log4shell-193401141.html notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for VMware vCenter + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: K6 + product: All cves: cve-2021-4104: investigated: false @@ -58320,13 +58905,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Integrator (LXCI) for Windows Admin Center + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn SaaS in the classic Learn experience cves: cve-2021-4104: investigated: false @@ -58334,9 +58919,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v3900.28.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -58349,13 +58935,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Mobile (LXCM) + last_updated: '2021-12-23T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn Self- and Managed-Hosting cves: cve-2021-4104: investigated: false @@ -58363,9 +58949,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v3900.26.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -58378,13 +58965,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Orchestrator (LXCO) + last_updated: '2021-12-23T07:18:50+00:00' + - vendor: Karakun + product: All cves: cve-2021-4104: investigated: false @@ -58407,13 +58994,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://board.karakun.com/viewtopic.php?f=21&t=8351 notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Lenovo - product: XClarity Provisioning Manager (LXPM) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kaseya + product: AuthAnvil cves: cve-2021-4104: investigated: false @@ -58421,10 +59008,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58436,13 +59024,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.lenovo.com/ca/en/product_security/len-76573 + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: LeoStream - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: BMS cves: cve-2021-4104: investigated: false @@ -58450,10 +59038,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58465,13 +59054,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.leostream.com/support/discussions/topics/66000507567 + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Let's Encrypt - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: ID Agent DarkWeb ID and BullPhish ID cves: cve-2021-4104: investigated: false @@ -58479,10 +59068,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58494,13 +59084,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.letsencrypt.org/t/log4j-vulnerability-cve-2021-44228/167464 + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LibreNMS - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: IT Glue cves: cve-2021-4104: investigated: false @@ -58508,10 +59098,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58523,13 +59114,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.librenms.org/t/is-librenms-affected-by-vulnerable-to-cve-2021-25218-cve-2021-44228/17675/6 + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LifeRay - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: MyGlue cves: cve-2021-4104: investigated: false @@ -58537,10 +59128,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58552,13 +59144,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://liferay.dev/blogs/-/blogs/log4j2-zero-day-vulnerability + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LifeSize - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Network Glue cves: cve-2021-4104: investigated: false @@ -58566,10 +59158,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58581,13 +59174,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.lifesize.com/s/article/Apache-Log4j2-CVE-2021-44228 + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Lightbend - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Passly cves: cve-2021-4104: investigated: false @@ -58595,10 +59188,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58610,13 +59204,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275 + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Lime CRM - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: RocketCyber cves: cve-2021-4104: investigated: false @@ -58624,10 +59218,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58639,13 +59234,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.lime-crm.com/security/lcsec21-01 + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LIONGARD - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spannign Salesforce Backup cves: cve-2021-4104: investigated: false @@ -58653,10 +59248,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58668,13 +59264,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://insights.liongard.com/faq-apache-log4j-vulnerability + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LiquidFiles - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spanning O365 Backup cves: cve-2021-4104: investigated: false @@ -58682,10 +59278,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58697,13 +59294,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://mailchi.mp/liquidfiles/liquidfiles-log4j?e=%5BUNIQID%5D + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LiveAction - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Unitrends cves: cve-2021-4104: investigated: false @@ -58711,10 +59308,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58726,13 +59324,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://documentation.liveaction.com/LiveNX/LiveNX%2021.5.1%20Release%20Notes/Release%20Notes%20LiveNX%2021.5.1.1.3 + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Loftware - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Vorex cves: cve-2021-4104: investigated: false @@ -58740,10 +59338,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58755,13 +59354,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.loftware.com/lps-kb/content/log4j%20cve-2021-44228.htm?Highlight=CVE-2021-44228 + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LOGalyze - product: SIEM & log analyzer tool + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: VSA SaaS and VSA On-Premises cves: cve-2021-4104: investigated: false @@ -58770,10 +59369,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - v4.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58785,15 +59384,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sourceforge.net/software/product/LOGalyze/ - notes: 'local-log4j-vuln-scanner result: indicator for vulnerable component found - in /logalyze/lib/log4j-1.2.17.jar (org/apache/log4j/net/SocketNode.class): log4j - 1.2.17' + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' references: - - '[Forks (github.com)](https://github.com/search?q=logalyzer&s=updated&type=Repositories)' - last_updated: '2021-12-17T00:00:00' - - vendor: LogiAnalytics - product: '' + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: KeePass + product: All cves: cve-2021-4104: investigated: false @@ -58801,10 +59398,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -58816,13 +59414,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devnet.logianalytics.com/hc/en-us/articles/4415781801751-Statement-on-Log4j-Vulnerability-CVE-2021-44228- + - https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LogicMonitor - product: LogicMonitor Platform + - vendor: Keeper + product: All cves: cve-2021-4104: investigated: false @@ -58830,9 +59428,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -58845,13 +59444,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.logicmonitor.com/support/log4shell-security-vulnerability-cve-2021-44228 + - https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LogMeIn - product: '' + - vendor: Kemp + product: All cves: cve-2021-4104: investigated: false @@ -58874,13 +59473,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327 + - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit notes: '' references: - - '' + - '[Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-)' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LogRhythm - product: '' + - vendor: Keycloak + product: All cves: cve-2021-4104: investigated: false @@ -58888,10 +59487,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -58903,13 +59503,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.logrhythm.com/t5/Product-Security/LogRhythm-Response-to-the-Apache-Log4J-Vulnerability-Log4Shell/td-p/494068 + - https://github.com/keycloak/keycloak/discussions/9078 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Looker - product: Looker + - vendor: Kofax + product: Capture cves: cve-2021-4104: investigated: false @@ -58918,15 +59518,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '21.0' - - '21.6' - - '21.12' - - '21.16' - - '21.18' - - '21.20' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -58938,13 +59533,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.google.com/document/d/e/2PACX-1vQGN1AYNMHxsRQ9AZNu1bKyTGRUSK_9xkQBge-nu4p8PYvBKIYHhc3914KTfVtDFIXtDhc3k6SZnR2M/pub + - https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LucaNet - product: '' + - vendor: Kofax + product: Communication Manager cves: cve-2021-4104: investigated: false @@ -58952,9 +59547,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 5.3 - 5.5 unaffected_versions: [] cve-2021-45046: investigated: false @@ -58967,13 +59563,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.lucanet.com/en/blog/update-vulnerability-log4j + - https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Lucee - product: '' + - vendor: Kofax + product: Robot File System (RFS) cves: cve-2021-4104: investigated: false @@ -58981,9 +59577,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>=10.7' unaffected_versions: [] cve-2021-45046: investigated: false @@ -58996,13 +59593,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dev.lucee.org/t/lucee-is-not-affected-by-the-log4j-jndi-exploit-cve-2021-44228/9331/4 + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Lyrasis - product: Fedora Repository + - vendor: Kofax + product: Robotic Process Automation (RPA) cves: cve-2021-4104: investigated: false @@ -59012,12 +59609,10 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 3.x - - 4.x - - 5.x - - 6.x + fixed_versions: + - '11.1' + - '11.2' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59029,14 +59624,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://groups.google.com/g/fedora-tech/c/dQMQ5jaX8Xo - notes: Fedora Repository is unaffiliated with Fedora Linux. Uses logback and - explicitly excludes log4j. + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: MailStore - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Konica Minolta + product: All cves: cve-2021-4104: investigated: false @@ -59059,13 +59653,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mailstore.com/en/blog/mailstore-affected-by-log4shell/ + - https://www.konicaminolta.de/de-de/support/log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Maltego - product: '' + - vendor: Kronos UKG + product: All cves: cve-2021-4104: investigated: false @@ -59088,13 +59682,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.maltego.com/blog/our-response-to-log4j-cve-2021-44228/ + - https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ManageEngine - product: AD SelfService Plus + - vendor: Kyberna + product: All cves: cve-2021-4104: investigated: false @@ -59102,40 +59696,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Build 6.1 build 6114 - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' - references: - - '' - last_updated: '2021-12-27T00:00:00' - - vendor: ManageEngine - product: Servicedesk Plus - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 11305 and below - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59147,12 +59711,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.manageengine.com/products/service-desk/security-response-plan.html + - https://www.kyberna.com/detail/log4j-sicherheitsluecke notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: ManageEngine Zoho + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: L-Soft product: '' cves: cve-2021-4104: @@ -59176,13 +59740,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus + - http://www.lsoft.com/news/log4jinfo.asp notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ManageEngine Zoho - product: ADAudit Plus + - vendor: L3Harris Geospatial + product: '' cves: cve-2021-4104: investigated: false @@ -59205,13 +59769,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://www.l3harrisgeospatial.com/Support/Self-Help-Tools/Help-Articles/Help-Articles-Detail/ArtMID/10220/ArticleID/24141/Impact-of-Log4j-Java-Security-Vulnerability-CVE-2021-44228-on-L3Harris-Geospatial-software notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: ADManager Plus + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Lancom Systems + product: '' cves: cve-2021-4104: investigated: false @@ -59234,13 +59798,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://www.lancom-systems.com/service-support/instant-help/general-security-information/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: Analytics Plus + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Lansweeper + product: '' cves: cve-2021-4104: investigated: false @@ -59263,13 +59827,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://www.lansweeper.com/vulnerability/critical-log4j-vulnerability-affects-millions-of-applications/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: Cloud Security Plus + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Laserfiche + product: '' cves: cve-2021-4104: investigated: false @@ -59292,13 +59856,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://answers.laserfiche.com/questions/194037/Do-any-Laserfiche-products-use-the-Apache-log4j-library#194038 notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: DataSecurity Plus + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LastPass + product: '' cves: cve-2021-4104: investigated: false @@ -59321,13 +59885,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://support.logmeininc.com/lastpass/help/log4j-vulnerability-faq-for-lastpass-universal-proxy notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: EventLog Analyzer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LaunchDarkly + product: '' cves: cve-2021-4104: investigated: false @@ -59350,13 +59914,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://launchdarkly.com/blog/audit-shows-systems-unaffected-by-log4j/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: Exchange Reporter Plus + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Leanix + product: '' cves: cve-2021-4104: investigated: false @@ -59379,13 +59943,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://www.leanix.net/en/blog/log4j-vulnerability-log4shell notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: Log360 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio AT2 cves: cve-2021-4104: investigated: false @@ -59408,13 +59972,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: Log360 UEBA + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio AT2 DX cves: cve-2021-4104: investigated: false @@ -59437,13 +60001,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: M365 Manager Plus + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio CS2 cves: cve-2021-4104: investigated: false @@ -59466,13 +60030,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: M365 Security Plus + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio eSlide Manager cves: cve-2021-4104: investigated: false @@ -59495,13 +60059,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine Zoho - product: RecoveryManager Plus + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio GT 450 cves: cve-2021-4104: investigated: false @@ -59524,13 +60088,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: MariaDB - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio GT 450 DX cves: cve-2021-4104: investigated: false @@ -59553,13 +60117,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/ + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MathWorks - product: All MathWorks general release desktop or server products + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio ImageScope cves: cve-2021-4104: investigated: false @@ -59567,7 +60131,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -59582,13 +60146,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: MathWorks - product: MATLAB + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio ImageScope DX cves: cve-2021-4104: investigated: false @@ -59596,11 +60160,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59612,13 +60175,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Matillion - product: Matillion ETL + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio LV1 cves: cve-2021-4104: investigated: false @@ -59626,10 +60189,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 1.59.10+ + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -59642,13 +60204,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://documentation.matillion.com/docs/security-advisory-14th-december-2021 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-11-01T00:00:00' - - vendor: Matomo - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio SAM DX Server For GT 450 DX cves: cve-2021-4104: investigated: false @@ -59671,13 +60233,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.matomo.org/t/matomo-is-not-concerned-by-the-log4j-security-breach-cve-2021-44228-discovered-on-december-2021-the-9th/44089 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Mattermost FocalBoard - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio Scanner Administration Manager (SAM) Server for GT 450 cves: cve-2021-4104: investigated: false @@ -59700,13 +60262,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.mattermost.org/t/log4j-vulnerability-concern/12676 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: McAfee - product: Data Exchange Layer (DXL) Client + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio VERSA cves: cve-2021-4104: investigated: false @@ -59728,13 +60290,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Discover + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Aperio WebViewer DX cves: cve-2021-4104: investigated: false @@ -59756,13 +60319,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Endpoint for Mac + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: BOND Controller cves: cve-2021-4104: investigated: false @@ -59784,13 +60348,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Endpoint for Windows + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: BOND RX cves: cve-2021-4104: investigated: false @@ -59812,13 +60377,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Monitor + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: BOND RXm cves: cve-2021-4104: investigated: false @@ -59840,13 +60406,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Data Loss Prevention (DLP) Prevent + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: BOND-ADVANCE cves: cve-2021-4104: investigated: false @@ -59868,13 +60435,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Endpoint Security (ENS) for Linux + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: BOND-III cves: cve-2021-4104: investigated: false @@ -59896,13 +60464,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Endpoint Security (ENS) for Mac + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: BOND-MAX cves: cve-2021-4104: investigated: false @@ -59924,13 +60493,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Endpoint Security (ENS) for Windows + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: CEREBRO cves: cve-2021-4104: investigated: false @@ -59952,13 +60522,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Enterprise Security Manager (ESM) + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: CytoVision cves: cve-2021-4104: investigated: false @@ -59966,10 +60537,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 11.5.3 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -59982,13 +60552,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: ePolicy Orchestrator Agent Handlers (ePO-AH) + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: HistoCore PEARL cves: cve-2021-4104: investigated: false @@ -60010,13 +60580,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: ePolicy Orchestrator Application Server (ePO) + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: HistoCore PEGASUS cves: cve-2021-4104: investigated: false @@ -60024,10 +60595,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 5.10 CU11 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -60040,13 +60610,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Host Intrusion Prevention (Host IPS) + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: HistoCore SPECTRA CV cves: cve-2021-4104: investigated: false @@ -60068,13 +60638,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Management of Native Encryption (MNE) + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: HistoCore SPECTRA ST cves: cve-2021-4104: investigated: false @@ -60096,13 +60667,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Active Response (MAR) + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: HistoCore SPIRIT ST cves: cve-2021-4104: investigated: false @@ -60124,13 +60696,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Agent (MA) + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: HistoCore SPRING ST cves: cve-2021-4104: investigated: false @@ -60152,13 +60725,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Application and Change Control (MACC) for Linux + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica ASP300S cves: cve-2021-4104: investigated: false @@ -60180,13 +60754,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Application and Change Control (MACC) for Windows + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica CV5030 cves: cve-2021-4104: investigated: false @@ -60208,13 +60783,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Client Proxy (MCP) for Mac + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica ST4020 cves: cve-2021-4104: investigated: false @@ -60236,13 +60812,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Client Proxy (MCP) for Windows + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica ST5010 cves: cve-2021-4104: investigated: false @@ -60264,13 +60841,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Drive Encryption (MDE) + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica ST5020 cves: cve-2021-4104: investigated: false @@ -60292,13 +60870,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Security for Microsoft Exchange (MSME) + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: Leica TP1020 cves: cve-2021-4104: investigated: false @@ -60320,13 +60899,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Security for Microsoft Exchange (MSME) + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: LIS Connect cves: cve-2021-4104: investigated: false @@ -60348,13 +60928,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: McAfee Security for Microsoft SharePoint (MSMS) + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: PathDX cves: cve-2021-4104: investigated: false @@ -60376,13 +60957,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Network Security Manager (NSM) + last_updated: '2021-12-21T00:00:00' + - vendor: Leica BIOSYSTEMS + product: ThermoBrite Elite cves: cve-2021-4104: investigated: false @@ -60404,13 +60986,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.leicabiosystems.com/about/product-security/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Network Security Platform (NSP) + last_updated: '2021-12-21T00:00:00' + - vendor: Lenovo + product: BIOS/UEFI cves: cve-2021-4104: investigated: false @@ -60432,13 +61015,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Policy Auditor + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Chassis Management Module 2 (CMM) cves: cve-2021-4104: investigated: false @@ -60460,13 +61044,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Threat Intelligence Exchange (TIE) + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Commercial Vantage cves: cve-2021-4104: investigated: false @@ -60489,13 +61074,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 - notes: Latest status in linked Security Bulletin + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: McAfee - product: Web Gateway (MWG) + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Confluent cves: cve-2021-4104: investigated: false @@ -60518,13 +61103,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Medtronic - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: DSS-G cves: cve-2021-4104: investigated: false @@ -60547,13 +61132,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://global.medtronic.com/xg-en/product-security/security-bulletins/log4j-vulnerabilities.html + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: MEINBERG - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Embedded System Management Java-based KVM clients cves: cve-2021-4104: investigated: false @@ -60576,13 +61161,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MEINBERG - product: LANTIME and microSync + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Fan Power Controller (FPC) cves: cve-2021-4104: investigated: false @@ -60605,13 +61190,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Meltano - product: Meltano + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Fan Power Controller2 (FPC2) cves: cve-2021-4104: investigated: false @@ -60634,13 +61219,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/meltano/meltano - notes: Project is written in Python + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Memurai - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Integrated Management Module II (IMM2) cves: cve-2021-4104: investigated: false @@ -60663,13 +61248,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.memurai.com/blog/apache-log4j2-cve-2021-44228 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Micro Focus - product: Data Protector + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: NetApp ONTAP Tools for VMware vSphere cves: cve-2021-4104: investigated: false @@ -60677,19 +61262,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '10.20' - - '10.30' - - '10.40' - - '10.50' - - '10.60' - - '10.70' - - '10.80' - - '10.90' - - '10.91' - - '11.00' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -60702,13 +61277,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.microfocus.com/s/article/KM000003052 - notes: '' + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: See [NetApp](https://security.netapp.com/advisory/ntap-20211210-0007/) + advisory. references: - - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' - last_updated: '2021-12-13T00:00:00' - - vendor: Microsoft - product: Azure API Gateway + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: 'Network Switches running: Lenovo CNOS, Lenovo ENOS, IBM ENOS, or Brocade + FOS' cves: cve-2021-4104: investigated: false @@ -60731,13 +61308,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microsoft - product: Azure Application Gateway + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Storage Management utilities cves: cve-2021-4104: investigated: false @@ -60760,13 +61337,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microsoft - product: Azure Data lake store java + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: System Management Module (SMM) cves: cve-2021-4104: investigated: false @@ -60774,9 +61351,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 2.3.10 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60790,13 +61366,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microsoft - product: Azure Data lake store java + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: System Management Module 2 (SMM2) cves: cve-2021-4104: investigated: false @@ -60804,9 +61380,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 2.3.10 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60820,13 +61395,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microsoft - product: Azure DevOps + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: System Update cves: cve-2021-4104: investigated: false @@ -60849,13 +61424,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microsoft - product: Azure DevOps Server + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Thin Installer cves: cve-2021-4104: investigated: false @@ -60863,9 +61438,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 2019.0 - 2020.1 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60879,13 +61453,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microsoft - product: Azure Traffic Manager + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkAgile HX cves: cve-2021-4104: investigated: false @@ -60908,13 +61482,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ - notes: '' + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: Nutanix and VMware components only; hardware not affected. See [Nutanix](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) + and [VMWare](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) + advisories. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microsoft - product: Team Foundation Server + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkAgile VX cves: cve-2021-4104: investigated: false @@ -60922,9 +61498,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 2018.2+ + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60938,13 +61513,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 - notes: '' + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: VMware components only; hardware not affected. See [VMWare](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) + advisory. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Microstrategy - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkSystem 2x1x16 Digital KVM Switch - Type 1754D1T cves: cve-2021-4104: investigated: false @@ -60967,13 +61543,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Midori Global - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkSystem DE Series Storage cves: cve-2021-4104: investigated: false @@ -60996,13 +61572,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.midori-global.com/blog/2021/12/15/cve-2021-44228-log4shell-midori-apps-are-not-affected - notes: '' + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: See also NetApp advisory. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Mikrotik - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkSystem DM Series Storage cves: cve-2021-4104: investigated: false @@ -61025,13 +61601,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.mikrotik.com/viewtopic.php?p=897938 + - https://support.lenovo.com/ca/en/product_security/len-76573 + notes: See also NetApp advisory. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkSystem DS Series Storage + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Milestone sys - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: ThinkSystem Manager (TSM) cves: cve-2021-4104: investigated: false @@ -61054,13 +61659,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportcommunity.milestonesys.com/s/article/Log4J-vulnerability-faq?language=en_US + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Mimecast - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Update Retriever cves: cve-2021-4104: investigated: false @@ -61083,13 +61688,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.mimecast.com/s/article/Mimecast-Information-for-Customers-on-the-Log4Shell-Vulnerability + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Minecraft - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: Vantage cves: cve-2021-4104: investigated: false @@ -61112,13 +61717,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Mirantis - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Administrator (LXCA) cves: cve-2021-4104: investigated: false @@ -61141,13 +61746,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/Mirantis/security/blob/main/news/cve-2021-44288.md + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Miro - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Controller (XCC) cves: cve-2021-4104: investigated: false @@ -61170,13 +61775,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://miro.com/trust/updates/log4j/ + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Mitel - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Energy Manager (LXEM) cves: cve-2021-4104: investigated: false @@ -61199,13 +61804,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MMM Group - product: Control software of all MMM series + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Essentials (LXCE) cves: cve-2021-4104: investigated: false @@ -61228,13 +61833,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: MMM Group - product: RUMED360 Cycles, RUMED360 Cycles View, RUMED360 Sicon, RUMED360 ISA-Server + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for Microsoft Azure Log Analytics cves: cve-2021-4104: investigated: false @@ -61257,14 +61862,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: MongoDB - product: All other components of MongoDB Atlas (including Atlas Database, Data - Lake, Charts) + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for Microsoft System Center cves: cve-2021-4104: investigated: false @@ -61287,13 +61891,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MongoDB - product: MongoDB Atlas Search + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for Nagios cves: cve-2021-4104: investigated: false @@ -61316,14 +61920,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MongoDB - product: MongoDB Community Edition (including Community Server, Cloud Manager, - Community Kubernetes Operators) + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for ServiceNow cves: cve-2021-4104: investigated: false @@ -61346,13 +61949,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MongoDB - product: MongoDB Drivers + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for VMware vCenter cves: cve-2021-4104: investigated: false @@ -61375,14 +61978,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MongoDB - product: MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, - Enterprise Kubernetes Operators) + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Integrator (LXCI) for Windows Admin Center cves: cve-2021-4104: investigated: false @@ -61405,13 +62007,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MongoDB - product: MongoDB Realm (including Realm Database, Sync, Functions, APIs) + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Mobile (LXCM) cves: cve-2021-4104: investigated: false @@ -61434,14 +62036,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MongoDB - product: MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas - CLI, Database Connectors) + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Orchestrator (LXCO) cves: cve-2021-4104: investigated: false @@ -61464,13 +62065,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Moodle - product: '' + last_updated: '2021-12-14T00:00:00' + - vendor: Lenovo + product: XClarity Provisioning Manager (LXPM) cves: cve-2021-4104: investigated: false @@ -61493,12 +62094,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://moodle.org/mod/forum/discuss.php?d=429966 + - https://support.lenovo.com/ca/en/product_security/len-76573 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: MoogSoft + last_updated: '2021-12-14T00:00:00' + - vendor: LeoStream product: '' cves: cve-2021-4104: @@ -61522,12 +62123,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228 + - https://support.leostream.com/support/discussions/topics/66000507567 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Motorola Avigilon + - vendor: Let's Encrypt product: '' cves: cve-2021-4104: @@ -61551,44 +62152,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avigilon.com/s/article/Technical-Notification-Apache-Log4j2-vulnerability-impact-on-Avigilon-products-CVE-2021-44228?language=en_US + - https://community.letsencrypt.org/t/log4j-vulnerability-cve-2021-44228/167464 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Moxa - product: '' - cves: - cve-2021-4104: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability - notes: Moxa is investigating to determine if any of our products are affected - by this vulnerability. At the time of publication, none of Moxa's products are - affected. - references: - - '' - last_updated: '2022-01-19T00:00:00' - - vendor: Mulesoft + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LibreNMS product: '' cves: cve-2021-4104: @@ -61612,45 +62181,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://community.librenms.org/t/is-librenms-affected-by-vulnerable-to-cve-2021-25218-cve-2021-44228/17675/6 + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Mulesoft - product: Anypoint Studio - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 7.x - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to account holders only and has not been reviewed - by CISA. - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Mulesoft - product: Cloudhub + - vendor: LifeRay + product: '' cves: cve-2021-4104: investigated: false @@ -61673,14 +62210,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to account holders only and has not been reviewed - by CISA. + - https://liferay.dev/blogs/-/blogs/log4j2-zero-day-vulnerability + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Mulesoft - product: Mule Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LifeSize + product: '' cves: cve-2021-4104: investigated: false @@ -61688,43 +62224,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 6.x - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to account holders only and has not been reviewed - by CISA. - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Mulesoft - product: Mule Runtime - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 3.x - - 4.x - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61736,13 +62239,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 - notes: This advisory is available to account holders only and has not been reviewed - by CISA. + - https://community.lifesize.com/s/article/Apache-Log4j2-CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: N-able + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Lightbend product: '' cves: cve-2021-4104: @@ -61766,12 +62268,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability + - https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nagios + - vendor: Lime CRM product: '' cves: cve-2021-4104: @@ -61795,12 +62297,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/ + - https://docs.lime-crm.com/security/lcsec21-01 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: NAKIVO + - vendor: LIONGARD product: '' cves: cve-2021-4104: @@ -61824,59 +62326,24 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145 + - https://insights.liongard.com/faq-apache-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: National Instruments - product: OptimalPlus + - vendor: LiquidFiles + product: '' cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Vertica - - Cloudera - - Logstash - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html - notes: (Limited to deployments running Vertica, Cloudera, or Logstash) Contact - Technical Support - references: - - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Neo4j - product: Neo4j Graph Database - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - '>4.2' - - <4..2.12 - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -61887,13 +62354,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://mailchi.mp/liquidfiles/liquidfiles-log4j?e=%5BUNIQID%5D notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Netapp - product: Multiple NetApp products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LiveAction + product: '' cves: cve-2021-4104: investigated: false @@ -61916,12 +62384,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.netapp.com/advisory/ntap-20211210-0007/ + - https://documentation.liveaction.com/LiveNX/LiveNX%2021.5.1%20Release%20Notes/Release%20Notes%20LiveNX%2021.5.1.1.3 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Netcup + - vendor: Loftware product: '' cves: cve-2021-4104: @@ -61945,13 +62413,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/ + - https://help.loftware.com/lps-kb/content/log4j%20cve-2021-44228.htm?Highlight=CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: NetGate PFSense - product: '' + - vendor: LOGalyze + product: SIEM & log analyzer tool cves: cve-2021-4104: investigated: false @@ -61959,8 +62427,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v4.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -61974,12 +62443,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.netgate.com/topic/168417/java-log4j-vulnerability-is-pfsense-affected/35 - notes: '' + - https://sourceforge.net/software/product/LOGalyze/ + notes: 'local-log4j-vuln-scanner result: indicator for vulnerable component found + in /logalyze/lib/log4j-1.2.17.jar (org/apache/log4j/net/SocketNode.class): log4j + 1.2.17' references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Netwrix + - '[Forks (github.com)](https://github.com/search?q=logalyzer&s=updated&type=Repositories)' + last_updated: '2021-12-17T00:00:00' + - vendor: LogiAnalytics product: '' cves: cve-2021-4104: @@ -62003,13 +62474,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.netwrix.com/netwrix_statement_on_cve_2021_44228_the_apache_log4j_vulnerability.html + - https://devnet.logianalytics.com/hc/en-us/articles/4415781801751-Statement-on-Log4j-Vulnerability-CVE-2021-44228- notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: New Relic - product: Containerized Private Minion (CPM) + - vendor: LogicMonitor + product: LogicMonitor Platform cves: cve-2021-4104: investigated: false @@ -62017,10 +62488,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 3.0.57 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62033,14 +62503,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/ - notes: New Relic is in the process of revising guidance/documentation, however - the fix version remains sufficient. + - https://www.logicmonitor.com/support/log4shell-security-vulnerability-cve-2021-44228 + notes: '' references: - - '[Security Bulletin NR21-04](https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/)' - last_updated: '2021-12-18T00:00:00' - - vendor: New Relic - product: New Relic Java Agent + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LogMeIn + product: '' cves: cve-2021-4104: investigated: false @@ -62048,9 +62517,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <7.4.3 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -62064,13 +62532,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.newrelic.com/docs/release-notes/agent-release-notes/java-release-notes/java-agent-743/ - notes: Initially fixed in 7.4.2, but additional vulnerability found + - https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327 + notes: '' references: - - '[New Relic tracking](https://github.com/newrelic/newrelic-java-agent/issues/605), - covers CVE-2021-44228, CVE-2021-45046' - last_updated: '2021-12-20T00:00:00' - - vendor: NextCloud + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LogRhythm product: '' cves: cve-2021-4104: @@ -62094,13 +62561,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.nextcloud.com/t/apache-log4j-does-not-affect-nextcloud/129244 + - https://community.logrhythm.com/t5/Product-Security/LogRhythm-Response-to-the-Apache-Log4J-Vulnerability-Log4Shell/td-p/494068 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nextflow - product: Nextflow + - vendor: Looker + product: Looker cves: cve-2021-4104: investigated: false @@ -62109,10 +62576,15 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '21.0' + - '21.6' + - '21.12' + - '21.16' + - '21.18' + - '21.20' fixed_versions: [] - unaffected_versions: - - 21.04.0.5552 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62124,12 +62596,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.nextflow.io/docs/latest/index.html + - https://docs.google.com/document/d/e/2PACX-1vQGN1AYNMHxsRQ9AZNu1bKyTGRUSK_9xkQBge-nu4p8PYvBKIYHhc3914KTfVtDFIXtDhc3k6SZnR2M/pub notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Nexus Group + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: LucaNet product: '' cves: cve-2021-4104: @@ -62153,12 +62625,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://doc.nexusgroup.com/pages/viewpage.action?pageId=83133294 + - https://www.lucanet.com/en/blog/update-vulnerability-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Nice Software (AWS) EnginFRAME + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Lucee product: '' cves: cve-2021-4104: @@ -62182,13 +62654,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.enginframe.com/ + - https://dev.lucee.org/t/lucee-is-not-affected-by-the-log4j-jndi-exploit-cve-2021-44228/9331/4 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: NinjaRMM - product: '' + - vendor: Lyrasis + product: Fedora Repository cves: cve-2021-4104: investigated: false @@ -62196,10 +62668,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.x + - 4.x + - 5.x + - 6.x cve-2021-45046: investigated: false affected_versions: [] @@ -62211,13 +62687,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ninjarmm.zendesk.com/hc/en-us/articles/4416226194189-12-10-21-Security-Declaration-NinjaOne-not-affected-by-CVE-2021-44228-log4j- - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://groups.google.com/g/fedora-tech/c/dQMQ5jaX8Xo + notes: Fedora Repository is unaffiliated with Fedora Linux. Uses logback and + explicitly excludes log4j. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nomachine + last_updated: '2021-12-14T00:00:00' + - vendor: MailStore product: '' cves: cve-2021-4104: @@ -62241,12 +62717,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.nomachine.com/topic/apache-log4j-notification + - https://www.mailstore.com/en/blog/mailstore-affected-by-log4shell/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: NoviFlow + - vendor: Maltego product: '' cves: cve-2021-4104: @@ -62270,13 +62746,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://noviflow.com/noviflow-products-and-the-log4shell-exploit-cve-2021-44228/ + - https://www.maltego.com/blog/our-response-to-log4j-cve-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nulab - product: Backlog + - vendor: ManageEngine + product: AD SelfService Plus cves: cve-2021-4104: investigated: false @@ -62286,9 +62762,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - N/A (SaaS) - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - Build 6.1 build 6114 cve-2021-45046: investigated: false affected_versions: [] @@ -62299,14 +62775,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nulab - product: Backlog Enterprise (On-premises) + last_updated: '2021-12-27T00:00:00' + - vendor: ManageEngine + product: Servicedesk Plus cves: cve-2021-4104: investigated: false @@ -62315,9 +62790,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - < 1.11.7 + affected_versions: + - 11305 and below + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62330,13 +62805,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://www.manageengine.com/products/service-desk/security-response-plan.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nulab - product: Cacoo + last_updated: '2021-12-15T00:00:00' + - vendor: ManageEngine Zoho + product: '' cves: cve-2021-4104: investigated: false @@ -62344,10 +62819,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - N/A (SaaS) + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62360,13 +62834,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nulab - product: Cacoo Enterprise (On-premises) + - vendor: ManageEngine Zoho + product: ADAudit Plus cves: cve-2021-4104: investigated: false @@ -62374,10 +62848,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - < 4.0.4 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62390,13 +62863,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nulab - product: Typetalk + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: ADManager Plus cves: cve-2021-4104: investigated: false @@ -62404,10 +62877,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - N/A (SaaS) + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62420,13 +62892,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://nulab.com/blog/company-news/log4shell/ + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Nutanix - product: AHV + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: Analytics Plus cves: cve-2021-4104: investigated: false @@ -62434,11 +62906,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62450,13 +62921,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: AOS + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: Cloud Security Plus cves: cve-2021-4104: investigated: false @@ -62464,12 +62935,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - LTS (including Prism Element) - - Community Edition + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62481,13 +62950,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: AOS + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: DataSecurity Plus cves: cve-2021-4104: investigated: false @@ -62495,10 +62964,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - STS (including Prism Element) + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -62511,13 +62979,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Patched in 6.0.2.4, available on the Portal for download. + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Beam + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: EventLog Analyzer cves: cve-2021-4104: investigated: false @@ -62540,13 +63008,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: BeamGov + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: Exchange Reporter Plus cves: cve-2021-4104: investigated: false @@ -62569,13 +63037,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Calm + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: Log360 cves: cve-2021-4104: investigated: false @@ -62583,11 +63051,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62599,13 +63066,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Calm Tunnel VM + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: Log360 UEBA cves: cve-2021-4104: investigated: false @@ -62613,11 +63080,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62629,13 +63095,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Collector + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: M365 Manager Plus cves: cve-2021-4104: investigated: false @@ -62643,11 +63109,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62659,13 +63124,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Collector Portal + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: M365 Security Plus cves: cve-2021-4104: investigated: false @@ -62688,13 +63153,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Data Lens + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: RecoveryManager Plus cves: cve-2021-4104: investigated: false @@ -62717,13 +63182,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Era + last_updated: '2021-12-16T00:00:00' + - vendor: MariaDB + product: '' cves: cve-2021-4104: investigated: false @@ -62731,11 +63196,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62747,13 +63211,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: File Analytics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MathWorks + product: All MathWorks general release desktop or server products cves: cve-2021-4104: investigated: false @@ -62762,10 +63226,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.1.x - - 2.2.x - - 3.0+ + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -62779,14 +63240,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigated in version 3.0.1 which is available on the Portal for download. - Mitigation is available [here](https://portal.nutanix.com/kb/12499) + - https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Files + last_updated: '2022-01-18T00:00:00' + - vendor: MathWorks + product: MATLAB cves: cve-2021-4104: investigated: false @@ -62810,13 +63270,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Flow + last_updated: '2022-01-18T00:00:00' + - vendor: Matillion + product: Matillion ETL cves: cve-2021-4104: investigated: false @@ -62826,9 +63286,38 @@ software: cve-2021-44228: investigated: true affected_versions: [] + fixed_versions: + - 1.59.10+ + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://documentation.matillion.com/docs/security-advisory-14th-december-2021 + notes: '' + references: + - '' + last_updated: '2022-11-01T00:00:00' + - vendor: Matomo + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62840,13 +63329,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + - https://forum.matomo.org/t/matomo-is-not-concerned-by-the-log4j-security-breach-cve-2021-44228-discovered-on-december-2021-the-9th/44089 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Flow Security Cental + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Mattermost FocalBoard + product: '' cves: cve-2021-4104: investigated: false @@ -62869,13 +63358,41 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + - https://forum.mattermost.org/t/log4j-vulnerability-concern/12676 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: McAfee + product: Data Exchange Layer (DXL) Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Foundation + - vendor: McAfee + product: Data Loss Prevention (DLP) Discover cves: cve-2021-4104: investigated: false @@ -62883,11 +63400,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62898,14 +63414,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + vendor_links: [] notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Frame + - vendor: McAfee + product: Data Loss Prevention (DLP) Endpoint for Mac cves: cve-2021-4104: investigated: false @@ -62927,14 +63442,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + vendor_links: [] + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: FrameGov + - vendor: McAfee + product: Data Loss Prevention (DLP) Endpoint for Windows cves: cve-2021-4104: investigated: false @@ -62956,14 +63470,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + vendor_links: [] + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: FSCVM + - vendor: McAfee + product: Data Loss Prevention (DLP) Monitor cves: cve-2021-4104: investigated: false @@ -62971,11 +63484,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -62986,14 +63498,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + vendor_links: [] notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Insights + - vendor: McAfee + product: Data Loss Prevention (DLP) Prevent cves: cve-2021-4104: investigated: false @@ -63015,14 +63526,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + vendor_links: [] + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Karbon + - vendor: McAfee + product: Endpoint Security (ENS) for Linux cves: cve-2021-4104: investigated: false @@ -63030,9 +63540,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -63045,14 +63554,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12483) + vendor_links: [] + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Karbon Platform Service + - vendor: McAfee + product: Endpoint Security (ENS) for Mac cves: cve-2021-4104: investigated: false @@ -63074,44 +63582,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: LCM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + vendor_links: [] notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Leap + - vendor: McAfee + product: Endpoint Security (ENS) for Windows cves: cve-2021-4104: investigated: false @@ -63133,14 +63610,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + vendor_links: [] + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Mine + - vendor: McAfee + product: Enterprise Security Manager (ESM) cves: cve-2021-4104: investigated: false @@ -63149,9 +63625,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 11.5.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -63164,13 +63640,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12484) + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Move + - vendor: McAfee + product: ePolicy Orchestrator Agent Handlers (ePO-AH) cves: cve-2021-4104: investigated: false @@ -63178,11 +63654,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -63193,14 +63668,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + vendor_links: [] notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: MSP + - vendor: McAfee + product: ePolicy Orchestrator Application Server (ePO) cves: cve-2021-4104: investigated: false @@ -63209,9 +63683,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 5.10 CU11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -63224,13 +63698,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12482) + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: NCC + - vendor: McAfee + product: Host Intrusion Prevention (Host IPS) cves: cve-2021-4104: investigated: false @@ -63238,11 +63712,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -63253,14 +63726,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + vendor_links: [] notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: NGT + - vendor: McAfee + product: Management of Native Encryption (MNE) cves: cve-2021-4104: investigated: false @@ -63268,11 +63740,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -63283,14 +63754,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + vendor_links: [] notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Objects + - vendor: McAfee + product: McAfee Active Response (MAR) cves: cve-2021-4104: investigated: false @@ -63298,9 +63768,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -63313,14 +63782,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12482) + vendor_links: [] + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Prism Central + - vendor: McAfee + product: McAfee Agent (MA) cves: cve-2021-4104: investigated: false @@ -63328,10 +63796,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -63343,14 +63810,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Patched in 2021-9.0.3, available on the Portal for download. + vendor_links: [] + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Sizer + - vendor: McAfee + product: McAfee Application and Change Control (MACC) for Linux cves: cve-2021-4104: investigated: false @@ -63372,14 +63838,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + vendor_links: [] + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Volumes + - vendor: McAfee + product: McAfee Application and Change Control (MACC) for Windows cves: cve-2021-4104: investigated: false @@ -63387,11 +63852,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -63402,14 +63866,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + vendor_links: [] notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: Witness VM + - vendor: McAfee + product: McAfee Client Proxy (MCP) for Mac cves: cve-2021-4104: investigated: false @@ -63417,9 +63880,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -63432,14 +63894,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Mitigation is available [here](https://portal.nutanix.com/kb/12491) + vendor_links: [] + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Nutanix - product: X-Ray + - vendor: McAfee + product: McAfee Client Proxy (MCP) for Windows cves: cve-2021-4104: investigated: false @@ -63447,11 +63908,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -63462,14 +63922,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + vendor_links: [] notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Nvidia - product: '' + - vendor: McAfee + product: McAfee Drive Encryption (MDE) cves: cve-2021-4104: investigated: false @@ -63491,14 +63950,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://nvidia.custhelp.com/app/answers/detail/a_id/5294 + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: NXLog - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Security for Microsoft Exchange (MSME) cves: cve-2021-4104: investigated: false @@ -63520,14 +63978,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://nxlog.co/news/apache-log4j-vulnerability-cve-2021-44228 + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Objectif Lune - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Security for Microsoft Exchange (MSME) cves: cve-2021-4104: investigated: false @@ -63549,14 +64006,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://learn.objectiflune.com/blog/security/statement-on-log4j-vulnerability-cve-2021-4428/ + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OCLC - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: McAfee Security for Microsoft SharePoint (MSMS) cves: cve-2021-4104: investigated: false @@ -63578,14 +64034,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://oclc.service-now.com/status + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Octopus - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Network Security Manager (NSM) cves: cve-2021-4104: investigated: false @@ -63607,14 +64062,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://advisories.octopus.com/adv/December.2306508680.html + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Okta - product: Advanced Server Access + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Network Security Platform (NSP) cves: cve-2021-4104: investigated: false @@ -63636,14 +64090,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Access Gateway + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Policy Auditor cves: cve-2021-4104: investigated: false @@ -63665,14 +64118,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta AD Agent + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Threat Intelligence Exchange (TIE) cves: cve-2021-4104: investigated: false @@ -63695,13 +64147,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell - notes: '' + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + notes: Latest status in linked Security Bulletin references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Browser Plugin + last_updated: '2021-12-20T00:00:00' + - vendor: McAfee + product: Web Gateway (MWG) cves: cve-2021-4104: investigated: false @@ -63724,13 +64176,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta IWA Web Agent + last_updated: '2021-12-20T00:00:00' + - vendor: Medtronic + product: '' cves: cve-2021-4104: investigated: false @@ -63753,13 +64205,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://global.medtronic.com/xg-en/product-security/security-bulletins/log4j-vulnerabilities.html notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta LDAP Agent + last_updated: '2021-12-21T00:00:00' + - vendor: MEINBERG + product: '' cves: cve-2021-4104: investigated: false @@ -63782,13 +64234,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Mobile + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MEINBERG + product: LANTIME and microSync cves: cve-2021-4104: investigated: false @@ -63811,13 +64263,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta On-Prem MFA Agent + last_updated: '2022-01-05T00:00:00' + - vendor: Meltano + product: Meltano cves: cve-2021-4104: investigated: false @@ -63825,9 +64277,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 1.4.6 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -63841,13 +64292,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228 - notes: '' + - https://github.com/meltano/meltano + notes: Project is written in Python references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta RADIUS Server Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Memurai + product: '' cves: cve-2021-4104: investigated: false @@ -63855,9 +64306,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 2.17.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -63871,13 +64321,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228 + - https://www.memurai.com/blog/apache-log4j2-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Verify + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Micro Focus + product: Data Protector cves: cve-2021-4104: investigated: false @@ -63885,9 +64335,19 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '10.20' + - '10.30' + - '10.40' + - '10.50' + - '10.60' + - '10.70' + - '10.80' + - '10.90' + - '10.91' + - '11.00' unaffected_versions: [] cve-2021-45046: investigated: false @@ -63900,13 +64360,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://portal.microfocus.com/s/article/KM000003052 notes: '' references: - - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Okta - product: Okta Workflows + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + last_updated: '2021-12-13T00:00:00' + - vendor: Microsoft + product: Azure API Gateway cves: cve-2021-4104: investigated: false @@ -63929,13 +64389,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Onespan - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Azure Application Gateway cves: cve-2021-4104: investigated: false @@ -63958,13 +64418,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.onespan.com/remote-code-execution-vulnerability-in-log4j2-cve-2018-11776 + - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Opengear - product: '' + - vendor: Microsoft + product: Azure Data lake store java cves: cve-2021-4104: investigated: false @@ -63972,8 +64432,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - < 2.3.10 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -63987,13 +64448,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://opengear.zendesk.com/hc/en-us/articles/4412713339419-CVE-2021-44228-aka-Log4Shell-Opengear-products-are-not-affected + - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OpenMRS TALK - product: '' + - vendor: Microsoft + product: Azure Data lake store java cves: cve-2021-4104: investigated: false @@ -64001,8 +64462,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - < 2.3.10 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64016,13 +64478,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341 + - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OpenNMS - product: '' + - vendor: Microsoft + product: Azure DevOps cves: cve-2021-4104: investigated: false @@ -64045,13 +64507,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/ + - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OpenSearch - product: '' + - vendor: Microsoft + product: Azure DevOps Server cves: cve-2021-4104: investigated: false @@ -64059,8 +64521,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2019.0 - 2020.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64074,13 +64537,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950 + - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OpenText - product: '' + - vendor: Microsoft + product: Azure Traffic Manager cves: cve-2021-4104: investigated: false @@ -64103,13 +64566,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.opentext.com/support/log4j-remote-code-execution-advisory + - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Opto 22 - product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microsoft + product: Team Foundation Server cves: cve-2021-4104: investigated: false @@ -64119,9 +64582,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 4.3g - fixed_versions: - - 4.3g + - 2018.2+ + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -64134,13 +64596,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit - notes: The Log4j vulnerability affects all products running groov View software + - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 + notes: '' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Opto 22 - product: GROOV-AT1, GROOV-AT1-SNAP + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Microstrategy + product: '' cves: cve-2021-4104: investigated: false @@ -64148,11 +64610,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 4.3g - fixed_versions: - - 4.3g + investigated: false + affected_versions: [] + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -64165,13 +64625,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit - notes: The Log4j vulnerability affects all products running groov View software + - https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US + notes: '' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Opto 22 - product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Midori Global + product: '' cves: cve-2021-4104: investigated: false @@ -64179,11 +64639,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 4.3g - fixed_versions: - - 4.3g + investigated: false + affected_versions: [] + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -64196,13 +64654,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit - notes: The Log4j vulnerability affects all products running groov View software + - https://www.midori-global.com/blog/2021/12/15/cve-2021-44228-log4shell-midori-apps-are-not-affected + notes: '' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Opto 22 - product: GRV-EPIC-PR1, GRV-EPIC-PR2 + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Mikrotik + product: '' cves: cve-2021-4104: investigated: false @@ -64210,11 +64668,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 3.3.2 - fixed_versions: - - 3.3.2 + investigated: false + affected_versions: [] + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -64227,12 +64683,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit - notes: The Log4j vulnerability affects all products running groov View software + - https://forum.mikrotik.com/viewtopic.php?p=897938 + notes: '' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Oracle + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Milestone sys product: '' cves: cve-2021-4104: @@ -64256,14 +64712,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html - notes: The support document is available to customers only and has not been reviewed - by CISA + - https://supportcommunity.milestonesys.com/s/article/Log4J-vulnerability-faq?language=en_US + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Oracle - product: Enterprise Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Mimecast + product: '' cves: cve-2021-4104: investigated: false @@ -64271,10 +64726,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '13.5' - - 13.4 & 13.3.2 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64288,15 +64741,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html - notes: Patch status and other security guidance is restricted to Oracle account/support - members. The support document is available to customers only and has not been - reviewed by CISA. + - https://community.mimecast.com/s/article/Mimecast-Information-for-Customers-on-the-Log4Shell-Vulnerability + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Oracle - product: Exadata + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Minecraft + product: '' cves: cve-2021-4104: investigated: false @@ -64304,9 +64755,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <21.3.4 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64320,14 +64770,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html - notes: Patch status and other security guidance is restricted to Oracle account/support - members. The support document is available to customers only and has not been - reviewed by CISA. + - https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Orgavision + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Mirantis product: '' cves: cve-2021-4104: @@ -64351,13 +64799,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.orgavision.com/neuigkeiten/sicherheitsluecke-java-library-log4j + - https://github.com/Mirantis/security/blob/main/news/cve-2021-44288.md notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Osirium - product: PAM + - vendor: Miro + product: '' cves: cve-2021-4104: investigated: false @@ -64380,13 +64828,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.osirium.com/blog/apache-log4j-vulnerability + - https://miro.com/trust/updates/log4j/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Osirium - product: PEM + - vendor: Mitel + product: '' cves: cve-2021-4104: investigated: false @@ -64409,13 +64857,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.osirium.com/blog/apache-log4j-vulnerability + - https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Osirium - product: PPA + - vendor: MMM Group + product: Control software of all MMM series cves: cve-2021-4104: investigated: false @@ -64438,13 +64886,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.osirium.com/blog/apache-log4j-vulnerability + - https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OTRS - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: MMM Group + product: RUMED360 Cycles, RUMED360 Cycles View, RUMED360 Sicon, RUMED360 ISA-Server cves: cve-2021-4104: investigated: false @@ -64467,13 +64915,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.otrs.com/external + - https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OVHCloud - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: MongoDB + product: All other components of MongoDB Atlas (including Atlas Database, Data + Lake, Charts) cves: cve-2021-4104: investigated: false @@ -64496,13 +64945,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.ovhcloud.com/log4shell-how-to-protect-my-cloud-workloads/ + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OwnCloud - product: '' + - vendor: MongoDB + product: MongoDB Atlas Search cves: cve-2021-4104: investigated: false @@ -64525,13 +64974,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://central.owncloud.org/t/owncloud-not-directly-affected-by-log4j-vulnerability/35493 + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: OxygenXML - product: Author + - vendor: MongoDB + product: MongoDB Community Edition (including Community Server, Cloud Manager, + Community Kubernetes Operators) cves: cve-2021-4104: investigated: false @@ -64553,13 +65003,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Developer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Drivers cves: cve-2021-4104: investigated: false @@ -64581,13 +65032,15 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Editor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, + Enterprise Kubernetes Operators) cves: cve-2021-4104: investigated: false @@ -64609,13 +65062,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen Content Fusion + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Realm (including Realm Database, Sync, Functions, APIs) cves: cve-2021-4104: investigated: false @@ -64623,42 +65077,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '2.0' - - '3.0' - - '4.1' - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen Feedback Enterprise - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 1.4.4 & older - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -64669,13 +65091,15 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen License Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MongoDB + product: MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas + CLI, Database Connectors) cves: cve-2021-4104: investigated: false @@ -64683,9 +65107,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - v22.1 to v24.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64698,13 +65121,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen PDF Chemistry + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Moodle + product: '' cves: cve-2021-4104: investigated: false @@ -64712,12 +65136,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - v22.1 - - '23.0' - - '23.1' - - '24.0' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64730,13 +65150,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://moodle.org/mod/forum/discuss.php?d=429966 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Oxygen SDK + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: MoogSoft + product: '' cves: cve-2021-4104: investigated: false @@ -64758,13 +65179,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Plugins (see advisory link) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Motorola Avigilon + product: '' cves: cve-2021-4104: investigated: false @@ -64786,41 +65208,46 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://support.avigilon.com/s/article/Technical-Notification-Apache-Log4j2-vulnerability-impact-on-Avigilon-products-CVE-2021-44228?language=en_US + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Publishing Engine + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Moxa + product: '' cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability + notes: Moxa is investigating to determine if any of our products are affected + by this vulnerability. At the time of publication, none of Moxa's products are + affected. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: Web Author + last_updated: '2022-01-19T00:00:00' + - vendor: Mulesoft + product: '' cves: cve-2021-4104: investigated: false @@ -64842,13 +65269,15 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: OxygenXML - product: WebHelp + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Mulesoft + product: Anypoint Studio cves: cve-2021-4104: investigated: false @@ -64856,8 +65285,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 7.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -64870,13 +65300,15 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' + vendor_links: + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to account holders only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: PagerDuty - product: PagerDuty SaaS + last_updated: '2021-12-15T00:00:00' + - vendor: Mulesoft + product: Cloudhub cves: cve-2021-4104: investigated: false @@ -64899,16 +65331,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability - notes: We currently see no evidence of compromises on our platform. Our teams - continue to monitor for new developments and for impacts on sub-processors and - dependent systems. PagerDuty SaaS customers do not need to take any additional - action for their PagerDuty SaaS environment + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to account holders only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Palantir - product: Palantir AI Inference Platform (AIP) + last_updated: '2021-12-15T00:00:00' + - vendor: Mulesoft + product: Mule Agent cves: cve-2021-4104: investigated: false @@ -64917,9 +65347,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - All + affected_versions: + - 6.x + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -64932,14 +65362,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.palantir.com/security-advisories/log4j-vulnerability/ - notes: Fully remediated as of 1.97.0. Disconnected customer instances may require - manual updates. + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to account holders only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Palantir - product: Palantir Apollo + last_updated: '2021-12-15T00:00:00' + - vendor: Mulesoft + product: Mule Runtime cves: cve-2021-4104: investigated: false @@ -64948,10 +65378,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 3.x + - 4.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -64963,13 +65394,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.palantir.com/security-advisories/log4j-vulnerability/ - notes: No impact, and updates have been deployed for full remediation. + - https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 + notes: This advisory is available to account holders only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Palantir - product: Palantir Foundry + last_updated: '2021-12-15T00:00:00' + - vendor: N-able + product: '' cves: cve-2021-4104: investigated: false @@ -64977,10 +65409,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -64993,15 +65424,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.palantir.com/security-advisories/log4j-vulnerability/ - notes: No impact to Palantir-hosted or Apollo-connected instances, and updates - have been deployed for full remediation. Disconnected customer instances may - require manual updates. + - https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Palantir - product: Palantir Gotham + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nagios + product: '' cves: cve-2021-4104: investigated: false @@ -65009,10 +65438,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -65025,15 +65453,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.palantir.com/security-advisories/log4j-vulnerability/ - notes: No impact to Palantir-hosted or Apollo-connected instances, and updates - have been deployed for full remediation. Disconnected customer instances may - require manual updates. + - https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/ + notes: '' references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Palo-Alto Networks - product: Bridgecrew + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: NAKIVO + product: '' cves: cve-2021-4104: investigated: false @@ -65056,42 +65482,46 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: CloudGenix + - vendor: National Instruments + product: OptimalPlus cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Vertica + - Cloudera + - Logstash fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 - notes: '' + - https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html + notes: (Limited to deployments running Vertica, Cloudera, or Logstash) Contact + Technical Support references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Cortex Data Lake + last_updated: '2022-01-05T00:00:00' + - vendor: Neo4j + product: Neo4j Graph Database cves: cve-2021-4104: investigated: false @@ -65099,8 +65529,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '>4.2' + - <4..2.12 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65113,14 +65545,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Cortex XDR Agent + last_updated: '2021-12-13T00:00:00' + - vendor: Netapp + product: Multiple NetApp products cves: cve-2021-4104: investigated: false @@ -65143,13 +65574,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://security.netapp.com/advisory/ntap-20211210-0007/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Cortex Xpanse + - vendor: Netcup + product: '' cves: cve-2021-4104: investigated: false @@ -65172,13 +65603,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Cortex XSOAR + - vendor: NetGate PFSense + product: '' cves: cve-2021-4104: investigated: false @@ -65201,13 +65632,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://forum.netgate.com/topic/168417/java-log4j-vulnerability-is-pfsense-affected/35 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Expedition + - vendor: Netwrix + product: '' cves: cve-2021-4104: investigated: false @@ -65230,13 +65661,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://www.netwrix.com/netwrix_statement_on_cve_2021_44228_the_apache_log4j_vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: GlobalProtect App + - vendor: New Relic + product: Containerized Private Minion (CPM) cves: cve-2021-4104: investigated: false @@ -65244,9 +65675,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.0.57 unaffected_versions: [] cve-2021-45046: investigated: false @@ -65259,13 +65691,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 - notes: '' + - https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/ + notes: New Relic is in the process of revising guidance/documentation, however + the fix version remains sufficient. references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: IoT Security + - '[Security Bulletin NR21-04](https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/)' + last_updated: '2021-12-18T00:00:00' + - vendor: New Relic + product: New Relic Java Agent cves: cve-2021-4104: investigated: false @@ -65273,8 +65706,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <7.4.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65288,13 +65722,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 - notes: '' + - https://docs.newrelic.com/docs/release-notes/agent-release-notes/java-release-notes/java-agent-743/ + notes: Initially fixed in 7.4.2, but additional vulnerability found references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Okyo Grade + - '[New Relic tracking](https://github.com/newrelic/newrelic-java-agent/issues/605), + covers CVE-2021-44228, CVE-2021-45046' + last_updated: '2021-12-20T00:00:00' + - vendor: NextCloud + product: '' cves: cve-2021-4104: investigated: false @@ -65317,13 +65752,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://help.nextcloud.com/t/apache-log4j-does-not-affect-nextcloud/129244 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Palo-Alto Networks-OS for Firewall and Wildfire + - vendor: Nextflow + product: Nextflow cves: cve-2021-4104: investigated: false @@ -65331,10 +65766,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 21.04.0.5552 cve-2021-45046: investigated: false affected_versions: [] @@ -65346,13 +65782,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://www.nextflow.io/docs/latest/index.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Palo-Alto Networks-OS for Panorama + last_updated: '2021-12-21T00:00:00' + - vendor: Nexus Group + product: '' cves: cve-2021-4104: investigated: false @@ -65360,11 +65796,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '9.0' - - '9.1' - - '10.0' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65378,15 +65811,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://doc.nexusgroup.com/pages/viewpage.action?pageId=83133294 notes: '' references: - - Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will - be updated when hot fixes for the affected Panorama versions are available. - PAN-OS for Panorama versions 8.1, 10.1 are not affected. - last_updated: '2021-12-15T00:00:00' - - vendor: Palo-Alto Networks - product: Prisma Access + - '' + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Nice Software (AWS) EnginFRAME + product: '' cves: cve-2021-4104: investigated: false @@ -65409,13 +65840,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://download.enginframe.com/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Prisma Cloud + - vendor: NinjaRMM + product: '' cves: cve-2021-4104: investigated: false @@ -65438,13 +65869,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 - notes: '' + - https://ninjarmm.zendesk.com/hc/en-us/articles/4416226194189-12-10-21-Security-Declaration-NinjaOne-not-affected-by-CVE-2021-44228-log4j- + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: Prisma Cloud Compute + - vendor: Nomachine + product: '' cves: cve-2021-4104: investigated: false @@ -65467,13 +65899,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://forums.nomachine.com/topic/apache-log4j-notification notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: SaaS Security + - vendor: NoviFlow + product: '' cves: cve-2021-4104: investigated: false @@ -65496,13 +65928,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://noviflow.com/noviflow-products-and-the-log4shell-exploit-cve-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: User-ID Agent + - vendor: Nulab + product: Backlog cves: cve-2021-4104: investigated: false @@ -65510,9 +65942,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - N/A (SaaS) unaffected_versions: [] cve-2021-45046: investigated: false @@ -65525,13 +65958,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://nulab.com/blog/company-news/log4shell/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: WildFire Appliance + - vendor: Nulab + product: Backlog Enterprise (On-premises) cves: cve-2021-4104: investigated: false @@ -65539,9 +65972,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 1.11.7 unaffected_versions: [] cve-2021-45046: investigated: false @@ -65554,13 +65988,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://nulab.com/blog/company-news/log4shell/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Palo-Alto Networks - product: WildFire Cloud + - vendor: Nulab + product: Cacoo cves: cve-2021-4104: investigated: false @@ -65568,9 +66002,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - N/A (SaaS) unaffected_versions: [] cve-2021-45046: investigated: false @@ -65583,76 +66018,76 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security.paloaltonetworks.com/CVE-2021-44228 + - https://nulab.com/blog/company-news/log4shell/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Panasonic - product: KX-HDV100 + - vendor: Nulab + product: Cacoo Enterprise (On-premises) cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - < 4.0.4 + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://nulab.com/blog/company-news/log4shell/ notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-HDV130 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nulab + product: Typetalk cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - N/A (SaaS) + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://nulab.com/blog/company-news/log4shell/ notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-HDV230 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Nutanix + product: AHV cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -65663,26 +66098,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-HDV330 + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: AOS cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -65691,118 +66126,117 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - LTS (including Prism Element) + - Community Edition cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-HDV340 + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: AOS cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - STS (including Prism Element) + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Patched in 6.0.2.4, available on the Portal for download. references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-HDV430 + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Beam cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-HDV800 + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: BeamGov cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-TGP500 + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Calm cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -65813,26 +66247,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-TGP550 + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Calm Tunnel VM cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -65843,26 +66277,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-TGP600 + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Collector cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -65873,86 +66307,84 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-TGP700 + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Collector Portal cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-UDS124 + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Data Lens cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-UT113 + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Era cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -65963,56 +66395,59 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-UT123 + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: File Analytics cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.1.x + - 2.2.x + - 3.0+ fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigated in version 3.0.1 which is available on the Portal for download. + Mitigation is available [here](https://portal.nutanix.com/kb/12499) references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-UT133 + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Files cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -66023,26 +66458,26 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-UT136 + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Flow cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -66053,56 +66488,55 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-UT248 + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Flow Security Cental cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panasonic - product: KX-UT670 + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Foundation cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -66113,23 +66547,23 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2022-01-20T00:00:00' - - vendor: Panopto - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Frame cves: cve-2021-4104: investigated: false @@ -66152,13 +66586,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.panopto.com/s/article/Panopto-Statement-on-the-Log4j2-Zero-Day-Vulnerability - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PaperCut - product: PaperCut MF + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: FrameGov cves: cve-2021-4104: investigated: false @@ -66166,9 +66600,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 21.0 and later + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66182,15 +66615,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.papercut.com/support/known-issues/?id=PO-684#ng - notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted - by this. Workaround manual steps available in reference. Upgrade to PaperCut - NG/MF version 21.2.3 Now Available to resolve. + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: PaperCut - product: PaperCut NG + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: FSCVM cves: cve-2021-4104: investigated: false @@ -66199,10 +66630,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 21.0 and later + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -66214,15 +66645,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.papercut.com/support/known-issues/?id=PO-684#ng - notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted - by this. Workaround manual steps available in reference. Upgrade to PaperCut - NG/MF version 21.2.3 Now Available to resolve. + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Parallels - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Insights cves: cve-2021-4104: investigated: false @@ -66245,13 +66674,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.parallels.com/en/128696 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Parse.ly - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Karbon cves: cve-2021-4104: investigated: false @@ -66259,8 +66688,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66274,13 +66704,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.parse.ly/parse-ly-log4shell/ - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12483) references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PBXMonitor - product: RMM for 3CX PBX + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Karbon Platform Service cves: cve-2021-4104: investigated: false @@ -66303,14 +66733,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.pbxmonitor.net/changelog.php - notes: Mirror Servers were also checked to ensure Log4J was not installed or being - used by any of our systems. + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Pega - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: LCM cves: cve-2021-4104: investigated: false @@ -66318,10 +66747,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -66333,13 +66763,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pentaho - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Leap cves: cve-2021-4104: investigated: false @@ -66362,13 +66792,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho- - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pepperl+Fuchs - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Mine cves: cve-2021-4104: investigated: false @@ -66376,8 +66806,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66391,13 +66822,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.pepperl-fuchs.com/global/en/29079.htm - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12484) references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Percona - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Move cves: cve-2021-4104: investigated: false @@ -66405,10 +66836,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -66420,13 +66852,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.percona.com/blog/log4jshell-vulnerability-update/ + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pexip - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: MSP cves: cve-2021-4104: investigated: false @@ -66434,8 +66866,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66449,13 +66882,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12482) references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Phenix Id - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: NCC cves: cve-2021-4104: investigated: false @@ -66463,10 +66896,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -66478,13 +66912,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.phenixid.se/uncategorized/log4j-fix/ + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Philips - product: Multiple products + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: NGT cves: cve-2021-4104: investigated: false @@ -66492,10 +66926,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -66507,13 +66942,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.philips.com/a-w/security/security-advisories.html + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PHOENIX CONTACT - product: Cloud Services + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Objects cves: cve-2021-4104: investigated: false @@ -66521,8 +66956,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66536,13 +66972,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf - notes: Partly affected. Remediations are being implemented. + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12482) references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: PHOENIX CONTACT - product: Physical products containing firmware + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Prism Central cves: cve-2021-4104: investigated: false @@ -66550,9 +66986,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -66565,13 +67002,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Patched in 2021-9.0.3, available on the Portal for download. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: PHOENIX CONTACT - product: Software Products + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Sizer cves: cve-2021-4104: investigated: false @@ -66594,13 +67031,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Saas-Based Procuct. See Advisory. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Ping Identity - product: PingAccess + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Volumes cves: cve-2021-4104: investigated: false @@ -66609,10 +67046,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.0 <= version <= 6.3.2 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -66624,13 +67061,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Ping Identity - product: PingCentral + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: Witness VM cves: cve-2021-4104: investigated: false @@ -66638,8 +67075,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66653,13 +67091,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 - notes: '' + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf + notes: Mitigation is available [here](https://portal.nutanix.com/kb/12491) references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Ping Identity - product: PingFederate + last_updated: '2021-12-20T00:00:00' + - vendor: Nutanix + product: X-Ray cves: cve-2021-4104: investigated: false @@ -66668,10 +67106,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.0 <= version <= 10.3.4 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -66683,13 +67121,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Ping Identity - product: PingFederate Java Integration Kit + last_updated: '2021-12-20T00:00:00' + - vendor: Nvidia + product: '' cves: cve-2021-4104: investigated: false @@ -66697,9 +67135,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 2.7.2 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66713,13 +67150,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + - https://nvidia.custhelp.com/app/answers/detail/a_id/5294 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Ping Identity - product: PingFederate OAuth Playground + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: NXLog + product: '' cves: cve-2021-4104: investigated: false @@ -66727,9 +67164,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 4.3.1 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66743,13 +67179,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + - https://nxlog.co/news/apache-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Ping Identity - product: PingIntelligence + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Objectif Lune + product: '' cves: cve-2021-4104: investigated: false @@ -66772,12 +67208,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + - https://learn.objectiflune.com/blog/security/statement-on-log4j-vulnerability-cve-2021-4428/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Pitney Bowes + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OCLC product: '' cves: cve-2021-4104: @@ -66801,12 +67237,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html + - https://oclc.service-now.com/status notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Planmeca + - vendor: Octopus product: '' cves: cve-2021-4104: @@ -66830,13 +67266,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.planmeca.com/apache-log4j-vulnerability-in-planmeca-products/ + - https://advisories.octopus.com/adv/December.2306508680.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Planon Software - product: '' + - vendor: Okta + product: Advanced Server Access cves: cve-2021-4104: investigated: false @@ -66859,14 +67295,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/ - notes: This advisory is available for customers only and has not been reviewed - by CISA + - https://sec.okta.com/articles/2021/12/log4shell + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Platform.SH - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Access Gateway cves: cve-2021-4104: investigated: false @@ -66889,13 +67324,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://platform.sh/blog/2021/platformsh-protects-from-apache-log4j/ + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Plesk - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta AD Agent cves: cve-2021-4104: investigated: false @@ -66918,13 +67353,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Plex - product: Plex Industrial IoT + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Browser Plugin cves: cve-2021-4104: investigated: false @@ -66947,14 +67382,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: The product has been updated to Log4j version 2.15. An additional patch - is being developed to update to 2.16. No user interaction is required. + - https://sec.okta.com/articles/2021/12/log4shell + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Polycom - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta IWA Web Agent cves: cve-2021-4104: investigated: false @@ -66977,13 +67411,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Portainer - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta LDAP Agent cves: cve-2021-4104: investigated: false @@ -67006,13 +67440,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.portainer.io/blog/portainer-statement-re-log4j-cve-2021-44228 + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PortSwigger - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Mobile cves: cve-2021-4104: investigated: false @@ -67035,13 +67469,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0 + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PostGreSQL - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta On-Prem MFA Agent cves: cve-2021-4104: investigated: false @@ -67049,10 +67483,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - < 1.4.6 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta RADIUS Server Agent + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 2.17.0 + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -67064,13 +67529,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/ + - https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Postman - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Verify cves: cve-2021-4104: investigated: false @@ -67093,13 +67558,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.postman.com/hc/en-us/articles/4415791933335-Is-Postman-impacted-by-the-Log4j-vulnerability-CVE-2021-44228- + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Power Admin LLC - product: PA File Sight + last_updated: '2021-12-12T00:00:00' + - vendor: Okta + product: Okta Workflows cves: cve-2021-4104: investigated: false @@ -67107,11 +67572,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - NONE + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -67122,13 +67586,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Power Admin LLC - product: PA Server Monitor + last_updated: '2021-12-12T00:00:00' + - vendor: Onespan + product: '' cves: cve-2021-4104: investigated: false @@ -67136,11 +67601,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - NONE + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -67151,13 +67615,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.onespan.com/remote-code-execution-vulnerability-in-log4j2-cve-2018-11776 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Power Admin LLC - product: PA Storage Monitor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Opengear + product: '' cves: cve-2021-4104: investigated: false @@ -67165,11 +67630,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - NONE + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -67180,12 +67644,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://opengear.zendesk.com/hc/en-us/articles/4412713339419-CVE-2021-44228-aka-Log4Shell-Opengear-products-are-not-affected notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Pretix + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: OpenMRS TALK product: '' cves: cve-2021-4104: @@ -67209,12 +67674,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pretix.eu/about/de/blog/20211213-log4j/ + - https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PrimeKey + - vendor: OpenNMS product: '' cves: cve-2021-4104: @@ -67238,12 +67703,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228 + - https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Progress / IpSwitch + - vendor: OpenSearch product: '' cves: cve-2021-4104: @@ -67267,12 +67732,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.progress.com/security + - https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ProofPoint + - vendor: OpenText product: '' cves: cve-2021-4104: @@ -67296,14 +67761,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2 - notes: This advisory is available for customers only and has not been reviewed - by CISA + - https://www.opentext.com/support/log4j-remote-code-execution-advisory + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ProSeS - product: '' + last_updated: '2021-12-23T00:00:00' + - vendor: Opto 22 + product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP cves: cve-2021-4104: investigated: false @@ -67311,10 +67775,43 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GROOV-AT1, GROOV-AT1-SNAP + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -67326,13 +67823,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.proses.de/en/2021/12/16/log4shell-cve-2021-44228/ - notes: '' + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Prosys - product: '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP cves: cve-2021-4104: investigated: false @@ -67340,10 +67837,43 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - < 4.3g + fixed_versions: + - 4.3g + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Opto 22 + product: GRV-EPIC-PR1, GRV-EPIC-PR2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 3.3.2 + fixed_versions: + - 3.3.2 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -67355,12 +67885,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://prosysopc.com/news/important-security-release/ - notes: '' + - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit + notes: The Log4j vulnerability affects all products running groov View software references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Proxmox + last_updated: '2022-01-13T00:00:00' + - vendor: Oracle product: '' cves: cve-2021-4104: @@ -67384,42 +67914,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PRTG Paessler - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228 - notes: '' + - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html + notes: The support document is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PTC - product: Axeda Platform + last_updated: '2021-12-17T00:00:00' + - vendor: Oracle + product: Enterprise Manager cves: cve-2021-4104: investigated: false @@ -67429,7 +67931,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 6.9.2 + - '13.5' + - 13.4 & 13.3.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67443,13 +67946,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ptc.com/en/support/article/CS358990 - notes: '' + - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html + notes: Patch status and other security guidance is restricted to Oracle account/support + members. The support document is available to customers only and has not been + reviewed by CISA. references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: PTC - product: ThingsWorx Analytics + - vendor: Oracle + product: Exadata cves: cve-2021-4104: investigated: false @@ -67459,11 +67964,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '8.5' - - '9.0' - - '9.1' - - '9.2' - - All supported versions + - <21.3.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67477,13 +67978,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ptc.com/en/support/article/CS358901 - notes: '' + - https://www.oracle.com/security-alerts/alert-cve-2021-44228.html + notes: Patch status and other security guidance is restricted to Oracle account/support + members. The support document is available to customers only and has not been + reviewed by CISA. references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: PTC - product: ThingsWorx Platform + - vendor: Orgavision + product: '' cves: cve-2021-4104: investigated: false @@ -67491,13 +67994,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '8.5' - - '9.0' - - '9.1' - - '9.2' - - All supported versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67511,13 +68009,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ptc.com/en/support/article/CS358901 + - https://www.orgavision.com/neuigkeiten/sicherheitsluecke-java-library-log4j notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: PTV Group - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Osirium + product: PAM cves: cve-2021-4104: investigated: false @@ -67540,13 +68038,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + - https://www.osirium.com/blog/apache-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Ivanti Connect Secure (ICS) + - vendor: Osirium + product: PEM cves: cve-2021-4104: investigated: false @@ -67569,13 +68067,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://www.osirium.com/blog/apache-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Ivanti Neurons for secure Access + - vendor: Osirium + product: PPA cves: cve-2021-4104: investigated: false @@ -67598,13 +68096,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://www.osirium.com/blog/apache-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Ivanti Neurons for secure Access + - vendor: OTRS + product: '' cves: cve-2021-4104: investigated: false @@ -67627,13 +68125,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://portal.otrs.com/external notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Ivanti Neurons for ZTA + - vendor: OVHCloud + product: '' cves: cve-2021-4104: investigated: false @@ -67656,13 +68154,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://blog.ovhcloud.com/log4shell-how-to-protect-my-cloud-workloads/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Ivanti Neurons for ZTA + - vendor: OwnCloud + product: '' cves: cve-2021-4104: investigated: false @@ -67685,13 +68183,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://central.owncloud.org/t/owncloud-not-directly-affected-by-log4j-vulnerability/35493 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse Connect Secure + - vendor: OxygenXML + product: Author cves: cve-2021-4104: investigated: false @@ -67713,14 +68211,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse Desktop Client + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Developer cves: cve-2021-4104: investigated: false @@ -67742,14 +68239,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse Mobile Client + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Editor cves: cve-2021-4104: investigated: false @@ -67771,14 +68267,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse One + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen Content Fusion cves: cve-2021-4104: investigated: false @@ -67786,8 +68281,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '2.0' + - '3.0' + - '4.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67800,14 +68298,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse Policy Secure + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen Feedback Enterprise cves: cve-2021-4104: investigated: false @@ -67815,8 +68312,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.4.4 & older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67829,14 +68327,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse Secure Services Director + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen License Server cves: cve-2021-4104: investigated: false @@ -67844,8 +68341,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v22.1 to v24.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67858,14 +68356,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse Secure Virtual Traffic Manager + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen PDF Chemistry cves: cve-2021-4104: investigated: false @@ -67873,8 +68370,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v22.1 + - '23.0' + - '23.1' + - '24.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67887,14 +68388,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse Secure Web Application Firewall + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Oxygen SDK cves: cve-2021-4104: investigated: false @@ -67916,14 +68416,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse ZTA + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Plugins (see advisory link) cves: cve-2021-4104: investigated: false @@ -67945,14 +68444,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Puppet - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Publishing Engine cves: cve-2021-4104: investigated: false @@ -67974,14 +68472,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ - notes: '' + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pure Storage - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: Web Author cves: cve-2021-4104: investigated: false @@ -68003,15 +68500,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22) - notes: This advisory is available for customers only and has not been reviewed - by CISA + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pure Storage - product: Cloud Blockstore + last_updated: '2021-12-17T00:00:00' + - vendor: OxygenXML + product: WebHelp cves: cve-2021-4104: investigated: false @@ -68019,10 +68514,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - CBS6.1.x - - CBS6.2.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68035,14 +68528,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: Patch expected 12/27/2021 + vendor_links: [] + notes: '[https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html)' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Pure Storage - product: Flash Array + last_updated: '2021-12-17T00:00:00' + - vendor: PagerDuty + product: PagerDuty SaaS cves: cve-2021-4104: investigated: false @@ -68050,12 +68542,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 5.3.x - - 6.0.x - - 6.1.x - - 6.2.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68069,13 +68557,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: Patch expected 12/20/2021 + - https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability + notes: We currently see no evidence of compromises on our platform. Our teams + continue to monitor for new developments and for impacts on sub-processors and + dependent systems. PagerDuty SaaS customers do not need to take any additional + action for their PagerDuty SaaS environment references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Pure Storage - product: FlashBlade + last_updated: '2021-12-21T00:00:00' + - vendor: Palantir + product: Palantir AI Inference Platform (AIP) cves: cve-2021-4104: investigated: false @@ -68084,11 +68575,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.1.x - - 3.2.x - - 3.3.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -68101,13 +68590,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: Patch expected 12/24/2021 + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: Fully remediated as of 1.97.0. Disconnected customer instances may require + manual updates. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Pure Storage - product: PortWorx + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Apollo cves: cve-2021-4104: investigated: false @@ -68116,10 +68606,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.8.0+ + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -68131,13 +68621,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: '' + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact, and updates have been deployed for full remediation. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Pure Storage - product: Pure1 + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Foundry cves: cve-2021-4104: investigated: false @@ -68148,7 +68638,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - N/A + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -68161,13 +68651,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: '' + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact to Palantir-hosted or Apollo-connected instances, and updates + have been deployed for full remediation. Disconnected customer instances may + require manual updates. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Pyramid Analytics - product: '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Gotham cves: cve-2021-4104: investigated: false @@ -68175,9 +68667,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -68190,13 +68683,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid - notes: '' + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact to Palantir-hosted or Apollo-connected instances, and updates + have been deployed for full remediation. Disconnected customer instances may + require manual updates. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: QF-Test - product: '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palo-Alto Networks + product: Bridgecrew cves: cve-2021-4104: investigated: false @@ -68219,13 +68714,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Qlik - product: '' + - vendor: Palo-Alto Networks + product: CloudGenix cves: cve-2021-4104: investigated: false @@ -68248,13 +68743,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: QMATIC - product: Appointment Booking + - vendor: Palo-Alto Networks + product: Cortex Data Lake cves: cve-2021-4104: investigated: false @@ -68262,41 +68757,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 2.4+ - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: Update to v. 2.8.2 which contains log4j 2.16 - references: - - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QMATIC - product: Appointment Booking - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - Cloud/Managed Service - fixed_versions: [] - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68308,13 +68772,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: log4j 2.16 applied 2021-12-15 + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QMATIC - product: Insights + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex XDR Agent cves: cve-2021-4104: investigated: false @@ -68322,9 +68786,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Cloud + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68338,13 +68801,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: log4j 2.16 applied 2021-12-16 + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QMATIC - product: Orchestra Central + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex Xpanse cves: cve-2021-4104: investigated: false @@ -68352,11 +68815,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 6.0+ + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68368,13 +68830,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QNAP - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex XSOAR cves: cve-2021-4104: investigated: false @@ -68397,13 +68859,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: QOPPA - product: '' + - vendor: Palo-Alto Networks + product: Expedition cves: cve-2021-4104: investigated: false @@ -68426,13 +68888,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/ + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: QSC Q-SYS - product: '' + - vendor: Palo-Alto Networks + product: GlobalProtect App cves: cve-2021-4104: investigated: false @@ -68455,13 +68917,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228 + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: QT - product: '' + - vendor: Palo-Alto Networks + product: IoT Security cves: cve-2021-4104: investigated: false @@ -68484,13 +68946,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Quest Global - product: '' + - vendor: Palo-Alto Networks + product: Okyo Grade cves: cve-2021-4104: investigated: false @@ -68513,13 +68975,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: R - product: R + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-OS for Firewall and Wildfire cves: cve-2021-4104: investigated: false @@ -68527,11 +68989,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 4.1.1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68543,13 +69004,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.r-project.org/ + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: R2ediviewer - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-OS for Panorama cves: cve-2021-4104: investigated: false @@ -68557,8 +69018,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '9.0' + - '9.1' + - '10.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68572,13 +69036,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://r2ediviewer.de/DE/reload.html?Change-log_17858584.html + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Radware - product: '' + - Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will + be updated when hot fixes for the affected Panorama versions are available. + PAN-OS for Panorama versions 8.1, 10.1 are not affected. + last_updated: '2021-12-15T00:00:00' + - vendor: Palo-Alto Networks + product: Prisma Access cves: cve-2021-4104: investigated: false @@ -68601,13 +69067,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.radware.com/app/answers/answer_view/a_id/1029752 + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Rapid7 - product: AlcidekArt, kAdvisor, and kAudit + - vendor: Palo-Alto Networks + product: Prisma Cloud cves: cve-2021-4104: investigated: false @@ -68615,11 +69081,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68631,13 +69096,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: AppSpider Enterprise + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Prisma Cloud Compute cves: cve-2021-4104: investigated: false @@ -68645,11 +69110,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68661,13 +69125,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: AppSpider Pro + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: SaaS Security cves: cve-2021-4104: investigated: false @@ -68675,11 +69139,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68691,13 +69154,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: Insight Agent + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: User-ID Agent cves: cve-2021-4104: investigated: false @@ -68705,11 +69168,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68721,13 +69183,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightAppSec Scan Engine + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: WildFire Appliance cves: cve-2021-4104: investigated: false @@ -68735,11 +69197,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68751,13 +69212,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightAppSec Scan Engine + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: WildFire Cloud cves: cve-2021-4104: investigated: false @@ -68765,11 +69226,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - on-prem + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -68781,16 +69241,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightCloudSec/DivvyCloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Panasonic + product: KX-HDV100 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -68799,28 +69259,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightConnect Orchestrator + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV130 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -68829,28 +69289,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightIDR Network Sensor + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV230 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -68859,28 +69319,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightIDR/InsightOps Collector & Event Sources + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV330 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -68889,59 +69349,58 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightOps DataHub + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV340 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - InsightOps DataHub <= 2.0 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: Upgrade [DataHub to version 2.0.1](https://rep.logentries.com/datahub/DataHub_2.0.1.deb) - using the [following instructions](https://docs.rapid7.com/insightops/setting-up-datahub/). + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightOps non-Java logging libraries + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV430 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -68950,58 +69409,58 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightOps r7insight_java logging library + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV800 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <=3.0.8 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: Upgrade [r7insight_java](https://github.com/rapid7/r7insight_java) to 3.0.9 + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightVM Kubernetes Monitor + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP500 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -69010,28 +69469,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightVM/Nexpose + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP550 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -69040,28 +69499,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightVM/Nexpose Console + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP600 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -69070,30 +69529,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” - packaged in them. This is a different library than log4j-core and is not vulnerable - to Log4Shell. + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: InsightVM/Nexpose Engine + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP700 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -69102,30 +69559,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” - packaged in them. This is a different library than log4j-core and is not vulnerable - to Log4Shell. + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: IntSights virtual appliance + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UDS124 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -69134,91 +69589,88 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: Logentries DataHub + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT113 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Linux version <= 1.2.0.820; Windows version <= 1.2.0.820 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: 'Linux: Install DataHub_1.2.0.822.deb using the following [instructions](https://docs.logentries.com/docs/datahub-linux). - Windows: Run version 1.2.0.822 in a Docker container or as a Java command per - these [instructions](https://docs.logentries.com/docs/datahub-windows). You - can find more details [here](https://docs.logentries.com/docs/datahub-linux).' + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: Logentries le_java logging library + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT123 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 'All versions: this is a deprecated component' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: Migrate to version 3.0.9 of [r7insight_java](https://github.com/rapid7/r7insight_java) + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: Metasploit Framework + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT133 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -69227,28 +69679,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: Metasploit Pro + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT136 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -69257,30 +69709,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 - notes: Metasploit Pro ships with log4j but has specific configurations applied - to it that mitigate Log4Shell. A future update will contain a fully patched - version of log4j. + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: tCell Java Agent + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT248 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -69289,28 +69739,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rapid7 - product: Velociraptor + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT670 cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -69319,24 +69769,24 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - on-prem + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Raritan + last_updated: '2022-01-20T00:00:00' + - vendor: Panopto product: '' cves: cve-2021-4104: @@ -69360,13 +69810,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.raritan.com/support + - https://support.panopto.com/s/article/Panopto-Statement-on-the-Log4j2-Zero-Day-Vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ravelin - product: '' + - vendor: PaperCut + product: PaperCut MF cves: cve-2021-4104: investigated: false @@ -69374,8 +69824,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 21.0 and later fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69389,13 +69840,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://syslog.ravelin.com/log4shell-cve-2021-44228-4338bb8da67b - notes: '' + - https://www.papercut.com/support/known-issues/?id=PO-684#ng + notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted + by this. Workaround manual steps available in reference. Upgrade to PaperCut + NG/MF version 21.2.3 Now Available to resolve. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Real-Time Innovations (RTI) - product: Distributed Logger + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut NG cves: cve-2021-4104: investigated: false @@ -69403,8 +69856,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 21.0 and later fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69418,13 +69872,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products - notes: '' + - https://www.papercut.com/support/known-issues/?id=PO-684#ng + notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted + by this. Workaround manual steps available in reference. Upgrade to PaperCut + NG/MF version 21.2.3 Now Available to resolve. references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: Real-Time Innovations (RTI) - product: Recording Console + - vendor: Parallels + product: '' cves: cve-2021-4104: investigated: false @@ -69447,13 +69903,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + - https://kb.parallels.com/en/128696 notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Real-Time Innovations (RTI) - product: RTI Administration Console + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Parse.ly + product: '' cves: cve-2021-4104: investigated: false @@ -69476,13 +69932,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + - https://blog.parse.ly/parse-ly-log4shell/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Real-Time Innovations (RTI) - product: RTI Code Generator + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PBXMonitor + product: RMM for 3CX PBX cves: cve-2021-4104: investigated: false @@ -69505,13 +69961,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products - notes: '' + - https://www.pbxmonitor.net/changelog.php + notes: Mirror Servers were also checked to ensure Log4J was not installed or being + used by any of our systems. references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Real-Time Innovations (RTI) - product: RTI Code Generator Server + last_updated: '2021-12-22T00:00:00' + - vendor: Pega + product: '' cves: cve-2021-4104: investigated: false @@ -69534,13 +69991,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + - https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Real-Time Innovations (RTI) - product: RTI Micro Application Generator (MAG) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pentaho + product: '' cves: cve-2021-4104: investigated: false @@ -69548,12 +70005,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - as part of RTI Connext Micro 3.0.0 - - 3.0.1 - - 3.0.2 - - 3.0.3 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69567,13 +70020,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + - https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho- notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Real-Time Innovations (RTI) - product: RTI Micro Application Generator (MAG) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pepperl+Fuchs + product: '' cves: cve-2021-4104: investigated: false @@ -69581,9 +70034,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - as part of RTI Connext Professional 6.0.0 and 6.0.1 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69597,13 +70049,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + - https://www.pepperl-fuchs.com/global/en/29079.htm notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Real-Time Innovations (RTI) - product: RTI Monitor + last_updated: '2021-12-21T00:00:00' + - vendor: Percona + product: '' cves: cve-2021-4104: investigated: false @@ -69626,13 +70078,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + - https://www.percona.com/blog/log4jshell-vulnerability-update/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Red Hat - product: log4j-core + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: '' cves: cve-2021-4104: investigated: false @@ -69655,13 +70107,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat Integration Camel K + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Phenix Id + product: '' cves: cve-2021-4104: investigated: false @@ -69684,13 +70136,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[RHSA-2021:5130](https://access.redhat.com/errata/RHSA-2021:5130)' + - https://support.phenixid.se/uncategorized/log4j-fix/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat build of Quarkus + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Philips + product: Multiple products cves: cve-2021-4104: investigated: false @@ -69713,13 +70165,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://www.philips.com/a-w/security/security-advisories.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Red Hat - product: Red Hat CodeReady Studio + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PHOENIX CONTACT + product: Cloud Services cves: cve-2021-4104: investigated: false @@ -69727,10 +70179,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 12.21.0 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -69743,13 +70194,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[CRS 12.21.1 Patch](https://developers.redhat.com/products/codeready-studio/download?source=sso)' + - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + notes: Partly affected. Remediations are being implemented. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat Data Grid + last_updated: '2021-12-22T00:00:00' + - vendor: PHOENIX CONTACT + product: Physical products containing firmware cves: cve-2021-4104: investigated: false @@ -69757,10 +70208,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '8' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -69773,13 +70223,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[RHSA-2021:5132](http://access.redhat.com/errata/RHSA-2021:5132)' + - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat Decision Manager + last_updated: '2021-12-22T00:00:00' + - vendor: PHOENIX CONTACT + product: Software Products cves: cve-2021-4104: investigated: false @@ -69787,11 +70237,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '7' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69803,13 +70252,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Red Hat - product: Red Hat Enterprise Linux + last_updated: '2021-12-22T00:00:00' + - vendor: Ping Identity + product: PingAccess cves: cve-2021-4104: investigated: false @@ -69818,10 +70267,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 4.0 <= version <= 6.3.2 fixed_versions: [] - unaffected_versions: - - '6' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69833,13 +70282,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Red Hat - product: Red Hat Enterprise Linux + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingCentral cves: cve-2021-4104: investigated: false @@ -69847,11 +70296,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '7' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69863,13 +70311,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Red Hat - product: Red Hat Enterprise Linux + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate cves: cve-2021-4104: investigated: false @@ -69878,10 +70326,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 8.0 <= version <= 10.3.4 fixed_versions: [] - unaffected_versions: - - '8' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69893,13 +70341,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Red Hat - product: Red Hat Integration Camel Quarkus + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate Java Integration Kit cves: cve-2021-4104: investigated: false @@ -69907,8 +70355,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - < 2.7.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69922,13 +70371,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[RHSA-2021:5126](https://access.redhat.com/errata/RHSA-2021:5126)' + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat JBoss A-MQ Streaming + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate OAuth Playground cves: cve-2021-4104: investigated: false @@ -69936,8 +70385,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - < 4.3.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69951,13 +70401,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[RHSA-2021:5138](https://access.redhat.com/errata/RHSA-2021:5138)' + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat JBoss Enterprise Application Platform + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingIntelligence cves: cve-2021-4104: investigated: false @@ -69965,10 +70415,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '7' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -69981,15 +70430,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.4)\ - \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ - \ affected." + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat JBoss Enterprise Application Platform Expansion Pack + last_updated: '2021-12-15T00:00:00' + - vendor: Pitney Bowes + product: '' cves: cve-2021-4104: investigated: false @@ -69997,11 +70444,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '7' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -70013,13 +70459,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Red Hat - product: Red Hat JBoss Fuse + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Planmeca + product: '' cves: cve-2021-4104: investigated: false @@ -70027,10 +70473,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '7' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -70043,13 +70488,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[RHSA-2021:5134](https://access.redhat.com/errata/RHSA-2021:5134)' + - https://www.planmeca.com/apache-log4j-vulnerability-in-planmeca-products/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat Process Automation + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Planon Software + product: '' cves: cve-2021-4104: investigated: false @@ -70057,10 +70502,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '7' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -70073,15 +70517,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=103671&product=rhpam&version=7.11.1&downloadType=patches)\ - \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ - \ affected." + - https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/ + notes: This advisory is available for customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat Single Sign-On + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Platform.SH + product: '' cves: cve-2021-4104: investigated: false @@ -70089,11 +70532,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '7' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -70105,13 +70547,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://platform.sh/blog/2021/platformsh-protects-from-apache-log4j/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Red Hat Vert.X + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Plesk + product: '' cves: cve-2021-4104: investigated: false @@ -70119,10 +70561,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '4' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -70135,13 +70576,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[RHSA-2021:5093](https://access.redhat.com/errata/RHSA-2021:5093)' + - https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Satellite 5 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Plex + product: Plex Industrial IoT cves: cve-2021-4104: investigated: false @@ -70164,13 +70605,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '' + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: The product has been updated to Log4j version 2.15. An additional patch + is being developed to update to 2.16. No user interaction is required. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat - product: Spacewalk + last_updated: '2021-12-15T00:00:00' + - vendor: Polycom + product: '' cves: cve-2021-4104: investigated: false @@ -70193,13 +70635,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat OpenShift Container Platform 3.11 - product: openshift3/ose-logging-elasticsearch5 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Portainer + product: '' cves: cve-2021-4104: investigated: false @@ -70222,13 +70664,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: '[RHSA-2021:5094](http://access.redhat.com/errata/RHSA-2021:5094)' + - https://www.portainer.io/blog/portainer-statement-re-log4j-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat OpenShift Container Platform 4 - product: openshift4/ose-logging-elasticsearch6 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PortSwigger + product: '' cves: cve-2021-4104: investigated: false @@ -70251,14 +70693,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: Please refer to Red Hat Customer Portal to find the right errata for your - version. + - https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat OpenShift Container Platform 4 - product: openshift4/ose-metering-hive + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PostGreSQL + product: '' cves: cve-2021-4104: investigated: false @@ -70281,14 +70722,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: Please refer to Red Hat Customer Portal to find the right errata for your - version. + - https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/ + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat OpenShift Container Platform 4 - product: openshift4/ose-metering-presto + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Postman + product: '' cves: cve-2021-4104: investigated: false @@ -70311,14 +70751,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: Please refer to Red Hat Customer Portal to find the right errata for your - version. + - https://support.postman.com/hc/en-us/articles/4415791933335-Is-Postman-impacted-by-the-Log4j-vulnerability-CVE-2021-44228- + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat OpenShift Logging - product: logging-elasticsearch6-container + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Power Admin LLC + product: PA File Sight cves: cve-2021-4104: investigated: false @@ -70326,10 +70765,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - NONE cve-2021-45046: investigated: false affected_versions: [] @@ -70340,15 +70780,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: Please refer to Red Hat Customer Portal to find the right errata for your - version. + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat OpenStack Platform 13 (Queens) - product: opendaylight + last_updated: '2021-12-17T00:00:00' + - vendor: Power Admin LLC + product: PA Server Monitor cves: cve-2021-4104: investigated: false @@ -70356,10 +70794,40 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - NONE + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Power Admin LLC + product: PA Storage Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - NONE cve-2021-45046: investigated: false affected_versions: [] @@ -70370,14 +70838,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 - notes: End of Life + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat Software Collections - product: rh-java-common-log4j + last_updated: '2021-12-17T00:00:00' + - vendor: Pretix + product: '' cves: cve-2021-4104: investigated: false @@ -70400,13 +70867,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://pretix.eu/about/de/blog/20211213-log4j/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat Software Collections - product: rh-maven35-log4j12 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PrimeKey + product: '' cves: cve-2021-4104: investigated: false @@ -70429,13 +70896,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red Hat Software Collections - product: rh-maven36-log4j12 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Progress / IpSwitch + product: '' cves: cve-2021-4104: investigated: false @@ -70458,12 +70925,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://access.redhat.com/security/cve/cve-2021-44228 + - https://www.progress.com/security notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Red5Pro + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ProofPoint product: '' cves: cve-2021-4104: @@ -70487,12 +70954,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/ - notes: '' + - https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2 + notes: This advisory is available for customers only and has not been reviewed + by CISA references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RedGate + - vendor: ProSeS product: '' cves: cve-2021-4104: @@ -70516,12 +70984,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.red-gate.com/privacy-and-security/vulnerabilities/2021-12-15-log4j-statement + - https://www.proses.de/en/2021/12/16/log4shell-cve-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Redis + - vendor: Prosys product: '' cves: cve-2021-4104: @@ -70545,12 +71013,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://redis.com/security/notice-apache-log4j2-cve-2021-44228/ + - https://prosysopc.com/news/important-security-release/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Reiner SCT + - vendor: Proxmox product: '' cves: cve-2021-4104: @@ -70574,12 +71042,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.reiner-sct.com/index.php?/topic/5973-timecard-und-log4j-schwachstelle/&do=findComment&comment=14933 + - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ReportURI + - vendor: PRTG Paessler product: '' cves: cve-2021-4104: @@ -70603,13 +71071,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://scotthelme.co.uk/responding-to-the-log4j-2-vulnerability/ + - https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ResMed - product: AirView + - vendor: PTC + product: Axeda Platform cves: cve-2021-4104: investigated: false @@ -70617,10 +71085,45 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - 6.9.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingsWorx Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '8.5' + - '9.0' + - '9.1' + - '9.2' + - All supported versions + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -70632,13 +71135,47 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.resmed.com/en-us/security/ + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: ResMed - product: myAir + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingsWorx Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '8.5' + - '9.0' + - '9.1' + - '9.2' + - All supported versions + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTV Group + product: '' cves: cve-2021-4104: investigated: false @@ -70661,13 +71198,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.resmed.com/en-us/security/ + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Respondus - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Connect Secure (ICS) cves: cve-2021-4104: investigated: false @@ -70690,14 +71227,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.respondus.com/support/index.php?/News/NewsItem/View/339 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Revenera / Flexera - product: '' + - vendor: Pulse Secure + product: Ivanti Neurons for secure Access cves: cve-2021-4104: investigated: false @@ -70720,13 +71256,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905 + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ricoh - product: '' + - vendor: Pulse Secure + product: Ivanti Neurons for secure Access cves: cve-2021-4104: investigated: false @@ -70749,13 +71285,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ricoh.com/info/2021/1215_1/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RingCentral - product: '' + - vendor: Pulse Secure + product: Ivanti Neurons for ZTA cves: cve-2021-4104: investigated: false @@ -70778,13 +71314,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ringcentral.com/trust-center/security-bulletin.html + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Riverbed - product: '' + - vendor: Pulse Secure + product: Ivanti Neurons for ZTA cves: cve-2021-4104: investigated: false @@ -70807,13 +71343,333 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportkb.riverbed.com/support/index?page=content&id=S35645 + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Rockwell Automation - product: FactoryTalk Analytics DataFlowML + - vendor: Pulse Secure + product: Pulse Connect Secure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Desktop Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Mobile Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse One + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Policy Secure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Services Director + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Virtual Traffic Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Web Application Firewall + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse ZTA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Puppet + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pure Storage + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22) + notes: This advisory is available for customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pure Storage + product: Cloud Blockstore cves: cve-2021-4104: investigated: false @@ -70823,7 +71679,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 4.00.00 + - CBS6.1.x + - CBS6.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70837,13 +71694,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: '' + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: Patch expected 12/27/2021 references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Rockwell Automation - product: FactoryTalk Analytics DataView + - vendor: Pure Storage + product: Flash Array cves: cve-2021-4104: investigated: false @@ -70853,7 +71710,10 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.03.00 + - 5.3.x + - 6.0.x + - 6.1.x + - 6.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70867,13 +71727,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: '' + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: Patch expected 12/20/2021 references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Rockwell Automation - product: Industrial Data Center + - vendor: Pure Storage + product: FlashBlade cves: cve-2021-4104: investigated: false @@ -70882,12 +71742,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - Gen 1 - - Gen 2 - - Gen 3 - - Gen 3.5 + affected_versions: + - 3.1.x + - 3.2.x + - 3.3.x + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -70900,13 +71759,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: '' + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: Patch expected 12/24/2021 references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Rockwell Automation - product: MES EIG + - vendor: Pure Storage + product: PortWorx cves: cve-2021-4104: investigated: false @@ -70916,7 +71775,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.03.00 + - 2.8.0+ fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70930,14 +71789,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: Customers should upgrade to EIG Hub if possible or work with their local - representatives about alternative solutions. + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Rockwell Automation - product: VersaVirtual + - vendor: Pure Storage + product: Pure1 cves: cve-2021-4104: investigated: false @@ -70948,7 +71806,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Series A + - N/A unaffected_versions: [] cve-2021-45046: investigated: false @@ -70961,13 +71819,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Rockwell Automation - product: Warehouse Management + - vendor: Pyramid Analytics + product: '' cves: cve-2021-4104: investigated: false @@ -70975,12 +71833,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 4.01.00 - - 4.02.00 - - 4.02.01 - - 4.02.02 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70994,13 +71848,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + - https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Rollbar - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Qconference + product: FaceTalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://qconferencing.com/status-vulnerability-log4j-en-qconferencing/ + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: QF-Test + product: All cves: cve-2021-4104: investigated: false @@ -71023,13 +71907,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rollbar.com/blog/log4j-zero-day-2021-log4shell/ + - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Rosette.com - product: '' + - vendor: Qlik + product: AIS, including ARC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Attunity Visibility cves: cve-2021-4104: investigated: false @@ -71037,10 +71951,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: AutoML + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71052,13 +71997,5092 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RSA - product: SecurID Authentication Manager + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Blendr + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DW + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - 6.6.1 + - '7.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.10.0 + - 4.10.1 + - 4.10.2 + - 4.11.0 + - 4.11.1 + - 4.12.0 + - 4.12.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2021.2' + - '2021.5' + - '2021.8' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Lakes + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6.6' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869987 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Wharehouses + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6.6' + - 6.6.1 + - '7.0' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869990 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Plus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.26.5 + - 5.27.5 - 5.28.2 + - 5.29.4 - 5.30.1 + - 5.31.1 + - 5.31.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.19.1 - 4.27.3 + - 4.23.4 + - 4.32.3 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nodegraph + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nprinting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: ODBC Connector Package + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: QEM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Alerting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - May 2021 release and after + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Data Transfer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Enterprise Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869994 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Forts + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik RepliWeb and ARC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Business + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise SaaS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik View + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Web Connectors + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Replicate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: REST Connectors + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Salesforce and SAP Connectors + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: Connectos are not affected. + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: QMATIC + product: Appointment Booking + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.4+ + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + notes: Update to v. 2.8.2 which contains log4j 2.16 + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: QMATIC + product: Appointment Booking + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud/Managed Service + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + notes: log4j 2.16 applied 2021-12-15 + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: QMATIC + product: Insights + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + notes: log4j 2.16 applied 2021-12-16 + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: QMATIC + product: Orchestra Central + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 6.0+ + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: QNAP + product: QES Operating System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: Qsirch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QTS Operating System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QuTS Hero Operating System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QOPPA + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QOS.ch + product: SLF4J Simple Logging Facade for Java + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.slf4j.org/log4shell.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QSC Q-SYS + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QT + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Foglight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '5.9' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Foglight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Quest KACE SMA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: R + product: R + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 4.1.1 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.r-project.org/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: R2ediviewer + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://r2ediviewer.de/DE/reload.html?Change-log_17858584.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Radware + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.radware.com/app/answers/answer_view/a_id/1029752 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rapid7 + product: AlcidekArt, kAdvisor, and kAudit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: AppSpider Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: AppSpider Pro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Insight Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightAppSec Scan Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightAppSec Scan Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightCloudSec/DivvyCloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightConnect Orchestrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightIDR Network Sensor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightIDR/InsightOps Collector & Event Sources + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps DataHub + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - InsightOps DataHub <= 2.0 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Upgrade [DataHub to version 2.0.1](https://rep.logentries.com/datahub/DataHub_2.0.1.deb) + using the [following instructions](https://docs.rapid7.com/insightops/setting-up-datahub/). + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps non-Java logging libraries + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps r7insight_java logging library + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <=3.0.8 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Upgrade [r7insight_java](https://github.com/rapid7/r7insight_java) to 3.0.9 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM Kubernetes Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” + packaged in them. This is a different library than log4j-core and is not vulnerable + to Log4Shell. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” + packaged in them. This is a different library than log4j-core and is not vulnerable + to Log4Shell. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: IntSights virtual appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Logentries DataHub + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Linux version <= 1.2.0.820; Windows version <= 1.2.0.820 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: 'Linux: Install DataHub_1.2.0.822.deb using the following [instructions](https://docs.logentries.com/docs/datahub-linux). + Windows: Run version 1.2.0.822 in a Docker container or as a Java command per + these [instructions](https://docs.logentries.com/docs/datahub-windows). You + can find more details [here](https://docs.logentries.com/docs/datahub-linux).' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Logentries le_java logging library + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'All versions: this is a deprecated component' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Migrate to version 3.0.9 of [r7insight_java](https://github.com/rapid7/r7insight_java) + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Metasploit Framework + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Metasploit Pro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Metasploit Pro ships with log4j but has specific configurations applied + to it that mitigate Log4Shell. A future update will contain a fully patched + version of log4j. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: tCell Java Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Velociraptor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Raritan + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.raritan.com/support + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ravelin + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://syslog.ravelin.com/log4shell-cve-2021-44228-4338bb8da67b + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Real-Time Innovations (RTI) + product: Distributed Logger + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: Recording Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Administration Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Code Generator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Code Generator Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Micro Application Generator (MAG) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - as part of RTI Connext Micro 3.0.0 + - 3.0.1 + - 3.0.2 + - 3.0.3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Micro Application Generator (MAG) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - as part of RTI Connext Professional 6.0.0 and 6.0.1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Red Hat + product: log4j-core + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Integration Camel K + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5130](https://access.redhat.com/errata/RHSA-2021:5130)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat build of Quarkus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat CodeReady Studio + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 12.21.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[CRS 12.21.1 Patch](https://developers.redhat.com/products/codeready-studio/download?source=sso)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Data Grid + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '8' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5132](http://access.redhat.com/errata/RHSA-2021:5132)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Decision Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '8' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Integration Camel Quarkus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5126](https://access.redhat.com/errata/RHSA-2021:5126)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss A-MQ Streaming + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5138](https://access.redhat.com/errata/RHSA-2021:5138)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Enterprise Application Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.4)\ + \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ + \ affected." + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Enterprise Application Platform Expansion Pack + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Fuse + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5134](https://access.redhat.com/errata/RHSA-2021:5134)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Process Automation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=103671&product=rhpam&version=7.11.1&downloadType=patches)\ + \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ + \ affected." + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Single Sign-On + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Vert.X + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5093](https://access.redhat.com/errata/RHSA-2021:5093)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Satellite 5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Spacewalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 3.11 + product: openshift3/ose-logging-elasticsearch5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5094](http://access.redhat.com/errata/RHSA-2021:5094)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-logging-elasticsearch6 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-metering-hive + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-metering-presto + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Logging + product: logging-elasticsearch6-container + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenStack Platform 13 (Queens) + product: opendaylight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: End of Life + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-java-common-log4j + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-maven35-log4j12 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-maven36-log4j12 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red5Pro + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RedGate + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.red-gate.com/privacy-and-security/vulnerabilities/2021-12-15-log4j-statement + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Redis + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://redis.com/security/notice-apache-log4j2-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Reiner SCT + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.reiner-sct.com/index.php?/topic/5973-timecard-und-log4j-schwachstelle/&do=findComment&comment=14933 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ReportURI + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://scotthelme.co.uk/responding-to-the-log4j-2-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ResMed + product: AirView + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.resmed.com/en-us/security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: ResMed + product: myAir + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.resmed.com/en-us/security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Respondus + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.respondus.com/support/index.php?/News/NewsItem/View/339 + notes: This advisory is available to customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Revenera / Flexera + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ricoh + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ricoh.com/info/2021/1215_1/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RingCentral + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ringcentral.com/trust-center/security-bulletin.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Riverbed + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://supportkb.riverbed.com/support/index?page=content&id=S35645 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rockwell Automation + product: FactoryTalk Analytics DataFlowML + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 4.00.00 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: FactoryTalk Analytics DataView + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 3.03.00 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: Industrial Data Center + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Gen 1 + - Gen 2 + - Gen 3 + - Gen 3.5 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: MES EIG + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 3.03.00 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: Customers should upgrade to EIG Hub if possible or work with their local + representatives about alternative solutions. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: VersaVirtual + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Series A + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: Warehouse Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 4.01.00 + - 4.02.00 + - 4.02.01 + - 4.02.02 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rollbar + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rollbar.com/blog/log4j-zero-day-2021-log4shell/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rosette.com + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager Prime + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager WebTier + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Governance and Lifecycle + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Governance and Lifecycle Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Identity Router + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA Netwitness + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rsa.com/t5/netwitness-platform-product/netwitness-apache-vulnerability-log4j2-cve-2021-44228-nbsp/ta-p/660540 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rstudioapi + product: Rstudioapi + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '0.13' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/rstudio/rstudioapi + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Rubrik + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK + notes: This advisory is available to customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ruckus + product: Virtual SmartZone (vSZ) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 5.1 to 6.0 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ruckuswireless.com/security_bulletins/313 + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: RunDeck by PagerDuty + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.rundeck.com/docs/history/CVEs/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Runecast + product: Runecast Analyzer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 6.0.3 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.runecast.com/release-notes + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SAE-IT + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.sae-it.com/nc/de/news/sicherheitsmeldungen.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SAFE FME Server + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SAGE + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.sagecity.com/sage-global-solutions/sage-crm/f/sage-crm-announcements-news-and-alerts/178655/advisory-apache-log4j-vulnerability-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SailPoint + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681 + notes: This advisory is available to customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Salesforce + product: Analytics Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: B2C Commerce Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: ClickSoftware (As-a-Service) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: ClickSoftware (On-Premise) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional + details are available here. + references: + - '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Data.com + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Data.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: DataLoader + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=53.0.2' + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - '>=53.0.2' + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.2 + notes: This version is for use with Salesforce Winter '22 or higher release through + Salesforce Force Partner API and Force WSC v53.0.0. It contains the fix for + CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 by upgrading to log4j 2.17.0. + references: + - '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Datorama + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Evergage (Interaction Studio) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Experience (Community) Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Force.com + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. The Data Loader tool has been + patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + Make sure that you are using Data Loader version 53.0.2 or later. Follow the + steps described here to download the latest version of Data Loader. + references: + - '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Heroku + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Heroku is reported to not be affected by the issues currently identified + in CVE-2021-44228 or CVE-2021-45046. + references: + - '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Marketing Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Salesforce-owned services within Marketing Cloud are not affected by the + issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party + vendors have been patched to address the security issues currently identified + in CVE-2021-44228 or CVE-2021-45046. + references: + - '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: MuleSoft (Cloud) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft + services, including dataloader.io, have been updated to mitigate the issues + currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional + details here. + references: + - '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: MuleSoft (On-Premise) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors, including Private Cloud Edition + (PCE) and Anypoint Studio, have a mitigation in place to address the issues + currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional + details here. + references: + - '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Pardot + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Sales Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Service Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Slack + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are + available here. + references: + - '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Social Studio + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-26T00:00:00' + - vendor: Salesforce + product: Tableau (On-Premise) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 2021.4.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + notes: Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Patches to address the issues currently identified in both CVE-2021-44228 and + CVE-2021-45046 are available for download. Additional details are available + here. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Salesforce + product: Tableau (Online) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services + have been patched to mitigate the issues currently identified in both CVE-2021-44228 + and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-26T00:00:00' + - vendor: Samsung Electronics America + product: Knox Admin Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Asset Intelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Configure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox E-FOTA One cves: cve-2021-4104: investigated: false @@ -71066,27 +77090,30 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RSA - product: SecurID Authentication Manager Prime + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Guard cves: cve-2021-4104: investigated: false @@ -71094,27 +77121,30 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RSA - product: SecurID Authentication Manager WebTier + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox License Management cves: cve-2021-4104: investigated: false @@ -71122,27 +77152,30 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RSA - product: SecurID Governance and Lifecycle + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Manage cves: cve-2021-4104: investigated: false @@ -71150,27 +77183,30 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RSA - product: SecurID Governance and Lifecycle Cloud + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Managed Services Provider (MSP) cves: cve-2021-4104: investigated: false @@ -71178,27 +77214,30 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RSA - product: SecurID Identity Router + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Mobile Enrollment cves: cve-2021-4104: investigated: false @@ -71206,27 +77245,30 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: RSA Netwitness - product: '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Reseller Portal cves: cve-2021-4104: investigated: false @@ -71234,14 +77276,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45105: investigated: false @@ -71249,13 +77293,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.rsa.com/t5/netwitness-platform-product/netwitness-apache-vulnerability-log4j2-cve-2021-44228-nbsp/ta-p/660540 + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Rstudioapi - product: Rstudioapi + last_updated: '2022-01-17T00:00:00' + - vendor: Sangoma + product: '' cves: cve-2021-4104: investigated: false @@ -71263,11 +77307,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '0.13' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -71279,12 +77322,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/rstudio/rstudioapi + - https://help.sangoma.com/community/s/article/Log4Shell notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Rubrik + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SAP product: '' cves: cve-2021-4104: @@ -71308,14 +77351,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK + - https://support.sap.com/content/dam/support/en_us/library/ssp/my-support/trust-center/sap-tc-01-5025.pdf notes: This advisory is available to customers only and has not been reviewed by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ruckus - product: Virtual SmartZone (vSZ) + last_updated: '2021-12-17T00:00:00' + - vendor: SAP Advanced Platform + product: '' cves: cve-2021-4104: investigated: false @@ -71323,9 +77366,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 5.1 to 6.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71339,12 +77381,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.ruckuswireless.com/security_bulletins/313 - notes: '' + - https://launchpad.support.sap.com/#/notes/3130698 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: RunDeck by PagerDuty + last_updated: '2021-12-17T00:00:00' + - vendor: SAP BusinessObjects product: '' cves: cve-2021-4104: @@ -71368,13 +77411,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.rundeck.com/docs/history/CVEs/ - notes: '' + - https://blogs.sap.com/2021/12/16/cve-2021-44228-impact-of-log4j-vulnerability-on-sap-businessobjects/ + notes: The support document is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Runecast - product: Runecast Analyzer + last_updated: '2021-12-17T00:00:00' + - vendor: SAS + product: '' cves: cve-2021-4104: investigated: false @@ -71382,10 +77426,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 6.0.3 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -71398,12 +77441,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.runecast.com/release-notes + - https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SAE-IT + - vendor: SASSAFRAS product: '' cves: cve-2021-4104: @@ -71427,12 +77470,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sae-it.com/nc/de/news/sicherheitsmeldungen.html + - https://www.sassafras.com/log4j-vulnerability-cve-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SAFE FME Server + - vendor: Savignano software solutions product: '' cves: cve-2021-4104: @@ -71456,13 +77499,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j + - https://savignano.atlassian.net/wiki/spaces/SNOTIFY/blog/2021/12/13/2839740417/No+Log4j+Vulnerability+in+S+Notify notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SAGE - product: '' + - vendor: SBT + product: SBT cves: cve-2021-4104: investigated: false @@ -71470,8 +77513,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <1.5.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -71485,12 +77529,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sagecity.com/sage-global-solutions/sage-crm/f/sage-crm-announcements-news-and-alerts/178655/advisory-apache-log4j-vulnerability-cve-2021-44228 + - https://github.com/sbt/sbt/releases/tag/v1.5.7 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SailPoint + last_updated: '2021-12-15T00:00:00' + - vendor: ScaleComputing product: '' cves: cve-2021-4104: @@ -71514,14 +77558,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681 + - https://community.scalecomputing.com/s/article/Apache-Log4j-Vulnerability notes: This advisory is available to customers only and has not been reviewed by CISA references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Salesforce - product: Analytics Cloud + - vendor: ScaleFusion MobileLock Pro + product: '' cves: cve-2021-4104: investigated: false @@ -71529,16 +77573,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71546,15 +77588,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://help.mobilock.in/article/t9sx43yg44-scalefusion-security-advisory-for-apache-log-4-j-vulnerability-cve-2021-44228 + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: B2C Commerce Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Schneider Electric + product: EASYFIT cves: cve-2021-4104: investigated: false @@ -71563,15 +77603,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - All + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71579,15 +77618,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: ClickSoftware (As-a-Service) + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Ecoreal XL cves: cve-2021-4104: investigated: false @@ -71596,15 +77633,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - All + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71612,15 +77648,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to address - the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: ClickSoftware (On-Premise) + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: EcoStruxure IT Expert cves: cve-2021-4104: investigated: false @@ -71631,30 +77665,25 @@ software: investigated: true affected_versions: [] fixed_versions: - - All + - Cloud unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to address - the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional - details are available here. + vendor_links: [] + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Data.com + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: EcoStruxure IT Gateway cves: cve-2021-4104: investigated: false @@ -71665,13 +77694,12 @@ software: investigated: true affected_versions: [] fixed_versions: - - All + - V1.5.0 to V1.13.0 unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71679,15 +77707,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Data.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://ecostruxureit.com/download-and-set-upecostruxureit-gateway/ + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: DataLoader + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Eurotherm Data Reviewer cves: cve-2021-4104: investigated: false @@ -71696,15 +77722,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - '>=53.0.2' + affected_versions: + - V3.0.2 and prior + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '>=53.0.2' + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71712,15 +77737,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.2 - notes: This version is for use with Salesforce Winter '22 or higher release through - Salesforce Force Partner API and Force WSC v53.0.0. It contains the fix for - CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 by upgrading to log4j 2.17.0. + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Datorama + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Facility Expert Small Business cves: cve-2021-4104: investigated: false @@ -71731,13 +77754,12 @@ software: investigated: true affected_versions: [] fixed_versions: - - All + - Cloud unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71745,15 +77767,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Evergage (Interaction Studio) + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: MSE cves: cve-2021-4104: investigated: false @@ -71762,15 +77782,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - All + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71778,15 +77797,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to address - the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Experience (Community) Cloud + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: NetBotz750/755 cves: cve-2021-4104: investigated: false @@ -71795,15 +77812,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - All + affected_versions: + - Software versions 5.0 through 5.3.0 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71811,15 +77827,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Force.com + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: NEW630 cves: cve-2021-4104: investigated: false @@ -71828,15 +77842,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - All + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71844,18 +77857,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. The Data Loader tool has been - patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. - Make sure that you are using Data Loader version 53.0.2 or later. Follow the - steps described here to download the latest version of Data Loader. + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Heroku + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK BOM cves: cve-2021-4104: investigated: false @@ -71864,30 +77872,28 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Current software and earlier fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Heroku is reported to not be affected by the issues currently identified - in CVE-2021-44228 or CVE-2021-45046. + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Marketing Cloud + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK-Docgen cves: cve-2021-4104: investigated: false @@ -71896,15 +77902,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - All + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71912,16 +77917,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Salesforce-owned services within Marketing Cloud are not affected by the - issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party - vendors have been patched to address the security issues currently identified - in CVE-2021-44228 or CVE-2021-45046. + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: MuleSoft (Cloud) + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK-TNC cves: cve-2021-4104: investigated: false @@ -71930,15 +77932,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - All + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71946,16 +77947,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft - services, including dataloader.io, have been updated to mitigate the issues - currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional - details here. + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: MuleSoft (On-Premise) + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK-UMS cves: cve-2021-4104: investigated: false @@ -71964,15 +77962,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - All + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -71980,17 +77977,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors, including Private Cloud Edition - (PCE) and Anypoint Studio, have a mitigation in place to address the issues - currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional - details here. + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Pardot + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK3D2DRenderer cves: cve-2021-4104: investigated: false @@ -71999,15 +77992,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - All + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -72015,15 +78007,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Sales Cloud + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK3D360Widget cves: cve-2021-4104: investigated: false @@ -72032,15 +78022,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - All + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -72048,15 +78037,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Service Cloud + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Select and Config DATA cves: cve-2021-4104: investigated: false @@ -72065,15 +78052,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - All + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -72081,15 +78067,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Slack + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SNC-API cves: cve-2021-4104: investigated: false @@ -72098,15 +78082,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - All + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -72114,16 +78097,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are - available here. + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Social Studio + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SNC-CMM cves: cve-2021-4104: investigated: false @@ -72132,15 +78112,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - All + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -72148,15 +78127,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned - services and third-party vendors have been patched to address the issues currently - identified in CVE-2021-44228 and CVE-2021-45046. + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Salesforce - product: Tableau (On-Premise) + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SNCSEMTECH cves: cve-2021-4104: investigated: false @@ -72165,9 +78142,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - < 2021.4.1 + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -72180,16 +78157,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell - notes: Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. - Patches to address the issues currently identified in both CVE-2021-44228 and - CVE-2021-45046 are available for download. Additional details are available - here. + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Salesforce - product: Tableau (Online) + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SPIMV3 cves: cve-2021-4104: investigated: false @@ -72198,15 +78172,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - All + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -72214,15 +78187,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services - have been patched to mitigate the issues currently identified in both CVE-2021-44228 - and CVE-2021-45046. + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' references: - '' - last_updated: '2022-01-26T00:00:00' - - vendor: Samsung Electronics America - product: Knox Admin Portal + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SWBEditor cves: cve-2021-4104: investigated: false @@ -72231,29 +78202,28 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Current software and earlier fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Asset Intelligence + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SWBEngine cves: cve-2021-4104: investigated: false @@ -72262,29 +78232,28 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Current software and earlier fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Configure + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Wiser by SE platform cves: cve-2021-4104: investigated: false @@ -72294,28 +78263,26 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox E-FOTA One + last_updated: '2021-12-20T00:00:00' + - vendor: Schweitzer Engineering Laboratories + product: '' cves: cve-2021-4104: investigated: false @@ -72323,30 +78290,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://selinc.com/support/security-notifications/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Guard + last_updated: '2021-12-21T00:00:00' + - vendor: SCM Manager + product: '' cves: cve-2021-4104: investigated: false @@ -72354,30 +78319,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://scm-manager.org/blog/posts/2021-12-13-log4shell/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox License Management + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ScreenBeam + product: '' cves: cve-2021-4104: investigated: false @@ -72385,30 +78348,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://customersupport.screenbeam.com/hc/en-us/articles/4416468085389-December-2021-Security-Alert-Log4j-CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Manage + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SDL worldServer + product: '' cves: cve-2021-4104: investigated: false @@ -72416,16 +78377,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -72433,13 +78392,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://gateway.sdl.com/apex/communityknowledge?articleName=000017707 notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Managed Services Provider (MSP) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Seagull Scientific + product: '' cves: cve-2021-4104: investigated: false @@ -72447,30 +78406,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://support.seagullscientific.com/hc/en-us/articles/4415794235543-Apache-Log4Shell-Vulnerability notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Mobile Enrollment + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SecurePoint + product: '' cves: cve-2021-4104: investigated: false @@ -72478,30 +78435,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.securepoint.de/news/details/sicherheitsluecke-log4j-securepoint-loesungen-nicht-betroffen.html notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Reseller Portal + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Security Onion + product: '' cves: cve-2021-4104: investigated: false @@ -72509,16 +78464,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -72526,13 +78479,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Sangoma - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Securonix + product: Extended Detection and Response (XDR) cves: cve-2021-4104: investigated: false @@ -72540,8 +78493,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72555,13 +78509,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.sangoma.com/community/s/article/Log4Shell - notes: '' + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SAP - product: '' + last_updated: '2021-12-10T00:00:00' + - vendor: Securonix + product: Next Gen SIEM cves: cve-2021-4104: investigated: false @@ -72569,8 +78523,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72584,14 +78539,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.sap.com/content/dam/support/en_us/library/ssp/my-support/trust-center/sap-tc-01-5025.pdf - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: SAP Advanced Platform - product: '' + last_updated: '2021-12-10T00:00:00' + - vendor: Securonix + product: Security Analytics and Operations Platform (SOAR) cves: cve-2021-4104: investigated: false @@ -72599,8 +78553,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72614,14 +78569,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://launchpad.support.sap.com/#/notes/3130698 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: SAP BusinessObjects - product: '' + last_updated: '2021-12-10T00:00:00' + - vendor: Securonix + product: SNYPR Application cves: cve-2021-4104: investigated: false @@ -72644,14 +78598,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blogs.sap.com/2021/12/16/cve-2021-44228-impact-of-log4j-vulnerability-on-sap-businessobjects/ - notes: The support document is available to customers only and has not been reviewed - by CISA + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-OnPrem-Customer-Update.pdf + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: SAS - product: '' + last_updated: '2021-12-10T00:00:00' + - vendor: Securonix + product: User and Entity Behavior Analytics(UEBA) cves: cve-2021-4104: investigated: false @@ -72659,8 +78612,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72674,12 +78628,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html - notes: '' + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SASSAFRAS + last_updated: '2021-12-10T00:00:00' + - vendor: Seeburger product: '' cves: cve-2021-4104: @@ -72703,12 +78657,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sassafras.com/log4j-vulnerability-cve-2021-44228/ - notes: '' + - https://servicedesk.seeburger.de/portal/en-US/Knowledge/Article/?defId=101040&id=25486312&COMMAND=Open + notes: This advisory is available to customers only and has not been reviewed + by CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Savignano software solutions + - vendor: SentinelOne product: '' cves: cve-2021-4104: @@ -72732,13 +78687,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://savignano.atlassian.net/wiki/spaces/SNOTIFY/blog/2021/12/13/2839740417/No+Log4j+Vulnerability+in+S+Notify + - https://www.sentinelone.com/blog/cve-2021-44228-staying-secure-apache-log4j-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SBT - product: SBT + - vendor: Sentry + product: '' cves: cve-2021-4104: investigated: false @@ -72746,9 +78701,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <1.5.6 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72762,12 +78716,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/sbt/sbt/releases/tag/v1.5.7 + - https://blog.sentry.io/2021/12/15/sentrys-response-to-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: ScaleComputing + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SEP product: '' cves: cve-2021-4104: @@ -72791,13 +78745,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.scalecomputing.com/s/article/Apache-Log4j-Vulnerability - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://support.sep.de/otrs/public.pl?Action=PublicFAQZoom;ItemID=132 + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ScaleFusion MobileLock Pro + - vendor: Server Eye product: '' cves: cve-2021-4104: @@ -72821,13 +78774,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.mobilock.in/article/t9sx43yg44-scalefusion-security-advisory-for-apache-log-4-j-vulnerability-cve-2021-44228 + - https://www.server-eye.de/blog/sicherheitsluecke-log4j-server-eye-systeme-sind-nicht-betroffen/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Schneider Electric - product: EASYFIT + - vendor: ServiceNow + product: '' cves: cve-2021-4104: investigated: false @@ -72835,9 +78788,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72851,13 +78803,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Ecoreal XL + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Shibboleth + product: '' cves: cve-2021-4104: investigated: false @@ -72865,9 +78817,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72881,13 +78832,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - http://shibboleth.net/pipermail/announce/2021-December/000253.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: EcoStruxure IT Expert + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Shibboleth + product: All Products cves: cve-2021-4104: investigated: false @@ -72897,9 +78848,10 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Cloud - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - Identity Provider>=3.0 + - All other software versions cve-2021-45046: investigated: false affected_versions: [] @@ -72910,13 +78862,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://shibboleth.net/pipermail/announce/2021-December/000253.html notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: EcoStruxure IT Gateway + references: + - '' + last_updated: '2021-12-10T00:00:00' + - vendor: Shopify + product: '' cves: cve-2021-4104: investigated: false @@ -72924,10 +78877,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - V1.5.0 to V1.13.0 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -72940,13 +78892,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ecostruxureit.com/download-and-set-upecostruxureit-gateway/ + - https://community.shopify.com/c/technical-q-a/is-shopify-affected-by-the-log4j-vulnerability/td-p/1417625 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Eurotherm Data Reviewer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Siebel + product: '' cves: cve-2021-4104: investigated: false @@ -72954,9 +78906,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - V3.0.2 and prior + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -72970,13 +78921,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.siebelhub.com/main/2021/12/log4j-vulnerability-cve-2021-44228-and-siebel-crm.html notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Facility Expert Small Business + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Siemens + product: Affected Products cves: cve-2021-4104: investigated: false @@ -72984,10 +78935,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -73000,13 +78950,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: MSE + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens + product: Affected Products cves: cve-2021-4104: investigated: false @@ -73014,9 +78965,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73030,13 +78980,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: NetBotz750/755 + last_updated: '2021-12-19T00:00:00' + - vendor: Siemens Energy + product: Affected Products cves: cve-2021-4104: investigated: false @@ -73044,9 +78995,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Software versions 5.0 through 5.3.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73060,13 +79010,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: NEW630 + last_updated: '2021-12-21T00:00:00' + - vendor: Siemens Energy + product: Affected Products cves: cve-2021-4104: investigated: false @@ -73074,9 +79025,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73090,13 +79040,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK BOM + - vendor: Siemens Energy + product: Affected Products cves: cve-2021-4104: investigated: false @@ -73104,9 +79055,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73120,13 +79070,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK-Docgen + last_updated: '2021-12-16T00:00:00' + - vendor: Siemens Healthineers + product: ATELLICA DATA MANAGER v1.1.1 / v1.2.1 / v1.3.1 cves: cve-2021-4104: investigated: false @@ -73134,9 +79085,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73150,13 +79100,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: If you have determined that your Atellica Data Manager has a “Java communication + engine” service, and you require an immediate mitigation, then please contact + your Siemens Customer Care Center or your local Siemens technical support representative. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK-TNC + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: CENTRALINK v16.0.2 / v16.0.3 cves: cve-2021-4104: investigated: false @@ -73164,9 +79116,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73180,13 +79131,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: If you have determined that your CentraLink has a “Java communication engine” + service, and you require a mitigation, then please contact your Siemens Customer + Care Center or your local Siemens technical support representative. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK-UMS + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Cios Flow S1 / Alpha / Spin VA30 cves: cve-2021-4104: investigated: false @@ -73194,9 +79147,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73210,13 +79162,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK3D2DRenderer + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Cios Select FD/I.I. VA21 / VA21-S3P cves: cve-2021-4104: investigated: false @@ -73224,9 +79176,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73240,13 +79191,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK3D360Widget + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: DICOM Proxy VB10A cves: cve-2021-4104: investigated: false @@ -73254,9 +79205,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73270,13 +79220,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Select and Config DATA + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.All, Som10 VA20 / VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -73284,9 +79234,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73300,13 +79249,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SNC-API + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Fit, Som10 VA30 cves: cve-2021-4104: investigated: false @@ -73314,9 +79264,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73330,13 +79279,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SNC-CMM + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Now, Som10 VA10 / VA20 / VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -73344,9 +79294,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73360,13 +79309,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SNCSEMTECH + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Open Pro, Som10 VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -73374,9 +79324,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73390,13 +79339,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SPIMV3 + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Sim, Som10 VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -73404,9 +79354,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73420,13 +79369,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SWBEditor + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Top, Som10 VA20 / VA20A_SP5 / VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -73434,9 +79384,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73450,13 +79399,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SWBEngine + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Up, Som10 VA10 / VA20 / VA30 / VA40 cves: cve-2021-4104: investigated: false @@ -73464,9 +79414,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73480,13 +79429,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Wiser by SE platform + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM AERA 1,5T, MAGNETOM PRISMA, MAGNETOM PRISMA FIT, MAGNETOM SKYRA + 3T NUMARIS/X VA30A cves: cve-2021-4104: investigated: false @@ -73494,10 +79445,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -73509,13 +79459,16 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: '' + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schweitzer Engineering Laboratories - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Altea NUMARIS/X VA20A cves: cve-2021-4104: investigated: false @@ -73538,13 +79491,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://selinc.com/support/security-notifications/ - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: SCM Manager - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM ALTEA, MAGNETOM LUMINA, MAGNETOM SOLA, MAGNETOM VIDA NUMARIS/X + VA31A cves: cve-2021-4104: investigated: false @@ -73567,13 +79523,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://scm-manager.org/blog/posts/2021-12-13-log4shell/ - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ScreenBeam - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Amira NUMARIS/X VA12M cves: cve-2021-4104: investigated: false @@ -73596,13 +79554,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://customersupport.screenbeam.com/hc/en-us/articles/4416468085389-December-2021-Security-Alert-Log4j-CVE-2021-44228 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SDL worldServer - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Free.Max NUMARIS/X VA40 cves: cve-2021-4104: investigated: false @@ -73625,13 +79585,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://gateway.sdl.com/apex/communityknowledge?articleName=000017707 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Seagull Scientific - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Lumina NUMARIS/X VA20A cves: cve-2021-4104: investigated: false @@ -73654,13 +79616,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.seagullscientific.com/hc/en-us/articles/4415794235543-Apache-Log4Shell-Vulnerability - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SecurePoint - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Sempra NUMARIS/X VA12M cves: cve-2021-4104: investigated: false @@ -73683,13 +79647,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securepoint.de/news/details/sicherheitsluecke-log4j-securepoint-loesungen-nicht-betroffen.html - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Security Onion - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Sola fit NUMARIS/X VA20A cves: cve-2021-4104: investigated: false @@ -73712,13 +79678,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Securonix - product: Extended Detection and Response (XDR) + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Sola NUMARIS/X VA20A cves: cve-2021-4104: investigated: false @@ -73726,9 +79694,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73742,13 +79709,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Securonix - product: Next Gen SIEM + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Vida fit NUMARIS/X VA20A cves: cve-2021-4104: investigated: false @@ -73756,9 +79725,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73772,13 +79740,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Securonix - product: Security Analytics and Operations Platform (SOAR) + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Vida NUMARIS/X VA10A* / VA20A cves: cve-2021-4104: investigated: false @@ -73786,9 +79756,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73802,13 +79771,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Securonix - product: SNYPR Application + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A cves: cve-2021-4104: investigated: false @@ -73831,13 +79802,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-OnPrem-Customer-Update.pdf - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Securonix - product: User and Entity Behavior Analytics(UEBA) + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Somatom Emotion Som5 VC50 cves: cve-2021-4104: investigated: false @@ -73845,9 +79816,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -73861,13 +79831,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Seeburger - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Somatom Scope Som5 VC50 cves: cve-2021-4104: investigated: false @@ -73890,14 +79860,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://servicedesk.seeburger.de/portal/en-US/Knowledge/Article/?defId=101040&id=25486312&COMMAND=Open - notes: This advisory is available to customers only and has not been reviewed - by CISA. + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SentinelOne - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A cves: cve-2021-4104: investigated: false @@ -73920,13 +79889,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sentinelone.com/blog/cve-2021-44228-staying-secure-apache-log4j-vulnerability/ - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Sentry - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Syngo MobileViewer VA10A cves: cve-2021-4104: investigated: false @@ -73949,13 +79918,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.sentry.io/2021/12/15/sentrys-response-to-log4j-vulnerability-cve-2021-44228 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: The vulnerability will be patch/mitigated in upcoming releases\patches. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SEP - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 + / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 cves: cve-2021-4104: investigated: false @@ -73978,13 +79948,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.sep.de/otrs/public.pl?Action=PublicFAQZoom;ItemID=132 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Server Eye - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 + - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 cves: cve-2021-4104: investigated: false @@ -74007,13 +79978,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.server-eye.de/blog/sicherheitsluecke-log4j-server-eye-systeme-sind-nicht-betroffen/ - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: Please contact your Customer Service to get support on mitigating the vulnerability. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ServiceNow - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 + - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B + / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 + / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 cves: cve-2021-4104: investigated: false @@ -74036,13 +80010,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Shibboleth - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: syngo.via WebViewer VA13B / VA20A / VA20B cves: cve-2021-4104: investigated: false @@ -74065,13 +80039,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://shibboleth.net/pipermail/announce/2021-December/000253.html - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Shibboleth - product: All Products + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: X.Ceed Somaris 10 VA40* cves: cve-2021-4104: investigated: false @@ -74079,12 +80053,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Identity Provider>=3.0 - - All other software versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -74096,13 +80068,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://shibboleth.net/pipermail/announce/2021-December/000253.html - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Shopify - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: X.Cite Somaris 10 VA30*/VA40* cves: cve-2021-4104: investigated: false @@ -74125,12 +80098,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.shopify.com/c/technical-q-a/is-shopify-affected-by-the-log4j-vulnerability/td-p/1417625 - notes: '' + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Siebel + last_updated: '2021-12-22T00:00:00' + - vendor: Sierra Wireless product: '' cves: cve-2021-4104: @@ -74154,43 +80128,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siebelhub.com/main/2021/12/log4j-vulnerability-cve-2021-44228-and-siebel-crm.html + - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Siemens - product: Affected Products - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens - product: Affected Products + - vendor: Sierra Wireless + product: AirVantage and Octave cloud platforms cves: cve-2021-4104: investigated: false @@ -74213,14 +80157,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' + - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs + notes: These systems do not operate with the specific non-standard configuration + required for CVE-2021-25046 and hence were not vulnerable to it. references: - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Siemens Energy - product: Affected Products + last_updated: '2022-01-05T00:00:00' + - vendor: Sierra Wireless + product: AM/AMM servers cves: cve-2021-4104: investigated: false @@ -74243,14 +80187,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' + - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Siemens Energy - product: Affected Products + last_updated: '2022-01-05T00:00:00' + - vendor: Signald + product: '' cves: cve-2021-4104: investigated: false @@ -74273,14 +80216,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' + - https://gitlab.com/signald/signald/-/issues/259 + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Siemens Energy - product: Affected Products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Silver Peak + product: Orchestrator, Silver Peak GMS cves: cve-2021-4104: investigated: false @@ -74303,14 +80245,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' + - https://www.arubanetworks.com/website/techdocs/sdwan/docs/advisories/media/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf + notes: Customer managed Orchestrator and legacy GMS products are affected by this + vulnerability. This includes on-premise and customer managed instances running + in public cloud services such as AWS, Azure, Google, or Oracle Cloud. See Corrective + Action Required for details about how to mitigate this exploit. references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Siemens Healthineers - product: ATELLICA DATA MANAGER v1.1.1 / v1.2.1 / v1.3.1 + last_updated: '2021-12-14T00:00:00' + - vendor: SingleWire + product: '' cves: cve-2021-4104: investigated: false @@ -74333,15 +80277,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: If you have determined that your Atellica Data Manager has a “Java communication - engine” service, and you require an immediate mitigation, then please contact - your Siemens Customer Care Center or your local Siemens technical support representative. + - https://support.singlewire.com/s/article/Apache-Log4j2-vulnerability-CVE-2021-44228 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: CENTRALINK v16.0.2 / v16.0.3 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SISCO + product: '' cves: cve-2021-4104: investigated: false @@ -74364,15 +80307,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: If you have determined that your CentraLink has a “Java communication engine” - service, and you require a mitigation, then please contact your Siemens Customer - Care Center or your local Siemens technical support representative. + - https://sisconet.com/sisco-news/log4j/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Cios Flow S1 / Alpha / Spin VA30 + last_updated: '2022-01-05T00:00:00' + - vendor: Sitecore + product: '' cves: cve-2021-4104: investigated: false @@ -74395,13 +80336,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001391 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Cios Select FD/I.I. VA21 / VA21-S3P + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Skillable + product: '' cves: cve-2021-4104: investigated: false @@ -74424,13 +80365,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://skillable.com/log4shell/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: DICOM Proxy VB10A + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SLF4J + product: '' cves: cve-2021-4104: investigated: false @@ -74453,13 +80394,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - http://slf4j.org/log4shell.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.All, Som10 VA20 / VA30 / VA40 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Slurm + product: Slurm cves: cve-2021-4104: investigated: false @@ -74467,10 +80408,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 20.11.8 cve-2021-45046: investigated: false affected_versions: [] @@ -74482,14 +80424,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://slurm.schedmd.com/documentation.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Fit, Som10 VA30 + last_updated: '2021-12-21T00:00:00' + - vendor: SMA Solar Technology AG + product: '' cves: cve-2021-4104: investigated: false @@ -74512,14 +80453,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://files.sma.de/downloads/HK_Log4j-en-10.pdf?_ga=2.237963714.352491368.1640298543-2015796445.1640298540 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Now, Som10 VA10 / VA20 / VA30 / VA40 + last_updated: '2022-01-05T00:00:00' + - vendor: SmartBear + product: '' cves: cve-2021-4104: investigated: false @@ -74542,14 +80482,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://smartbear.com/security/cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Open Pro, Som10 VA30 / VA40 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SmileCDR + product: '' cves: cve-2021-4104: investigated: false @@ -74572,14 +80511,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Sim, Som10 VA30 / VA40 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sn0m + product: '' cves: cve-2021-4104: investigated: false @@ -74602,14 +80540,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://www.snom.com/en/press/log4j-poses-no-threat-snom-phones/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Top, Som10 VA20 / VA20A_SP5 / VA30 / VA40 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Snakemake + product: Snakemake cves: cve-2021-4104: investigated: false @@ -74617,10 +80554,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 6.12.1 cve-2021-45046: investigated: false affected_versions: [] @@ -74632,14 +80570,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://snakemake.readthedocs.io/en/stable/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Up, Som10 VA10 / VA20 / VA30 / VA40 + last_updated: '2021-12-21T00:00:00' + - vendor: Snow Software + product: Snow Commander cves: cve-2021-4104: investigated: false @@ -74647,9 +80584,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 8.1 to 8.10.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -74662,15 +80600,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM AERA 1,5T, MAGNETOM PRISMA, MAGNETOM PRISMA FIT, MAGNETOM SKYRA - 3T NUMARIS/X VA30A + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Snow Software + product: VM Access Proxy cves: cve-2021-4104: investigated: false @@ -74678,9 +80614,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v3.1 to v3.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -74693,15 +80630,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Altea NUMARIS/X VA20A + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Snowflake + product: '' cves: cve-2021-4104: investigated: false @@ -74724,16 +80659,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://community.snowflake.com/s/article/No-Snowflake-exposure-to-Apache-Log4j-vulnerability-CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM ALTEA, MAGNETOM LUMINA, MAGNETOM SOLA, MAGNETOM VIDA NUMARIS/X - VA31A + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Snyk + product: Cloud Platform cves: cve-2021-4104: investigated: false @@ -74756,15 +80688,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://updates.snyk.io/snyk%27s-cloud-platform-all-clear-from-log4j-exploits-216499 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Amira NUMARIS/X VA12M + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Software AG + product: '' cves: cve-2021-4104: investigated: false @@ -74787,15 +80717,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://tech.forums.softwareag.com/t/log4j-zero-day-vulnerability/253849 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Free.Max NUMARIS/X VA40 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SolarWinds + product: Database Performance Analyzer (DPA) cves: cve-2021-4104: investigated: false @@ -74803,8 +80731,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2021.1.x + - 2021.3.x + - 2022.1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -74818,15 +80749,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 + notes: 'For more information, please see the following KB article: [link](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US)' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Lumina NUMARIS/X VA20A + last_updated: '2021-12-23T00:00:00' + - vendor: SolarWinds + product: Orion Platform cves: cve-2021-4104: investigated: false @@ -74849,15 +80778,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Sempra NUMARIS/X VA12M + last_updated: '2021-12-23T00:00:00' + - vendor: SolarWinds + product: Server & Application Monitor (SAM) cves: cve-2021-4104: investigated: false @@ -74865,8 +80792,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - SAM 2020.2.6 and later fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -74880,15 +80808,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 + notes: 'For more information, please see the following KB article for the latest + details specific to the SAM hotfix: [link](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US)' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Sola fit NUMARIS/X VA20A + last_updated: '2021-12-23T00:00:00' + - vendor: SonarSource + product: '' cves: cve-2021-4104: investigated: false @@ -74911,15 +80838,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Sola NUMARIS/X VA20A + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sonatype + product: All Products cves: cve-2021-4104: investigated: false @@ -74927,10 +80852,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Versions cve-2021-45046: investigated: false affected_versions: [] @@ -74942,15 +80868,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://help.sonatype.com/docs/important-announcements/sonatype-product-log4j-vulnerability-status + notes: Sonatype uses logback as the default logging solution as opposed to log4j. + This means our software including Nexus Lifecycle, Nexus Firewall, Nexus Repository + OSS and Nexus Repository Pro in versions 2.x and 3.x are NOT affected by the + reported log4j vulnerabilities. We still advise keeping your software upgraded + at the latest version. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Vida fit NUMARIS/X VA20A + last_updated: '2021-12-29T00:00:00' + - vendor: SonicWall + product: Access Points cves: cve-2021-4104: investigated: false @@ -74973,15 +80901,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the SonicWall Access Points references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Vida NUMARIS/X VA10A* / VA20A + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Analytics cves: cve-2021-4104: investigated: false @@ -75004,15 +80930,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Analyzer cves: cve-2021-4104: investigated: false @@ -75035,13 +80959,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Somatom Emotion Som5 VC50 + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Capture Client & Capture Client Portal cves: cve-2021-4104: investigated: false @@ -75064,13 +80988,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the Capture Client. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Somatom Scope Som5 VC50 + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Capture Security Appliance cves: cve-2021-4104: investigated: false @@ -75093,13 +81017,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the Capture Security appliance. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: CAS cves: cve-2021-4104: investigated: false @@ -75122,13 +81046,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Syngo MobileViewer VA10A + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Email Security cves: cve-2021-4104: investigated: false @@ -75151,14 +81075,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: The vulnerability will be patch/mitigated in upcoming releases\patches. + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: ES 10.0.11 and earlier versions are impacted references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 - / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 + last_updated: '2021-12-17T00:00:00' + - vendor: SonicWall + product: Gen5 Firewalls (EOS) cves: cve-2021-4104: investigated: false @@ -75181,14 +81104,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the appliance. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 - - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Gen6 Firewalls cves: cve-2021-4104: investigated: false @@ -75211,16 +81133,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: Please contact your Customer Service to get support on mitigating the vulnerability. + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the appliance. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 - - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B - / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 - / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Gen7 Firewalls cves: cve-2021-4104: investigated: false @@ -75243,13 +81162,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the appliance. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: syngo.via WebViewer VA13B / VA20A / VA20B + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: GMS cves: cve-2021-4104: investigated: false @@ -75272,13 +81191,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: X.Ceed Somaris 10 VA40* + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: MSW cves: cve-2021-4104: investigated: false @@ -75301,14 +81220,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Mysonicwall service doesn't use Log4j references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: X.Cite Somaris 10 VA30*/VA40* + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: NSM cves: cve-2021-4104: investigated: false @@ -75331,14 +81249,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: NSM On-Prem and SaaS doesn't use a vulnerable version references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Sierra Wireless - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: SMA 100 cves: cve-2021-4104: investigated: false @@ -75361,13 +81278,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the SMA100 appliance. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Sierra Wireless - product: AirVantage and Octave cloud platforms + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: SMA 1000 cves: cve-2021-4104: investigated: false @@ -75390,14 +81307,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs - notes: These systems do not operate with the specific non-standard configuration - required for CVE-2021-25046 and hence were not vulnerable to it. + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Version 12.1.0 and 12.4.1 doesn't use a vulnerable version references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Sierra Wireless - product: AM/AMM servers + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: SonicCore cves: cve-2021-4104: investigated: false @@ -75420,13 +81336,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: SonicCore doesn't use a Log4j2 references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Signald - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: SonicWall Switch cves: cve-2021-4104: investigated: false @@ -75449,13 +81365,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://gitlab.com/signald/signald/-/issues/259 - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the SonicWall Switch. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Silver Peak - product: Orchestrator, Silver Peak GMS + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: WAF cves: cve-2021-4104: investigated: false @@ -75478,16 +81394,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arubanetworks.com/website/techdocs/sdwan/docs/advisories/media/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf - notes: Customer managed Orchestrator and legacy GMS products are affected by this - vulnerability. This includes on-premise and customer managed instances running - in public cloud services such as AWS, Azure, Google, or Oracle Cloud. See Corrective - Action Required for details about how to mitigate this exploit. + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: SingleWire - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: WNM cves: cve-2021-4104: investigated: false @@ -75510,14 +81423,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.singlewire.com/s/article/Apache-Log4j2-vulnerability-CVE-2021-44228 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the WNM. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SISCO - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: WXA cves: cve-2021-4104: investigated: false @@ -75540,13 +81452,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sisconet.com/sisco-news/log4j/ - notes: '' + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: WXA doesn't use a vulnerable version references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Sitecore - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Cloud Optix cves: cve-2021-4104: investigated: false @@ -75569,13 +81481,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001391 - notes: '' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Users may have noticed a brief outage around 12:30 GMT as updates were + deployed. There was no evidence that the vulnerability was exploited and to + our knowledge no customers are impacted. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Skillable - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Reflexion cves: cve-2021-4104: investigated: false @@ -75598,13 +81512,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://skillable.com/log4shell/ - notes: '' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Reflexion does not run an exploitable configuration. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SLF4J - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: SG UTM (all versions) cves: cve-2021-4104: investigated: false @@ -75627,13 +81541,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://slf4j.org/log4shell.html - notes: '' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos SG UTM does not use Log4j. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Slurm - product: Slurm + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: SG UTM Manager (SUM) (all versions) cves: cve-2021-4104: investigated: false @@ -75645,7 +81559,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 20.11.8 + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -75657,13 +81571,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://slurm.schedmd.com/documentation.html - notes: '' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: SUM does not use Log4j. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: SMA Solar Technology AG - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Central cves: cve-2021-4104: investigated: false @@ -75686,13 +81600,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://files.sma.de/downloads/HK_Log4j-en-10.pdf?_ga=2.237963714.352491368.1640298543-2015796445.1640298540 - notes: '' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos Central does not run an exploitable configuration. references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: SmartBear - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Firewall (all versions) cves: cve-2021-4104: investigated: false @@ -75715,13 +81629,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://smartbear.com/security/cve-2021-44228/ - notes: '' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos Firewall does not use Log4j. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SmileCDR - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Home cves: cve-2021-4104: investigated: false @@ -75744,13 +81658,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228 - notes: '' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos Home does not use Log4j. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Sn0m - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Mobile cves: cve-2021-4104: investigated: false @@ -75773,13 +81687,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.snom.com/en/press/log4j-poses-no-threat-snom-phones/ - notes: '' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos Mobile (in Central, SaaS, and on-premises) does not run an exploitable + configuration. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Snakemake - product: Snakemake + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Mobile EAS Proxy cves: cve-2021-4104: investigated: false @@ -75788,10 +81703,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - < 9.7.2 fixed_versions: [] - unaffected_versions: - - 6.12.1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -75803,13 +81718,17 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://snakemake.readthedocs.io/en/stable/ - notes: '' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: The Sophos Mobile EAS Proxy, running in Traffic Mode, is affected. Customers + will need to download and install version 9.7.2, available from Monday December + 13, 2021, on the same machine where it is currently running. PowerShell mode + is not affected. Customers can download the Standalone EAS Proxy Installer version + 9.7.2 from the Sophos website. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Snow Software - product: Snow Commander + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos ZTNA cves: cve-2021-4104: investigated: false @@ -75817,10 +81736,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 8.1 to 8.10.2 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -75833,13 +81751,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS - notes: '' + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos ZTNA does not use Log4j. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Snow Software - product: VM Access Proxy + last_updated: '2021-12-12T00:00:00' + - vendor: SOS Berlin + product: '' cves: cve-2021-4104: investigated: false @@ -75847,10 +81765,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - v3.1 to v3.6 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -75863,13 +81780,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS + - https://www.sos-berlin.com/en/news-mitigation-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Snowflake - product: '' + - vendor: Spacelabs Healthcare + product: ABP cves: cve-2021-4104: investigated: false @@ -75877,10 +81794,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - OnTrak + - 90217A + - and 90207 cve-2021-45046: investigated: false affected_versions: [] @@ -75892,13 +81812,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.snowflake.com/s/article/No-Snowflake-exposure-to-Apache-Log4j-vulnerability-CVE-2021-44228 + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Snyk - product: Cloud Platform + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: CardioExpress cves: cve-2021-4104: investigated: false @@ -75906,10 +81826,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - SL6A + - SL12A + - and SL18A cve-2021-45046: investigated: false affected_versions: [] @@ -75921,13 +81844,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://updates.snyk.io/snyk%27s-cloud-platform-all-clear-from-log4j-exploits-216499 + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Software AG - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: DM3 and DM4 Monitors cves: cve-2021-4104: investigated: false @@ -75950,45 +81873,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tech.forums.softwareag.com/t/log4j-zero-day-vulnerability/253849 + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SolarWinds - product: Database Performance Analyzer (DPA) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 2021.1.x - - 2021.3.x - - 2022.1.x - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 - notes: 'For more information, please see the following KB article: [link](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US)' - references: - - '' - last_updated: '2021-12-23T00:00:00' - - vendor: SolarWinds - product: Orion Platform + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Eclipse Pro cves: cve-2021-4104: investigated: false @@ -76011,13 +81902,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: SolarWinds - product: Server & Application Monitor (SAM) + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: EVO cves: cve-2021-4104: investigated: false @@ -76025,9 +81916,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - SAM 2020.2.6 and later + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -76041,14 +81931,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 - notes: 'For more information, please see the following KB article for the latest - details specific to the SAM hotfix: [link](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US)' + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: SonarSource - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Intesys Clinical Suite (ICS) cves: cve-2021-4104: investigated: false @@ -76071,13 +81960,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721 + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Sonatype - product: All Products + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Intesys Clinical Suite (ICS) Clinical Access Workstations cves: cve-2021-4104: investigated: false @@ -76085,11 +81974,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -76101,17 +81989,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.sonatype.com/docs/important-announcements/sonatype-product-log4j-vulnerability-status - notes: Sonatype uses logback as the default logging solution as opposed to log4j. - This means our software including Nexus Lifecycle, Nexus Firewall, Nexus Repository - OSS and Nexus Repository Pro in versions 2.x and 3.x are NOT affected by the - reported log4j vulnerabilities. We still advise keeping your software upgraded - at the latest version. + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-29T00:00:00' - - vendor: SonicWall - product: Access Points + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Lifescreen Pro cves: cve-2021-4104: investigated: false @@ -76134,13 +82018,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the SonicWall Access Points + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Analytics + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Pathfinder SL cves: cve-2021-4104: investigated: false @@ -76163,13 +82047,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Analyzer + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Qube cves: cve-2021-4104: investigated: false @@ -76177,10 +82061,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91390' cve-2021-45046: investigated: false affected_versions: [] @@ -76192,13 +82077,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Capture Client & Capture Client Portal + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Qube Mini cves: cve-2021-4104: investigated: false @@ -76206,10 +82091,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91389' cve-2021-45046: investigated: false affected_versions: [] @@ -76221,13 +82107,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the Capture Client. + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Capture Security Appliance + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: SafeNSound cves: cve-2021-4104: investigated: false @@ -76235,9 +82121,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -76250,13 +82137,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the Capture Security appliance. + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: Version >4.3.1 - Not Affected references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: CAS + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Sentinel cves: cve-2021-4104: investigated: false @@ -76279,13 +82166,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Email Security + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Spacelabs Cloud cves: cve-2021-4104: investigated: false @@ -76308,13 +82195,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: ES 10.0.11 and earlier versions are impacted + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: SonicWall - product: Gen5 Firewalls (EOS) + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Ultraview SL cves: cve-2021-4104: investigated: false @@ -76322,10 +82209,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91367' + - '91369' + - '91370' + - and 91387 cve-2021-45046: investigated: false affected_versions: [] @@ -76337,13 +82228,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the appliance. + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Gen6 Firewalls + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Xhibit Telemetry Receiver (XTR) cves: cve-2021-4104: investigated: false @@ -76351,10 +82242,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '96280' cve-2021-45046: investigated: false affected_versions: [] @@ -76366,13 +82258,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the appliance. + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Gen7 Firewalls + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Xhibit, XC4 cves: cve-2021-4104: investigated: false @@ -76380,10 +82272,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Xhibit 96102 + - XC4 96501 cve-2021-45046: investigated: false affected_versions: [] @@ -76395,13 +82289,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the appliance. + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: GMS + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: XprezzNet cves: cve-2021-4104: investigated: false @@ -76409,10 +82303,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '96190' cve-2021-45046: investigated: false affected_versions: [] @@ -76424,13 +82319,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: MSW + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Xprezzon cves: cve-2021-4104: investigated: false @@ -76438,10 +82333,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91393' cve-2021-45046: investigated: false affected_versions: [] @@ -76453,13 +82349,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Mysonicwall service doesn't use Log4j + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: NSM + last_updated: '2022-01-05T00:00:00' + - vendor: Spambrella + product: '' cves: cve-2021-4104: investigated: false @@ -76482,13 +82378,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: NSM On-Prem and SaaS doesn't use a vulnerable version + - https://www.spambrella.com/faq/status-of-spambrella-products-with-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: SMA 100 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Spigot + product: '' cves: cve-2021-4104: investigated: false @@ -76511,13 +82407,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the SMA100 appliance. + - https://www.spigotmc.org/threads/spigot-security-releases-%E2%80%94-1-8-8%E2%80%931-18.537204/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: SMA 1000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Splunk + product: Data Stream Processor cves: cve-2021-4104: investigated: false @@ -76525,8 +82421,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - DSP 1.0.x + - DSP 1.1.x + - DSP 1.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -76540,13 +82439,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Version 12.1.0 and 12.4.1 doesn't use a vulnerable version + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: SonicCore + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: IT Essentials Work [App ID 5403](https://splunkbase.splunk.com/app/5403/) cves: cve-2021-4104: investigated: false @@ -76554,8 +82453,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '4.11' + - 4.10.x (Cloud only) + - 4.9.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -76569,13 +82471,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: SonicCore doesn't use a Log4j2 + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: SonicWall Switch + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: IT Service Intelligence (ITSI) [App ID 1841](https://splunkbase.splunk.com/app/1841/) cves: cve-2021-4104: investigated: false @@ -76583,8 +82485,15 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.11.0 + - 4.10.x (Cloud only) + - 4.9.x + - 4.8.x (Cloud only) + - 4.7.x + - 4.6.x + - 4.5.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -76598,13 +82507,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the SonicWall Switch. + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: WAF + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Add-On for Java Management Extensions [App ID 2647](https://splunkbase.splunk.com/app/2647) cves: cve-2021-4104: investigated: false @@ -76612,8 +82521,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 5.2.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -76627,13 +82537,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: WNM + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Add-On for Tomcat [App ID 2911](https://splunkbase.splunk.com/app/2911/) cves: cve-2021-4104: investigated: false @@ -76641,8 +82551,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.0.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -76656,13 +82567,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the WNM. + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: WXA + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Application Performance Monitoring cves: cve-2021-4104: investigated: false @@ -76670,8 +82581,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -76685,13 +82597,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: WXA doesn't use a vulnerable version + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Cloud Optix + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Connect for Kafka cves: cve-2021-4104: investigated: false @@ -76699,8 +82611,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions prior to 2.0.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -76714,15 +82627,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Users may have noticed a brief outage around 12:30 GMT as updates were - deployed. There was no evidence that the vulnerability was exploited and to - our knowledge no customers are impacted. + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Reflexion + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Enterprise (including instance types like Heavy Forwarders) cves: cve-2021-4104: investigated: false @@ -76730,8 +82641,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All supported non-Windows versions of 8.1.x and 8.2.x only if DFS is used. + See Removing Log4j from Splunk Enterprise below for guidance on unsupported + versions. fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -76745,13 +82659,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Reflexion does not run an exploitable configuration. + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: SG UTM (all versions) + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Enterprise Amazon Machine Image (AMI) cves: cve-2021-4104: investigated: false @@ -76759,8 +82673,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - See Splunk Enterprise fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -76774,13 +82689,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos SG UTM does not use Log4j. + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: SG UTM Manager (SUM) (all versions) + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Enterprise Docker Container cves: cve-2021-4104: investigated: false @@ -76789,10 +82704,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - See Splunk Enterprise fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -76804,13 +82719,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: SUM does not use Log4j. + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Central + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Infrastructure Monitoring cves: cve-2021-4104: investigated: false @@ -76818,8 +82733,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -76833,13 +82749,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos Central does not run an exploitable configuration. + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Firewall (all versions) + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Log Observer cves: cve-2021-4104: investigated: false @@ -76847,8 +82763,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -76862,13 +82779,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos Firewall does not use Log4j. + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Home + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Logging Library for Java cves: cve-2021-4104: investigated: false @@ -76876,8 +82793,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.11.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -76891,13 +82809,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos Home does not use Log4j. + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Mobile + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk On-call / VictorOps cves: cve-2021-4104: investigated: false @@ -76905,8 +82823,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -76920,14 +82839,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos Mobile (in Central, SaaS, and on-premises) does not run an exploitable - configuration. + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Mobile EAS Proxy + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk OVA for VMWare [App ID 3216](https://splunkbase.splunk.com/app/3216/) cves: cve-2021-4104: investigated: false @@ -76937,7 +82855,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 9.7.2 + - 4.0.3 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -76951,17 +82869,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: The Sophos Mobile EAS Proxy, running in Traffic Mode, is affected. Customers - will need to download and install version 9.7.2, available from Monday December - 13, 2021, on the same machine where it is currently running. PowerShell mode - is not affected. Customers can download the Standalone EAS Proxy Installer version - 9.7.2 from the Sophos website. + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos ZTNA + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk OVA for VMWare Metrics [App ID 5096](https://splunkbase.splunk.com/app/5096/) cves: cve-2021-4104: investigated: false @@ -76969,8 +82883,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.2.1 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -76984,13 +82899,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos ZTNA does not use Log4j. + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SOS Berlin - product: '' + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Real User Monitoring cves: cve-2021-4104: investigated: false @@ -76998,8 +82913,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77013,13 +82929,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sos-berlin.com/en/news-mitigation-log4j-vulnerability + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Spacelabs Healthcare - product: ABP + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Splunk Add-On for JBoss [App ID 2954](https://splunkbase.splunk.com/app/2954/) cves: cve-2021-4104: investigated: false @@ -77028,12 +82944,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 3.0.0 and older fixed_versions: [] - unaffected_versions: - - OnTrak - - 90217A - - and 90207 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77045,13 +82959,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: CardioExpress + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk Synthetics cves: cve-2021-4104: investigated: false @@ -77060,12 +82974,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Current fixed_versions: [] - unaffected_versions: - - SL6A - - SL12A - - and SL18A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77077,13 +82989,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: DM3 and DM4 Monitors + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk UBA OVA Software cves: cve-2021-4104: investigated: false @@ -77091,8 +83003,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 5.0.3a + - 5.0.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77106,13 +83020,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Eclipse Pro + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Splunk + product: Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) cves: cve-2021-4104: investigated: false @@ -77120,8 +83034,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.1.1 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77135,13 +83050,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: EVO + last_updated: '2021-12-30T08:20:00-08:00' + - vendor: Sprecher Automation + product: '' cves: cve-2021-4104: investigated: false @@ -77164,13 +83079,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://www.sprecher-automation.com/en/it-security/security-alerts notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Intesys Clinical Suite (ICS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Spring + product: Spring Boot cves: cve-2021-4104: investigated: false @@ -77193,13 +83108,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: '' + - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot + notes: Spring Boot users are only affected by this vulnerability if they have + switched the default logging system to Log4J2 references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Intesys Clinical Suite (ICS) Clinical Access Workstations + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Spring Boot + product: '' cves: cve-2021-4104: investigated: false @@ -77222,13 +83138,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Lifescreen Pro + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: StarDog + product: '' cves: cve-2021-4104: investigated: false @@ -77251,13 +83167,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://community.stardog.com/t/stardog-7-8-1-available/3411 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Pathfinder SL + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: STERIS + product: Advantage cves: cve-2021-4104: investigated: false @@ -77280,13 +83196,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Qube + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Advantage Plus cves: cve-2021-4104: investigated: false @@ -77294,11 +83210,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91390' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77310,13 +83225,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Qube Mini + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO 2000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -77324,11 +83239,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91389' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77340,13 +83254,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: SafeNSound + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO 3000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -77354,10 +83268,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 4.3.1 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -77370,13 +83283,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: Version >4.3.1 - Not Affected + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Sentinel + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO 400 MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -77399,13 +83312,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Spacelabs Cloud + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO 400 SMALL STEAM STERILIZERS cves: cve-2021-4104: investigated: false @@ -77428,13 +83341,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Ultraview SL + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO 5000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -77442,14 +83355,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91367' - - '91369' - - '91370' - - and 91387 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77461,13 +83370,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Xhibit Telemetry Receiver (XTR) + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO 600 MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -77475,11 +83384,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '96280' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77491,13 +83399,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Xhibit, XC4 + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO 7000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -77505,12 +83413,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Xhibit 96102 - - XC4 96501 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77522,13 +83428,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: XprezzNet + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO CENTURY MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -77536,11 +83442,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '96190' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77552,13 +83457,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Xprezzon + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO CENTURY SMALL STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -77566,11 +83471,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91393' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -77582,13 +83486,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spambrella - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO EAGLE 3000 SERIES STAGE 3 STEAM STERILIZERS cves: cve-2021-4104: investigated: false @@ -77611,13 +83515,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spambrella.com/faq/status-of-spambrella-products-with-cve-2021-44228/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Spigot - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO EVOLUTION FLOOR LOADER STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -77640,13 +83544,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spigotmc.org/threads/spigot-security-releases-%E2%80%94-1-8-8%E2%80%931-18.537204/ + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Splunk - product: Data Stream Processor + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: AMSCO EVOLUTION MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -77654,11 +83558,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - DSP 1.0.x - - DSP 1.1.x - - DSP 1.2.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77672,13 +83573,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: IT Essentials Work [App ID 5403](https://splunkbase.splunk.com/app/5403/) + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Canexis 1.0 cves: cve-2021-4104: investigated: false @@ -77686,11 +83587,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '4.11' - - 4.10.x (Cloud only) - - 4.9.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77704,13 +83602,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: IT Service Intelligence (ITSI) [App ID 1841](https://splunkbase.splunk.com/app/1841/) + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: CELERITY HP INCUBATOR cves: cve-2021-4104: investigated: false @@ -77718,15 +83616,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 4.11.0 - - 4.10.x (Cloud only) - - 4.9.x - - 4.8.x (Cloud only) - - 4.7.x - - 4.6.x - - 4.5.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77740,13 +83631,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Add-On for Java Management Extensions [App ID 2647](https://splunkbase.splunk.com/app/2647) + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: CELERITY STEAM INCUBATOR cves: cve-2021-4104: investigated: false @@ -77754,9 +83645,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 5.2.0 and older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77770,13 +83660,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Add-On for Tomcat [App ID 2911](https://splunkbase.splunk.com/app/2911/) + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: CER Optima cves: cve-2021-4104: investigated: false @@ -77784,9 +83674,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 3.0.0 and older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77800,13 +83689,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Application Performance Monitoring + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Clarity Software cves: cve-2021-4104: investigated: false @@ -77814,9 +83703,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77830,13 +83718,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Connect for Kafka + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Connect Software cves: cve-2021-4104: investigated: false @@ -77844,9 +83732,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions prior to 2.0.4 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77860,13 +83747,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Enterprise (including instance types like Heavy Forwarders) + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: ConnectAssure Technology cves: cve-2021-4104: investigated: false @@ -77874,11 +83761,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All supported non-Windows versions of 8.1.x and 8.2.x only if DFS is used. - See Removing Log4j from Splunk Enterprise below for guidance on unsupported - versions. + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77892,13 +83776,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Enterprise Amazon Machine Image (AMI) + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: ConnectoHIS cves: cve-2021-4104: investigated: false @@ -77906,9 +83790,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - See Splunk Enterprise + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77922,13 +83805,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Enterprise Docker Container + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: CS-iQ Sterile Processing Workflow cves: cve-2021-4104: investigated: false @@ -77936,9 +83819,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - See Splunk Enterprise + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77952,13 +83834,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Infrastructure Monitoring + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: DSD Edge cves: cve-2021-4104: investigated: false @@ -77966,9 +83848,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -77982,13 +83863,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Log Observer + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: DSD-201, cves: cve-2021-4104: investigated: false @@ -77996,9 +83877,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78012,13 +83892,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Logging Library for Java + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: EndoDry cves: cve-2021-4104: investigated: false @@ -78026,9 +83906,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 1.11.0 and older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78042,13 +83921,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk On-call / VictorOps + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Endora cves: cve-2021-4104: investigated: false @@ -78056,9 +83935,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78072,13 +83950,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk OVA for VMWare [App ID 3216](https://splunkbase.splunk.com/app/3216/) + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Harmony iQ Integration Systems cves: cve-2021-4104: investigated: false @@ -78086,9 +83964,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 4.0.3 and older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78102,13 +83979,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk OVA for VMWare Metrics [App ID 5096](https://splunkbase.splunk.com/app/5096/) + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: Harmony iQ Perspectives Image Management System cves: cve-2021-4104: investigated: false @@ -78116,9 +83993,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 4.2.1 and older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78132,13 +84008,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Real User Monitoring + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: HexaVue cves: cve-2021-4104: investigated: false @@ -78146,9 +84022,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78162,13 +84037,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Splunk Add-On for JBoss [App ID 2954](https://splunkbase.splunk.com/app/2954/) + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: HexaVue Integration System cves: cve-2021-4104: investigated: false @@ -78176,9 +84051,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 3.0.0 and older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78192,13 +84066,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk Synthetics + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: IDSS Integration System cves: cve-2021-4104: investigated: false @@ -78206,9 +84080,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78222,13 +84095,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk UBA OVA Software + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: RapidAER cves: cve-2021-4104: investigated: false @@ -78236,10 +84109,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 5.0.3a - - 5.0.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78253,13 +84124,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Splunk - product: Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: ReadyTracker cves: cve-2021-4104: investigated: false @@ -78267,9 +84138,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 1.1.1 and older + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -78283,13 +84153,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2021-12-30T08:20:00-08:00' - - vendor: Sprecher Automation - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: RealView Visual Workflow Management System cves: cve-2021-4104: investigated: false @@ -78312,13 +84182,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sprecher-automation.com/en/it-security/security-alerts + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Spring - product: Spring Boot + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: RELIANCE 444 WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -78341,14 +84211,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot - notes: Spring Boot users are only affected by this vulnerability if they have - switched the default logging system to Log4J2 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Spring Boot - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: RELIANCE SYNERGY WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -78371,13 +84240,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: StarDog - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: STERIS + product: RELIANCE VISION 1300 SERIES CART AND UTENSIL WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -78400,13 +84269,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.stardog.com/t/stardog-7-8-1-available/3411 + - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Advantage + product: RELIANCE VISION MULTI- CHAMBER WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -78435,7 +84304,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Advantage Plus + product: RELIANCE VISION SINGLE CHAMBER WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -78464,7 +84333,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 2000 SERIES WASHER DISINFECTORS + product: Renatron cves: cve-2021-4104: investigated: false @@ -78493,7 +84362,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 3000 SERIES WASHER DISINFECTORS + product: ScopeBuddy+ cves: cve-2021-4104: investigated: false @@ -78522,7 +84391,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 400 MEDIUM STEAM STERILIZER + product: SecureCare ProConnect Technical Support Services cves: cve-2021-4104: investigated: false @@ -78551,7 +84420,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 400 SMALL STEAM STERILIZERS + product: Situational Awareness for Everyone Display (S.A.F.E.) cves: cve-2021-4104: investigated: false @@ -78580,7 +84449,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 5000 SERIES WASHER DISINFECTORS + product: SPM Surgical Asset Tracking Software cves: cve-2021-4104: investigated: false @@ -78609,7 +84478,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 600 MEDIUM STEAM STERILIZER + product: SYSTEM 1 endo LIQUID CHEMICAL STERILANT PROCESSING SYSTEM cves: cve-2021-4104: investigated: false @@ -78638,7 +84507,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 7000 SERIES WASHER DISINFECTORS + product: V-PRO 1 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -78667,7 +84536,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO CENTURY MEDIUM STEAM STERILIZER + product: V-PRO 1 PLUS LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -78696,7 +84565,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO CENTURY SMALL STEAM STERILIZER + product: V-PRO MAX 2 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -78725,7 +84594,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO EAGLE 3000 SERIES STAGE 3 STEAM STERILIZERS + product: V-PRO MAX LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -78754,7 +84623,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO EVOLUTION FLOOR LOADER STEAM STERILIZER + product: V-PRO S2 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -78783,7 +84652,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO EVOLUTION MEDIUM STEAM STERILIZER + product: VERIFY INCUBATOR FOR ASSERT SELF-CONTAINED BIOLOGICAL INDICATORS cves: cve-2021-4104: investigated: false @@ -78811,8 +84680,8 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Canexis 1.0 + - vendor: Sterling Order IBM + product: '' cves: cve-2021-4104: investigated: false @@ -78835,13 +84704,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.ibm.com/support/pages/node/6525544 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: CELERITY HP INCUBATOR + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Storagement + product: '' cves: cve-2021-4104: investigated: false @@ -78864,13 +84733,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.storagement.de/index.php?action=topicofthemonth&site=log4j notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: CELERITY STEAM INCUBATOR + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: StormShield + product: '' cves: cve-2021-4104: investigated: false @@ -78893,13 +84762,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.stormshield.com/news/log4shell-security-alert-stormshield-product-response/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: CER Optima + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: StrangeBee TheHive & Cortex + product: '' cves: cve-2021-4104: investigated: false @@ -78922,13 +84791,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://blog.strangebee.com/apache-log4j-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Clarity Software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Stratodesk + product: '' cves: cve-2021-4104: investigated: false @@ -78951,13 +84820,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - http://cdn.stratodesk.com/repository/notouch-center/10/4.5.231/0/ReleaseNotes-Stratodesk-NoTouch_Center-4.5.231.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Connect Software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Strimzi + product: '' cves: cve-2021-4104: investigated: false @@ -78980,13 +84849,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://strimzi.io/blog/2021/12/14/strimzi-and-log4shell/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: ConnectAssure Technology + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Stripe + product: '' cves: cve-2021-4104: investigated: false @@ -79009,13 +84878,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://support.stripe.com/questions/update-for-apache-log4j-vulnerability-(cve-2021-44228) notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: ConnectoHIS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Styra + product: '' cves: cve-2021-4104: investigated: false @@ -79038,13 +84907,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://blog.styra.com/blog/newest-log4j-security-vulnerability-cve-2021-44228-log4shell notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: CS-iQ Sterile Processing Workflow + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sumologic + product: '' cves: cve-2021-4104: investigated: false @@ -79067,13 +84936,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://docs.google.com/document/d/e/2PACX-1vSdeODZ2E5k0aZgHm06OJWhDQWgtxxB0ZIrTsuQjg5xaoxlogmTVGdOWoSFtDlZBdHzY6ET6k6Sk-g1/pub notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: DSD Edge + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SumoLogic + product: '' cves: cve-2021-4104: investigated: false @@ -79096,13 +84965,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://help.sumologic.com/Release-Notes/Collector-Release-Notes#december-11-2021-19-361-12 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: DSD-201, + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Superna EYEGLASS + product: '' cves: cve-2021-4104: investigated: false @@ -79125,13 +84994,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://manuals.supernaeyeglass.com/project-technical-advisories-all-products/HTML/technical-advisories.html#h2__1912345025 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: EndoDry + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Suprema Inc + product: '' cves: cve-2021-4104: investigated: false @@ -79154,13 +85023,158 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.supremainc.com/en/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Endora + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SUSE + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.suse.com/c/suse-statement-on-log4j-log4shell-cve-2021-44228-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sweepwidget + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://sweepwidget.com/view/23032-v9f40ns1/4zow83-23032 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Swyx + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://service.swyx.net/hc/de/articles/4412323539474 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Synchro MSP + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.syncromsp.com/t/log4j-rce-cve-2021-4428/1350 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Syncplify + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.syncplify.com/no-we-are-not-affected-by-log4j-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Synology + product: '' cves: cve-2021-4104: investigated: false @@ -79183,13 +85197,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.synology.com/en-global/security/advisory/Synology_SA_21_30 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Harmony iQ Integration Systems + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Synopsys + product: '' cves: cve-2021-4104: investigated: false @@ -79212,13 +85226,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://community.synopsys.com/s/article/SIG-Security-Advisory-for-Apache-Log4J2-CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Harmony iQ Perspectives Image Management System + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Syntevo + product: '' cves: cve-2021-4104: investigated: false @@ -79241,13 +85255,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.syntevo.com/blog/?p=5240 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: HexaVue + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SysAid + product: '' cves: cve-2021-4104: investigated: false @@ -79270,13 +85284,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.sysaid.com/lp/important-update-regarding-apache-log4j notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: HexaVue Integration System + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sysdig + product: '' cves: cve-2021-4104: investigated: false @@ -79299,13 +85313,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://sysdig.com/blog/cve-critical-vulnerability-log4j/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: IDSS Integration System + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tableau + product: Tableau Bridge cves: cve-2021-4104: investigated: false @@ -79313,8 +85327,21 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'The following versions and lower: 20214.21.1109.1748' + - 20213.21.1112.1434 + - 20212.21.0818.1843 + - 20211.21.0617.1133 + - 20204.21.0217.1203 + - 20203.20.0913.2112 + - 20202.20.0721.1350 + - 20201.20.0614.2321 + - 20194.20.0614.2307 + - 20193.20.0614.2306 + - 20192.19.0917.1648 + - 20191.19.0402.1911 + - 20183.19.0115.1143 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -79328,13 +85355,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RapidAER + - vendor: Tableau + product: Tableau Desktop cves: cve-2021-4104: investigated: false @@ -79342,8 +85369,21 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'The following versions and lower: 2021.4' + - 2021.3.4 + - 2021.2.5 + - 2021.1.8 + - 2020.4.11 + - 2020.3.14 + - 2020.2.19 + - 2020.1.22 + - 2019.4.25 + - 2019.3.26 + - 2019.2.29 + - 2019.1.29 + - 2018.3.29 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -79357,13 +85397,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: ReadyTracker + - vendor: Tableau + product: Tableau Prep Builder cves: cve-2021-4104: investigated: false @@ -79371,8 +85411,21 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'The following versions and lower: 22021.4.1' + - 2021.3.2 + - 2021.2.2 + - 2021.1.4 + - 2020.4.1 + - 2020.3.3 + - 2020.2.3 + - 2020.1.5 + - 2019.4.2 + - 2019.3.2 + - 2019.2.3 + - 2019.1.4 + - 2018.3.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -79386,13 +85439,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RealView Visual Workflow Management System + - vendor: Tableau + product: Tableau Public Desktop Client cves: cve-2021-4104: investigated: false @@ -79400,8 +85453,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'The following versions and lower: 2021.4' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -79415,13 +85469,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RELIANCE 444 WASHER DISINFECTOR + - vendor: Tableau + product: Tableau Reader cves: cve-2021-4104: investigated: false @@ -79429,8 +85483,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'The following versions and lower: 2021.4' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -79444,13 +85499,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RELIANCE SYNERGY WASHER DISINFECTOR + - vendor: Tableau + product: Tableau Server cves: cve-2021-4104: investigated: false @@ -79458,8 +85513,21 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'The following versions and lower: 2021.4' + - 2021.3.4 + - 2021.2.5 + - 2021.1.8 + - 2020.4.11 + - 2020.3.14 + - 2020.2.19 + - 2020.1.22 + - 2019.4.25 + - 2019.3.26 + - 2019.2.29 + - 2019.1.29 + - 2018.3.29 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -79473,13 +85541,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RELIANCE VISION 1300 SERIES CART AND UTENSIL WASHER DISINFECTORS + - vendor: Talend + product: '' cves: cve-2021-4104: investigated: false @@ -79502,13 +85570,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://jira.talendforge.org/browse/TCOMP-2054 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RELIANCE VISION MULTI- CHAMBER WASHER DISINFECTOR + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tanium + product: All cves: cve-2021-4104: investigated: false @@ -79516,10 +85584,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -79531,13 +85600,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' + - https://tanium.my.salesforce.com/sfc/p/#60000000IYkG/a/7V000000PeT8/8C98AHl7wP5_lpUwp3qmY5sSdwXx6wG6LE4gPYlxO8c + notes: Tanium does not use Log4j. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: RELIANCE VISION SINGLE CHAMBER WASHER DISINFECTOR + last_updated: '2021-12-21T00:00:00' + - vendor: TealiumIQ + product: '' cves: cve-2021-4104: investigated: false @@ -79560,13 +85629,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://community.tealiumiq.com/t5/Announcements-Blog/Update-on-Log4j-Security-Vulnerability/ba-p/36824 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Renatron + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: TeamPasswordManager + product: '' cves: cve-2021-4104: investigated: false @@ -79589,13 +85658,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://teampasswordmanager.com/blog/log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: ScopeBuddy+ + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Teamviewer + product: '' cves: cve-2021-4104: investigated: false @@ -79618,13 +85687,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.teamviewer.com/en/trust-center/security-bulletins/hotfix-log4j2-issue/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: SecureCare ProConnect Technical Support Services + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tech Software + product: OneAegis (f/k/a IRBManager) cves: cve-2021-4104: investigated: false @@ -79632,10 +85701,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -79647,13 +85717,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' + - https://support.techsoftware.com/hc/en-us/articles/4412825948179 + notes: OneAegis does not use Log4j. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: Situational Awareness for Everyone Display (S.A.F.E.) + last_updated: '2021-12-15T00:00:00' + - vendor: Tech Software + product: SMART cves: cve-2021-4104: investigated: false @@ -79661,10 +85731,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All versions + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.techsoftware.com/hc/en-us/articles/4412825948179 + notes: SMART does not use Log4j. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Tech Software + product: Study Binders + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -79676,13 +85777,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf - notes: '' + - https://support.techsoftware.com/hc/en-us/articles/4412825948179 + notes: Study Binders does not use Log4j. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: SPM Surgical Asset Tracking Software + last_updated: '2021-12-15T00:00:00' + - vendor: TechSmith + product: '' cves: cve-2021-4104: investigated: false @@ -79705,13 +85806,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://support.techsmith.com/hc/en-us/articles/4416620527885?input_string=log4j notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: SYSTEM 1 endo LIQUID CHEMICAL STERILANT PROCESSING SYSTEM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Telestream + product: '' cves: cve-2021-4104: investigated: false @@ -79734,13 +85835,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - http://www.telestream.net/telestream-support/Apache-Log4j2-Bulletin.htm notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: V-PRO 1 LOW TEMPERATURE STERILIZATION SYSTEM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tenable + product: Tenable.io / Nessus cves: cve-2021-4104: investigated: false @@ -79763,13 +85864,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://www.tenable.com/log4j + notes: None of Tenable’s products are running the version of Log4j vulnerable + to CVE-2021-44228 or CVE-2021-45046 at this time + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Thales + product: CADP/SafeNet Protect App (PA) - JCE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: V-PRO 1 PLUS LOW TEMPERATURE STERILIZATION SYSTEM + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Application Data Protection (CADP) – CAPI.net & Net Core cves: cve-2021-4104: investigated: false @@ -79792,13 +85923,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: V-PRO MAX 2 LOW TEMPERATURE STERILIZATION SYSTEM + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Batch Data Transformation (BDT) 2.3 cves: cve-2021-4104: investigated: false @@ -79821,13 +85952,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: V-PRO MAX LOW TEMPERATURE STERILIZATION SYSTEM + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Cloud Key Manager (CCKM) Appliance cves: cve-2021-4104: investigated: false @@ -79850,13 +85981,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: V-PRO S2 LOW TEMPERATURE STERILIZATION SYSTEM + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Cloud Key Manager (CCKM) Embedded cves: cve-2021-4104: investigated: false @@ -79879,13 +86010,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: STERIS - product: VERIFY INCUBATOR FOR ASSERT SELF-CONTAINED BIOLOGICAL INDICATORS + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Database Protection cves: cve-2021-4104: investigated: false @@ -79908,13 +86039,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Sterling Order IBM - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Manager cves: cve-2021-4104: investigated: false @@ -79937,13 +86068,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ibm.com/support/pages/node/6525544 + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Storagement - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Transparent Encryption (CTE/VTE/CTE-U) cves: cve-2021-4104: investigated: false @@ -79966,13 +86097,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.storagement.de/index.php?action=topicofthemonth&site=log4j + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: StormShield - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Vaulted Tokenization (CT-V) / SafeNet Tokenization Manager cves: cve-2021-4104: investigated: false @@ -79995,13 +86126,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.stormshield.com/news/log4shell-security-alert-stormshield-product-response/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: StrangeBee TheHive & Cortex - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust Vaultless Tokenization (CTS, CT-VL) cves: cve-2021-4104: investigated: false @@ -80024,13 +86155,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.strangebee.com/apache-log4j-cve-2021-44228/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Stratodesk - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: CipherTrust/SafeNet PDBCTL cves: cve-2021-4104: investigated: false @@ -80053,13 +86184,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://cdn.stratodesk.com/repository/notouch-center/10/4.5.231/0/ReleaseNotes-Stratodesk-NoTouch_Center-4.5.231.html + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Strimzi - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Crypto Command Center (CCC) cves: cve-2021-4104: investigated: false @@ -80082,13 +86213,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://strimzi.io/blog/2021/12/14/strimzi-and-log4shell/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Stripe - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Data Protection on Demand cves: cve-2021-4104: investigated: false @@ -80111,13 +86242,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.stripe.com/questions/update-for-apache-log4j-vulnerability-(cve-2021-44228) + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Styra - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Data Security Manager (DSM) cves: cve-2021-4104: investigated: false @@ -80140,13 +86271,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.styra.com/blog/newest-log4j-security-vulnerability-cve-2021-44228-log4shell + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Sumologic - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: KeySecure cves: cve-2021-4104: investigated: false @@ -80169,13 +86300,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.google.com/document/d/e/2PACX-1vSdeODZ2E5k0aZgHm06OJWhDQWgtxxB0ZIrTsuQjg5xaoxlogmTVGdOWoSFtDlZBdHzY6ET6k6Sk-g1/pub + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SumoLogic - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Luna EFT cves: cve-2021-4104: investigated: false @@ -80198,13 +86329,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.sumologic.com/Release-Notes/Collector-Release-Notes#december-11-2021-19-361-12 + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Superna EYEGLASS - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Luna Network, PCIe, Luna USB HSM and backup devices cves: cve-2021-4104: investigated: false @@ -80227,13 +86358,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://manuals.supernaeyeglass.com/project-technical-advisories-all-products/HTML/technical-advisories.html#h2__1912345025 + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Suprema Inc - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Luna SP cves: cve-2021-4104: investigated: false @@ -80256,13 +86387,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.supremainc.com/en/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SUSE - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: payShield Monitor cves: cve-2021-4104: investigated: false @@ -80285,13 +86416,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.suse.com/c/suse-statement-on-log4j-log4shell-cve-2021-44228-vulnerability/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Sweepwidget - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: ProtectServer HSMs cves: cve-2021-4104: investigated: false @@ -80314,13 +86445,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sweepwidget.com/view/23032-v9f40ns1/4zow83-23032 + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Swyx - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet Authentication Client cves: cve-2021-4104: investigated: false @@ -80343,13 +86474,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://service.swyx.net/hc/de/articles/4412323539474 + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Synchro MSP - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet eToken (all products) cves: cve-2021-4104: investigated: false @@ -80372,13 +86503,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.syncromsp.com/t/log4j-rce-cve-2021-4428/1350 + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Syncplify - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet IDPrime Virtual cves: cve-2021-4104: investigated: false @@ -80401,13 +86532,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.syncplify.com/no-we-are-not-affected-by-log4j-vulnerability/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Synology - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet IDPrime(all products) cves: cve-2021-4104: investigated: false @@ -80430,13 +86561,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.synology.com/en-global/security/advisory/Synology_SA_21_30 + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Synopsys - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet LUKS cves: cve-2021-4104: investigated: false @@ -80459,13 +86590,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.synopsys.com/s/article/SIG-Security-Advisory-for-Apache-Log4J2-CVE-2021-44228 + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Syntevo - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet PKCS#11 and TDE cves: cve-2021-4104: investigated: false @@ -80488,13 +86619,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.syntevo.com/blog/?p=5240 + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: SysAid - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet ProtectApp (PA) CAPI, .Net & Net Core cves: cve-2021-4104: investigated: false @@ -80517,13 +86648,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sysaid.com/lp/important-update-regarding-apache-log4j + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Sysdig - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet ProtectDB (PDB) cves: cve-2021-4104: investigated: false @@ -80546,13 +86677,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sysdig.com/blog/cve-critical-vulnerability-log4j/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tableau - product: Tableau Bridge + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Safenet ProtectFile and ProtectFile- Fuse cves: cve-2021-4104: investigated: false @@ -80560,21 +86691,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 'The following versions and lower: 20214.21.1109.1748' - - 20213.21.1112.1434 - - 20212.21.0818.1843 - - 20211.21.0617.1133 - - 20204.21.0217.1203 - - 20203.20.0913.2112 - - 20202.20.0721.1350 - - 20201.20.0614.2321 - - 20194.20.0614.2307 - - 20193.20.0614.2306 - - 20192.19.0917.1648 - - 20191.19.0402.1911 - - 20183.19.0115.1143 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -80588,13 +86706,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Tableau - product: Tableau Desktop + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet ProtectV cves: cve-2021-4104: investigated: false @@ -80602,21 +86720,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 'The following versions and lower: 2021.4' - - 2021.3.4 - - 2021.2.5 - - 2021.1.8 - - 2020.4.11 - - 2020.3.14 - - 2020.2.19 - - 2020.1.22 - - 2019.4.25 - - 2019.3.26 - - 2019.2.29 - - 2019.1.29 - - 2018.3.29 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -80630,13 +86735,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Tableau - product: Tableau Prep Builder + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet SQL EKM cves: cve-2021-4104: investigated: false @@ -80644,21 +86749,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 'The following versions and lower: 22021.4.1' - - 2021.3.2 - - 2021.2.2 - - 2021.1.4 - - 2020.4.1 - - 2020.3.3 - - 2020.2.3 - - 2020.1.5 - - 2019.4.2 - - 2019.3.2 - - 2019.2.3 - - 2019.1.4 - - 2018.3.3 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -80672,13 +86764,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Tableau - product: Tableau Public Desktop Client + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet Transform Utility (TU) cves: cve-2021-4104: investigated: false @@ -80686,9 +86778,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 'The following versions and lower: 2021.4' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -80702,13 +86793,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Tableau - product: Tableau Reader + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet Trusted Access (STA) cves: cve-2021-4104: investigated: false @@ -80716,9 +86807,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 'The following versions and lower: 2021.4' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -80732,13 +86822,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Tableau - product: Tableau Server + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SafeNet Vaultless Tokenization cves: cve-2021-4104: investigated: false @@ -80746,21 +86836,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 'The following versions and lower: 2021.4' - - 2021.3.4 - - 2021.2.5 - - 2021.1.8 - - 2020.4.11 - - 2020.3.14 - - 2020.2.19 - - 2020.1.22 - - 2019.4.25 - - 2019.3.26 - - 2019.2.29 - - 2019.1.29 - - 2018.3.29 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -80774,13 +86851,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Talend - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: SAS on Prem (SPE/PCE) cves: cve-2021-4104: investigated: false @@ -80803,13 +86880,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://jira.talendforge.org/browse/TCOMP-2054 + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tanium - product: All + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel Connect cves: cve-2021-4104: investigated: false @@ -80817,11 +86894,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -80833,13 +86909,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tanium.my.salesforce.com/sfc/p/#60000000IYkG/a/7V000000PeT8/8C98AHl7wP5_lpUwp3qmY5sSdwXx6wG6LE4gPYlxO8c - notes: Tanium does not use Log4j. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: TealiumIQ - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel EMS Enterprise aaS cves: cve-2021-4104: investigated: false @@ -80862,13 +86938,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.tealiumiq.com/t5/Announcements-Blog/Update-on-Log4j-Security-Vulnerability/ba-p/36824 + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: TeamPasswordManager - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel EMS Enterprise OnPremise cves: cve-2021-4104: investigated: false @@ -80891,13 +86967,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://teampasswordmanager.com/blog/log4j-vulnerability/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Teamviewer - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel Envelope cves: cve-2021-4104: investigated: false @@ -80920,13 +86996,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.teamviewer.com/en/trust-center/security-bulletins/hotfix-log4j2-issue/ + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tech Software - product: OneAegis (f/k/a IRBManager) + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel ESDaaS cves: cve-2021-4104: investigated: false @@ -80934,11 +87010,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -80950,13 +87025,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.techsoftware.com/hc/en-us/articles/4412825948179 - notes: OneAegis does not use Log4j. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Tech Software - product: SMART + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel HASP, Legacy dog, Maze, Hardlock cves: cve-2021-4104: investigated: false @@ -80964,11 +87039,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -80980,13 +87054,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.techsoftware.com/hc/en-us/articles/4412825948179 - notes: SMART does not use Log4j. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Tech Software - product: Study Binders + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel LDK EMS (LDK-EMS) cves: cve-2021-4104: investigated: false @@ -80994,11 +87068,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -81010,13 +87083,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.techsoftware.com/hc/en-us/articles/4412825948179 - notes: Study Binders does not use Log4j. + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: TechSmith - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel LDKaas (LDK-EMS) cves: cve-2021-4104: investigated: false @@ -81039,13 +87112,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.techsmith.com/hc/en-us/articles/4416620527885?input_string=log4j + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Telestream - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel Professional Services components (both Thales hosted & hosted + on-premises by customers) cves: cve-2021-4104: investigated: false @@ -81068,13 +87142,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://www.telestream.net/telestream-support/Apache-Log4j2-Bulletin.htm + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tenable - product: Tenable.io / Nessus + last_updated: '2021-12-17T00:00:00' + - vendor: Thales + product: Sentinel RMS cves: cve-2021-4104: investigated: false @@ -81097,14 +87171,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.tenable.com/log4j - notes: None of Tenable’s products are running the version of Log4j vulnerable - to CVE-2021-44228 or CVE-2021-45046 at this time + - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CADP/SafeNet Protect App (PA) - JCE + product: Sentinel SCL cves: cve-2021-4104: investigated: false @@ -81133,7 +87206,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Application Data Protection (CADP) – CAPI.net & Net Core + product: Sentinel Superdog, SuperPro, UltraPro, SHK cves: cve-2021-4104: investigated: false @@ -81162,7 +87235,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Batch Data Transformation (BDT) 2.3 + product: Sentinel Up cves: cve-2021-4104: investigated: false @@ -81191,7 +87264,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Cloud Key Manager (CCKM) Appliance + product: Thales Data Platform (TDP)(DDC) cves: cve-2021-4104: investigated: false @@ -81220,7 +87293,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Cloud Key Manager (CCKM) Embedded + product: Thales payShield 10k cves: cve-2021-4104: investigated: false @@ -81249,7 +87322,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Database Protection + product: Thales payShield 9000 cves: cve-2021-4104: investigated: false @@ -81278,7 +87351,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Manager + product: Thales payShield Manager cves: cve-2021-4104: investigated: false @@ -81307,7 +87380,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Transparent Encryption (CTE/VTE/CTE-U) + product: Vormetirc Key Manager (VKM) cves: cve-2021-4104: investigated: false @@ -81336,7 +87409,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Vaulted Tokenization (CT-V) / SafeNet Tokenization Manager + product: Vormetric Application Encryption (VAE) cves: cve-2021-4104: investigated: false @@ -81365,7 +87438,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Vaultless Tokenization (CTS, CT-VL) + product: Vormetric Protection for Terradata Database (VPTD) cves: cve-2021-4104: investigated: false @@ -81394,7 +87467,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust/SafeNet PDBCTL + product: Vormetric Tokenization Server (VTS) cves: cve-2021-4104: investigated: false @@ -81422,8 +87495,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Crypto Command Center (CCC) + - vendor: Thermo Fisher Scientific + product: '' cves: cve-2021-4104: investigated: false @@ -81446,13 +87519,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://corporate.thermofisher.com/us/en/index/about/information-security/Protecting-Our-Products.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Data Protection on Demand + last_updated: '2021-12-22T00:00:00' + - vendor: Thermo-Calc + product: Thermo-Calc cves: cve-2021-4104: investigated: false @@ -81460,10 +87533,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2022a cve-2021-45046: investigated: false affected_versions: [] @@ -81475,13 +87549,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ + notes: Use the program as normal, Install the 2022a patch when available references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Data Security Manager (DSM) + last_updated: '2021-12-22T00:00:00' + - vendor: Thermo-Calc + product: Thermo-Calc cves: cve-2021-4104: investigated: false @@ -81489,10 +87563,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2021b cve-2021-45046: investigated: false affected_versions: [] @@ -81504,13 +87579,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ + notes: Use the program as normal references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: KeySecure + last_updated: '2021-12-22T00:00:00' + - vendor: Thermo-Calc + product: Thermo-Calc cves: cve-2021-4104: investigated: false @@ -81518,10 +87593,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2018b to 2021a cve-2021-45046: investigated: false affected_versions: [] @@ -81533,13 +87609,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ + notes: Use the program as normal, delete the Log4j 2 files in the program installation + if required, see advisory for instructions. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Luna EFT + last_updated: '2021-12-22T00:00:00' + - vendor: Thermo-Calc + product: Thermo-Calc cves: cve-2021-4104: investigated: false @@ -81547,10 +87624,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2018a and earlier cve-2021-45046: investigated: false affected_versions: [] @@ -81562,13 +87640,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ + notes: Use the program as normal references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Luna Network, PCIe, Luna USB HSM and backup devices + last_updated: '2021-12-22T00:00:00' + - vendor: Thomson Reuters + product: HighQ Appliance cves: cve-2021-4104: investigated: false @@ -81576,8 +87654,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <3.5 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -81591,13 +87670,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://highqsolutions.zendesk.com + notes: Reported by vendor - Documentation is in vendor's client portal (login + required). This advisory is available to customer only and has not been reviewed + by CISA. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Luna SP + last_updated: '2021-12-20T00:00:00' + - vendor: ThreatLocker + product: '' cves: cve-2021-4104: investigated: false @@ -81620,13 +87701,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://threatlocker.kb.help/log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: payShield Monitor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ThycoticCentrify + product: Account Lifecycle Manager cves: cve-2021-4104: investigated: false @@ -81634,10 +87715,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -81649,13 +87731,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: ProtectServer HSMs + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Cloud Suite cves: cve-2021-4104: investigated: false @@ -81663,10 +87745,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -81678,13 +87761,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet Authentication Client + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Connection Manager cves: cve-2021-4104: investigated: false @@ -81692,10 +87775,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -81707,13 +87791,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet eToken (all products) + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: DevOps Secrets Vault cves: cve-2021-4104: investigated: false @@ -81721,10 +87805,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -81736,13 +87821,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet IDPrime Virtual + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Password Reset Server cves: cve-2021-4104: investigated: false @@ -81750,10 +87835,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -81765,13 +87851,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet IDPrime(all products) + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Privilege Manager cves: cve-2021-4104: investigated: false @@ -81779,10 +87865,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -81794,13 +87881,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet LUKS + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Privileged Behavior Analytics cves: cve-2021-4104: investigated: false @@ -81808,10 +87895,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -81823,13 +87911,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet PKCS#11 and TDE + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Secret Server cves: cve-2021-4104: investigated: false @@ -81837,10 +87925,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -81852,13 +87941,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet ProtectApp (PA) CAPI, .Net & Net Core + last_updated: '2021-12-10T00:00:00' + - vendor: ThycoticCentrify + product: Server Suite cves: cve-2021-4104: investigated: false @@ -81866,10 +87955,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -81881,13 +87971,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet ProtectDB (PDB) + last_updated: '2021-12-10T00:00:00' + - vendor: Tibco + product: '' cves: cve-2021-4104: investigated: false @@ -81910,13 +88000,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.tibco.com/support/notices/2021/12/apache-log4j-vulnerability-update notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Safenet ProtectFile and ProtectFile- Fuse + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Top Gun Technology (TGT) + product: '' cves: cve-2021-4104: investigated: false @@ -81939,13 +88029,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.topgun-tech.com/technical-bulletin-apache-software-log4j-security-vulnerability-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet ProtectV + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: TopDesk + product: '' cves: cve-2021-4104: investigated: false @@ -81968,13 +88058,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://my.topdesk.com/tas/public/ssp/content/detail/knowledgeitem?unid=74952771dfab4b0794292e63b0409314 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet SQL EKM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Topicus Security + product: Topicus KeyHub cves: cve-2021-4104: investigated: false @@ -81982,10 +88072,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -81997,13 +88088,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://blog.topicus-keyhub.com/topicus-keyhub-is-not-vulnerable-to-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet Transform Utility (TU) + last_updated: '2021-12-20T00:00:00' + - vendor: Topix + product: '' cves: cve-2021-4104: investigated: false @@ -82026,13 +88117,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.topix.de/de/technik/systemfreigaben.html notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet Trusted Access (STA) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tosibox + product: '' cves: cve-2021-4104: investigated: false @@ -82055,13 +88146,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://helpdesk.tosibox.com/support/solutions/articles/2100050946-security-advisory-on-vulnerability-in-apache-log4j-library-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SafeNet Vaultless Tokenization + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: TPLink + product: Omega Controller cves: cve-2021-4104: investigated: false @@ -82069,8 +88160,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Linux/Windows(all) fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82084,13 +88176,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://www.tp-link.com/us/support/faq/3255 + notes: 'Update is Beta. Reddit: overwritten vulnerable log4j with 2.15 files as + potential workaround. Though that should now be done with 2.16' references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: SAS on Prem (SPE/PCE) + - '[Tp Community Link](https://community.tp-link.com/en/business/forum/topic/514452),[Reddit + Link](https://www.reddit.com/r/TPLink_Omada/comments/rdzvlp/updating_the_sdn_to_protect_against_the_log4j)' + last_updated: '2021-12-15T00:00:00' + - vendor: TrendMicro + product: All cves: cve-2021-4104: investigated: false @@ -82113,13 +88207,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://success.trendmicro.com/solution/000289940 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel Connect + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tricentis Tosca + product: '' cves: cve-2021-4104: investigated: false @@ -82142,24 +88236,55 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://support-hub.tricentis.com/open?number=NEW0001148&id=post notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel EMS Enterprise aaS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tridium + product: '' cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.niagara-community.com/bundle/TechBulletin2021/resource/Dec_13_2021_NiagaraNotExposed_Apache_log4j.pdf + notes: Document access requires authentication. CISA is not able to validate vulnerability + status. + references: + - '' + last_updated: '2022-01-19T00:00:00' + - vendor: Trimble + product: eCognition + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 10.2.0 Build 4618 + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -82170,14 +88295,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + vendor_links: [] + notes: Remediation steps provided by Trimble references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel EMS Enterprise OnPremise + last_updated: '2021-12-23T00:00:00' + - vendor: Tripp Lite + product: LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, + SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) cves: cve-2021-4104: investigated: false @@ -82200,13 +88325,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel Envelope + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: PowerAlert Local (PAL) cves: cve-2021-4104: investigated: false @@ -82229,13 +88354,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 + vulnerability. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel ESDaaS + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: PowerAlert Network Management System (PANMS) cves: cve-2021-4104: investigated: false @@ -82258,13 +88384,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 + vulnerability. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel HASP, Legacy dog, Maze, Hardlock + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: PowerAlert Network Shutdown Agent (PANSA) cves: cve-2021-4104: investigated: false @@ -82287,13 +88414,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + notes: Some versions of PANSA use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 + vulnerability. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel LDK EMS (LDK-EMS) + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: PowerAlertElement Manager (PAEM) cves: cve-2021-4104: investigated: false @@ -82301,8 +88429,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.0.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82316,13 +88445,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 - notes: '' + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + notes: Tripp Lite will soon be issuing a patch in the form of PAEM 1.0.1 which + will contain a patched version of Log4j2 references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel LDKaas (LDK-EMS) + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: SNMPWEBCARD, SRCOOLNET, SRCOOLNET2 and devices with pre-installed or + embedded SNMPWEBCARD cves: cve-2021-4104: investigated: false @@ -82345,14 +88476,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel Professional Services components (both Thales hosted & hosted - on-premises by customers) + last_updated: '2022-01-04T00:00:00' + - vendor: Tripp Lite + product: TLNETCARD and associated software cves: cve-2021-4104: investigated: false @@ -82375,13 +88505,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel RMS + last_updated: '2022-01-04T00:00:00' + - vendor: Tripwire + product: '' cves: cve-2021-4104: investigated: false @@ -82404,13 +88534,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.tripwire.com/log4j notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel SCL + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: TrueNAS + product: '' cves: cve-2021-4104: investigated: false @@ -82433,13 +88563,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.truenas.com/community/threads/log4j-vulnerability.97359/post-672559 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel Superdog, SuperPro, UltraPro, SHK + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Tufin + product: '' cves: cve-2021-4104: investigated: false @@ -82462,13 +88592,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://portal.tufin.com/articles/SecurityAdvisories/Apache-Log4Shell-Vulnerability-12-12-2021 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Sentinel Up + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: TYPO3 + product: '' cves: cve-2021-4104: investigated: false @@ -82491,13 +88621,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://typo3.org/article/typo3-psa-2021-004 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Thales Data Platform (TDP)(DDC) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ubiquiti + product: UniFi Network Application cves: cve-2021-4104: investigated: false @@ -82505,8 +88635,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.5.53 & lower versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82520,13 +88651,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Thales payShield 10k + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ubiquiti + product: UniFi Network Controller cves: cve-2021-4104: investigated: false @@ -82534,8 +88665,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.5.54 & lower versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82549,13 +88681,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e notes: '' references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Thales payShield 9000 + - 6.5.54 is reported to still be vulnerable. 6.5.55 is the new recommendation + for mitigatin log4j vulnerabilities by updating to log4j 2.16.0 + last_updated: '2021-12-15T00:00:00' + - vendor: Ubuntu + product: '' cves: cve-2021-4104: investigated: false @@ -82578,13 +88711,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://ubuntu.com/security/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Thales payShield Manager + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: UiPath + product: InSights cves: cve-2021-4104: investigated: false @@ -82592,8 +88725,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '20.10' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -82607,13 +88741,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.uipath.com/legal/trust-and-security/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Vormetirc Key Manager (VKM) + last_updated: '2021-12-15T00:00:00' + - vendor: Umbraco + product: '' cves: cve-2021-4104: investigated: false @@ -82636,13 +88770,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Vormetric Application Encryption (VAE) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: UniFlow + product: '' cves: cve-2021-4104: investigated: false @@ -82665,13 +88799,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://www.uniflow.global/en/security/security-and-maintenance/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Vormetric Protection for Terradata Database (VPTD) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Unify ATOS + product: '' cves: cve-2021-4104: investigated: false @@ -82694,13 +88828,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://networks.unify.com/security/advisories/OBSO-2112-01.pdf notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thales - product: Vormetric Tokenization Server (VTS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Unimus + product: '' cves: cve-2021-4104: investigated: false @@ -82723,12 +88857,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297 + - https://forum.unimus.net/viewtopic.php?f=7&t=1390#top notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Thermo Fisher Scientific + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: USSIGNAL MSP product: '' cves: cve-2021-4104: @@ -82752,13 +88886,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://corporate.thermofisher.com/us/en/index/about/information-security/Protecting-Our-Products.html + - https://ussignal.com/blog/apache-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Thermo-Calc - product: Thermo-Calc + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Varian + product: Acuity cves: cve-2021-4104: investigated: false @@ -82766,11 +88900,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] + investigated: false + affected_versions: + - All fixed_versions: [] - unaffected_versions: - - 2022a + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -82782,13 +88916,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal, Install the 2022a patch when available + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Thermo-Calc - product: Thermo-Calc + - vendor: Varian + product: ARIA Connect (Cloverleaf) cves: cve-2021-4104: investigated: false @@ -82800,7 +88934,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2021b + - All cve-2021-45046: investigated: false affected_versions: [] @@ -82812,13 +88946,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Thermo-Calc - product: Thermo-Calc + - vendor: Varian + product: ARIA eDOC cves: cve-2021-4104: investigated: false @@ -82830,7 +88964,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2018b to 2021a + - All cve-2021-45046: investigated: false affected_versions: [] @@ -82842,14 +88976,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal, delete the Log4j 2 files in the program installation - if required, see advisory for instructions. + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Thermo-Calc - product: Thermo-Calc + - vendor: Varian + product: ARIA oncology information system for Medical Oncology cves: cve-2021-4104: investigated: false @@ -82861,7 +88994,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2018a and earlier + - All cve-2021-45046: investigated: false affected_versions: [] @@ -82873,13 +89006,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Thomson Reuters - product: HighQ Appliance + - vendor: Varian + product: ARIA oncology information system for Radiation Oncology cves: cve-2021-4104: investigated: false @@ -82888,10 +89021,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <3.5 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -82903,15 +89036,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://highqsolutions.zendesk.com - notes: Reported by vendor - Documentation is in vendor's client portal (login - required). This advisory is available to customer only and has not been reviewed - by CISA. + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: ThreatLocker - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: ARIA Radiation Therapy Management System (RTM) cves: cve-2021-4104: investigated: false @@ -82919,10 +89050,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -82934,13 +89066,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://threatlocker.kb.help/log4j-vulnerability/ + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ThycoticCentrify - product: Account Lifecycle Manager + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Bravos Console cves: cve-2021-4104: investigated: false @@ -82952,7 +89084,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: investigated: false affected_versions: [] @@ -82964,13 +89096,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Cloud Suite + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Clinac cves: cve-2021-4104: investigated: false @@ -82978,11 +89110,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] + investigated: false + affected_versions: + - All fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -82994,13 +89126,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Connection Manager + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Cloud Planner cves: cve-2021-4104: investigated: false @@ -83012,7 +89144,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: investigated: false affected_versions: [] @@ -83024,13 +89156,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: DevOps Secrets Vault + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: DITC cves: cve-2021-4104: investigated: false @@ -83038,11 +89170,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] + investigated: false + affected_versions: + - All fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -83054,13 +89186,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Password Reset Server + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: DoseLab cves: cve-2021-4104: investigated: false @@ -83072,7 +89204,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: investigated: false affected_versions: [] @@ -83084,13 +89216,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Privilege Manager + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Eclipse treatment planning software cves: cve-2021-4104: investigated: false @@ -83102,7 +89234,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: investigated: false affected_versions: [] @@ -83114,13 +89246,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Privileged Behavior Analytics + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: ePeerReview cves: cve-2021-4104: investigated: false @@ -83128,11 +89260,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] + investigated: false + affected_versions: + - All fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -83144,13 +89276,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Secret Server + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Ethos cves: cve-2021-4104: investigated: false @@ -83162,7 +89294,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: investigated: false affected_versions: [] @@ -83174,13 +89306,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: ThycoticCentrify - product: Server Suite + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: FullScale oncology IT solutions cves: cve-2021-4104: investigated: false @@ -83188,11 +89320,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] + investigated: false + affected_versions: + - All fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -83204,13 +89336,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Tibco - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Halcyon system cves: cve-2021-4104: investigated: false @@ -83219,7 +89351,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -83233,13 +89366,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.tibco.com/support/notices/2021/12/apache-log4j-vulnerability-update + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Top Gun Technology (TGT) - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: ICAP cves: cve-2021-4104: investigated: false @@ -83247,10 +89380,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -83262,13 +89396,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.topgun-tech.com/technical-bulletin-apache-software-log4j-security-vulnerability-cve-2021-44228/ + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: TopDesk - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Identify cves: cve-2021-4104: investigated: false @@ -83276,10 +89410,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -83291,13 +89426,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.topdesk.com/tas/public/ssp/content/detail/knowledgeitem?unid=74952771dfab4b0794292e63b0409314 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Topicus Security - product: Topicus KeyHub + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Information Exchange Manager (IEM) cves: cve-2021-4104: investigated: false @@ -83321,13 +89456,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.topicus-keyhub.com/topicus-keyhub-is-not-vulnerable-to-cve-2021-44228/ + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Topix - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: InSightive Analytics cves: cve-2021-4104: investigated: false @@ -83336,7 +89471,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -83350,13 +89486,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.topix.de/de/technik/systemfreigaben.html + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tosibox - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Large Integrated Oncology Network (LION) cves: cve-2021-4104: investigated: false @@ -83364,10 +89500,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -83379,13 +89516,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpdesk.tosibox.com/support/solutions/articles/2100050946-security-advisory-on-vulnerability-in-apache-log4j-library-cve-2021-44228 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: TPLink - product: Omega Controller + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Mobius3D platform cves: cve-2021-4104: investigated: false @@ -83394,10 +89531,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Linux/Windows(all) + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -83409,15 +89546,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.tp-link.com/us/support/faq/3255 - notes: 'Update is Beta. Reddit: overwritten vulnerable log4j with 2.15 files as - potential workaround. Though that should now be done with 2.16' + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: '' references: - - '[Tp Community Link](https://community.tp-link.com/en/business/forum/topic/514452),[Reddit - Link](https://www.reddit.com/r/TPLink_Omada/comments/rdzvlp/updating_the_sdn_to_protect_against_the_log4j)' - last_updated: '2021-12-15T00:00:00' - - vendor: TrendMicro - product: All + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: PaaS cves: cve-2021-4104: investigated: false @@ -83425,10 +89560,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -83440,13 +89576,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.trendmicro.com/solution/000289940 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tricentis Tosca - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: ProBeam cves: cve-2021-4104: investigated: false @@ -83454,10 +89590,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -83469,43 +89606,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support-hub.tricentis.com/open?number=NEW0001148&id=post + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tridium - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Qumulate cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: '' + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.niagara-community.com/bundle/TechBulletin2021/resource/Dec_13_2021_NiagaraNotExposed_Apache_log4j.pdf - notes: Document access requires authentication. CISA is not able to validate vulnerability - status. + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: '' references: - '' - last_updated: '2022-01-19T00:00:00' - - vendor: Trimble - product: eCognition + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Real-time Position Management (RPM) cves: cve-2021-4104: investigated: false @@ -83514,10 +89651,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 10.2.0 Build 4618 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -83528,14 +89665,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: Remediation steps provided by Trimble + vendor_links: + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Tripp Lite - product: LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, - SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Respiratory Gating for Scanners (RGSC) cves: cve-2021-4104: investigated: false @@ -83543,10 +89680,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -83558,13 +89696,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: PowerAlert Local (PAL) + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: SmartConnect solution cves: cve-2021-4104: investigated: false @@ -83572,8 +89710,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -83587,14 +89726,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 - vulnerability. + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: 'See Knowledge Article: 000038850 on MyVarian' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: PowerAlert Network Management System (PANMS) + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: SmartConnect solution Policy Server cves: cve-2021-4104: investigated: false @@ -83602,8 +89740,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -83617,14 +89756,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 - vulnerability. + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: 'See Knowledge Articles: 000038831 and 000038832 on MyVarian' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: PowerAlert Network Shutdown Agent (PANSA) + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: TrueBeam radiotherapy system cves: cve-2021-4104: investigated: false @@ -83632,10 +89770,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -83647,14 +89786,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Some versions of PANSA use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 - vulnerability. + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: '' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: PowerAlertElement Manager (PAEM) + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: UNIQUE system cves: cve-2021-4104: investigated: false @@ -83662,9 +89800,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: - - 1.0.0 + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -83678,15 +89816,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Tripp Lite will soon be issuing a patch in the form of PAEM 1.0.1 which - will contain a patched version of Log4j2 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: '' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: SNMPWEBCARD, SRCOOLNET, SRCOOLNET2 and devices with pre-installed or - embedded SNMPWEBCARD + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Varian Authentication and Identity Server (VAIS) cves: cve-2021-4104: investigated: false @@ -83694,10 +89830,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -83709,13 +89846,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripp Lite - product: TLNETCARD and associated software + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Varian Managed Services Cloud cves: cve-2021-4104: investigated: false @@ -83724,7 +89861,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -83738,13 +89876,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-04T00:00:00' - - vendor: Tripwire - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Varian Mobile App cves: cve-2021-4104: investigated: false @@ -83752,10 +89890,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '2.0' + - '2.5' cve-2021-45046: investigated: false affected_versions: [] @@ -83767,13 +89907,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.tripwire.com/log4j + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: TrueNAS - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: VariSeed cves: cve-2021-4104: investigated: false @@ -83781,10 +89921,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -83796,13 +89937,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.truenas.com/community/threads/log4j-vulnerability.97359/post-672559 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Tufin - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Velocity cves: cve-2021-4104: investigated: false @@ -83810,10 +89951,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -83825,13 +89967,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.tufin.com/articles/SecurityAdvisories/Apache-Log4Shell-Vulnerability-12-12-2021 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: TYPO3 - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: VitalBeam radiotherapy system cves: cve-2021-4104: investigated: false @@ -83839,10 +89981,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -83854,13 +89997,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://typo3.org/article/typo3-psa-2021-004 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ubiquiti - product: UniFi Network Application + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Vitesse cves: cve-2021-4104: investigated: false @@ -83869,10 +90012,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.5.53 & lower versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -83884,13 +90027,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ubiquiti - product: UniFi Network Controller + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: XMediusFax for ARIA oncology information system for Medical Oncology cves: cve-2021-4104: investigated: false @@ -83898,9 +90041,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: - - 6.5.54 & lower versions + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -83914,14 +90057,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - - 6.5.54 is reported to still be vulnerable. 6.5.55 is the new recommendation - for mitigatin log4j vulnerabilities by updating to log4j 2.16.0 - last_updated: '2021-12-15T00:00:00' - - vendor: Ubuntu - product: '' + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: XMediusFax for ARIA oncology information system for Radiation Oncology cves: cve-2021-4104: investigated: false @@ -83930,7 +90072,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -83944,13 +90087,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ubuntu.com/security/CVE-2021-44228 + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: UiPath - product: InSights + last_updated: '2021-12-22T00:00:00' + - vendor: VArmour + product: '' cves: cve-2021-4104: investigated: false @@ -83958,9 +90101,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '20.10' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -83974,12 +90116,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.uipath.com/legal/trust-and-security/cve-2021-44228 + - https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Umbraco + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Varnish Software product: '' cves: cve-2021-4104: @@ -84003,12 +90145,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/ + - https://docs.varnish-software.com/security/CVE-2021-44228-45046/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: UniFlow + - vendor: Varonis product: '' cves: cve-2021-4104: @@ -84032,12 +90174,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.uniflow.global/en/security/security-and-maintenance/ + - https://help.varonis.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Unify ATOS + - vendor: Veeam product: '' cves: cve-2021-4104: @@ -84061,12 +90203,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://networks.unify.com/security/advisories/OBSO-2112-01.pdf + - https://www.veeam.com/kb4254 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Unimus + - vendor: Venafi product: '' cves: cve-2021-4104: @@ -84090,12 +90232,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.unimus.net/viewtopic.php?f=7&t=1390#top + - https://support.venafi.com/hc/en-us/articles/4416213022733-Log4j-Zero-Day-Vulnerability-notice notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: USSIGNAL MSP + - vendor: Veritas NetBackup product: '' cves: cve-2021-4104: @@ -84119,13 +90261,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ussignal.com/blog/apache-log4j-vulnerability + - https://www.veritas.com/content/support/en_US/article.100052070 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Varian - product: Acuity + - vendor: Vertica + product: '' cves: cve-2021-4104: investigated: false @@ -84134,8 +90276,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - All + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -84149,16 +90290,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://forum.vertica.com/discussion/242512/vertica-security-bulletin-a-potential-vulnerability-has-been-identified-apache-log4j-library-used notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ARIA Connect (Cloverleaf) + last_updated: '2022-01-12T07:18:56+00:00' + - vendor: Video Insight Inc. + product: Video Insight cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -84169,23 +90310,23 @@ software: unaffected_versions: - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://i-pro.com/eu/en/surveillance/news/i-pro-products-and-log4j-2x-vulnerability + notes: Video Insight is a part of Panasonic I-Pro. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ARIA eDOC + last_updated: '2022-01-19T00:00:00' + - vendor: Viso Trust + product: '' cves: cve-2021-4104: investigated: false @@ -84193,11 +90334,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -84209,13 +90349,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://blog.visotrust.com/viso-trust-statement-re-cve-2021-44228-log4j-a4b9b5767492 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ARIA oncology information system for Medical Oncology + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: VMware + product: API Portal for VMware Tanzu cves: cve-2021-4104: investigated: false @@ -84224,10 +90364,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 1.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -84239,13 +90379,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ARIA oncology information system for Radiation Oncology + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: App Metrics cves: cve-2021-4104: investigated: false @@ -84254,10 +90394,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -84269,13 +90409,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ARIA Radiation Therapy Management System (RTM) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: Healthwatch for Tanzu Application Service cves: cve-2021-4104: investigated: false @@ -84284,10 +90424,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.x + - 1.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -84299,13 +90440,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Bravos Console + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: Single Sign-On for VMware Tanzu Application Service cves: cve-2021-4104: investigated: false @@ -84314,10 +90455,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 1.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -84329,13 +90470,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Clinac + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: Spring Cloud Gateway for Kubernetes cves: cve-2021-4104: investigated: false @@ -84343,9 +90484,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - All + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -84359,13 +90500,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Cloud Planner + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: Spring Cloud Gateway for VMware Tanzu cves: cve-2021-4104: investigated: false @@ -84374,10 +90515,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 1.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -84389,13 +90530,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: DITC + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: Spring Cloud Services for VMware Tanzu cves: cve-2021-4104: investigated: false @@ -84403,9 +90544,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - All + - 3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -84419,13 +90560,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: DoseLab + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: vCenter Server - OVA cves: cve-2021-4104: investigated: false @@ -84434,10 +90575,12 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 7.x + - 6.7.x + - 6.5.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -84449,13 +90592,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '[Workaround @ KB87081 (vmware.com)](https://kb.vmware.com/s/article/87081 + )' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Eclipse treatment planning software + last_updated: '2021-12-17T00:00:00' + - vendor: VMware + product: vCenter Server - Windows cves: cve-2021-4104: investigated: false @@ -84464,10 +90608,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 6.7.x + - 6.5.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -84479,13 +90624,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '[Workaround @ KB87096 (vmware.com)](https://kb.vmware.com/s/article/87096 + )' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ePeerReview + last_updated: '2021-12-17T00:00:00' + - vendor: VMware + product: VMware Carbon Black Cloud Workload Appliance cves: cve-2021-4104: investigated: false @@ -84493,9 +90639,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - All + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -84509,13 +90655,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Ethos + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Carbon Black EDR Server cves: cve-2021-4104: investigated: false @@ -84524,10 +90670,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 7.x + - 6.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -84539,13 +90686,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: FullScale oncology IT solutions + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Cloud Foundation cves: cve-2021-4104: investigated: false @@ -84553,9 +90700,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - All + - 4.x + - 3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -84569,13 +90717,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Halcyon system + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware HCX cves: cve-2021-4104: investigated: false @@ -84583,9 +90731,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - All + - 4.x + - 3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -84599,13 +90748,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ICAP + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Horizon cves: cve-2021-4104: investigated: false @@ -84614,10 +90763,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 8.x + - 7.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -84629,13 +90779,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Identify + - '[VMware KB 87073 (vmware.com)](https://kb.vmware.com/s/article/87073)' + last_updated: '2021-12-17T00:00:00' + - vendor: VMware + product: VMware Horizon Cloud Connector cves: cve-2021-4104: investigated: false @@ -84644,10 +90794,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 1.x + - 2.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -84659,13 +90810,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Information Exchange Manager (IEM) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Horizon DaaS cves: cve-2021-4104: investigated: false @@ -84674,10 +90825,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 9.1.x + - 9.0.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -84689,13 +90841,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: InSightive Analytics + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Identity Manager cves: cve-2021-4104: investigated: false @@ -84703,9 +90855,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - All + - 3.3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -84719,13 +90871,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Large Integrated Oncology Network (LION) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware NSX-T Data Centern cves: cve-2021-4104: investigated: false @@ -84734,10 +90886,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 3.x + - 2.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -84749,13 +90902,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Mobius3D platform + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Site Recovery Manager cves: cve-2021-4104: investigated: false @@ -84764,10 +90917,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 8.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -84779,13 +90932,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: PaaS + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu Application Service for VMs cves: cve-2021-4104: investigated: false @@ -84794,10 +90947,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -84809,13 +90962,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: ProBeam + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu GemFire cves: cve-2021-4104: investigated: false @@ -84824,10 +90977,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 9.x + - 8.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -84839,13 +90993,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Qumulate + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu Greenplum cves: cve-2021-4104: investigated: false @@ -84854,10 +91008,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 6.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -84869,13 +91023,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Real-time Position Management (RPM) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu Kubernetes Grid Integrated Edition cves: cve-2021-4104: investigated: false @@ -84884,10 +91038,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 1.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -84899,13 +91053,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Respiratory Gating for Scanners (RGSC) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu Observability by Wavefront Nozzle cves: cve-2021-4104: investigated: false @@ -84914,10 +91068,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 3.x + - 2.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -84929,13 +91084,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: SmartConnect solution + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu Operations Manager cves: cve-2021-4104: investigated: false @@ -84945,7 +91100,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - All + - 2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -84959,13 +91114,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: 'See Knowledge Article: 000038850 on MyVarian' + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: SmartConnect solution Policy Server + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Tanzu SQL with MySQL for VMs cves: cve-2021-4104: investigated: false @@ -84975,7 +91130,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - All + - 2.x + - 1.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -84989,13 +91145,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: 'See Knowledge Articles: 000038831 and 000038832 on MyVarian' + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: TrueBeam radiotherapy system + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Telco Cloud Automation cves: cve-2021-4104: investigated: false @@ -85004,10 +91160,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.x + - 1.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -85019,13 +91176,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: UNIQUE system + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Unified Access Gateway cves: cve-2021-4104: investigated: false @@ -85033,9 +91190,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - All + - 21.x + - 20.x + - 3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -85049,13 +91208,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Varian Authentication and Identity Server (VAIS) + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vCenter Cloud Gateway cves: cve-2021-4104: investigated: false @@ -85064,10 +91223,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 1.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -85079,13 +91238,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Varian Managed Services Cloud + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Automation cves: cve-2021-4104: investigated: false @@ -85093,9 +91252,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - All + - 8.x + - 7.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -85109,13 +91269,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Varian Mobile App + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Lifecycle Manager cves: cve-2021-4104: investigated: false @@ -85124,11 +91284,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 8.x fixed_versions: [] - unaffected_versions: - - '2.0' - - '2.5' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -85140,13 +91299,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: VariSeed + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Log Insight cves: cve-2021-4104: investigated: false @@ -85155,10 +91314,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 8.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -85170,13 +91329,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Velocity + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Operations cves: cve-2021-4104: investigated: false @@ -85185,10 +91344,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 8.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -85200,13 +91359,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: VitalBeam radiotherapy system + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Operations Cloud Proxy cves: cve-2021-4104: investigated: false @@ -85215,10 +91374,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Any fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -85230,13 +91389,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Vitesse + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware vRealize Orchestrator cves: cve-2021-4104: investigated: false @@ -85245,10 +91404,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 8.x + - 7.x fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -85260,13 +91420,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: XMediusFax for ARIA oncology information system for Medical Oncology + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Workspace ONE Access cves: cve-2021-4104: investigated: false @@ -85274,9 +91434,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - All + - 21.x + - 20.10.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -85290,13 +91451,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: XMediusFax for ARIA oncology information system for Radiation Oncology + last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: VMware Workspace ONE Access Connector (VMware Identity Manager Connector) cves: cve-2021-4104: investigated: false @@ -85304,9 +91465,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - All + - 21.x + - 20.10.x + - 19.03.0.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -85320,41 +91483,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: VArmour - product: '' + last_updated: '2021-12-12T00:00:00' + - vendor: VTScada + product: All cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility - notes: '' + - https://www.vtscada.com/vtscada-unaffected-by-log4j/ + notes: Java is not utilized within VTScada software, and thus our users are unaffected. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Varnish Software + last_updated: '2022-01-17T00:00:00' + - vendor: Vyaire product: '' cves: cve-2021-4104: @@ -85378,13 +91542,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.varnish-software.com/security/CVE-2021-44228-45046/ + - https://www.vyaire.com/sites/us/files/2021-12/2021-12-15-product-security-bulletin-for-log4shell-vulnerability.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Varonis - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: WAGO + product: WAGO Smart Script cves: cve-2021-4104: investigated: false @@ -85392,9 +91556,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.2.x < 4.8.1.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -85407,13 +91572,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.varonis.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-CVE-2021-44228 + - https://www.wago.com/de/automatisierungstechnik/psirt#log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Veeam - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Wallarm + product: All cves: cve-2021-4104: investigated: false @@ -85436,13 +91601,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.veeam.com/kb4254 + - https://lab.wallarm.com/cve-2021-44228-mitigation-update/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Venafi - product: '' + - vendor: Wallix + product: Access Manager cves: cve-2021-4104: investigated: false @@ -85450,9 +91615,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -85465,13 +91631,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.venafi.com/hc/en-us/articles/4416213022733-Log4j-Zero-Day-Vulnerability-notice - notes: '' + - https://www.wallix.com/fr/support/alerts/ + notes: Customer Portal for patch found in advisory. This patch is available to + customer only and has not been reviewed by CISA. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Veritas NetBackup - product: '' + - vendor: Wasp Barcode technologies + product: All cves: cve-2021-4104: investigated: false @@ -85494,13 +91660,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.veritas.com/content/support/en_US/article.100052070 + - https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Vertica - product: '' + - vendor: Watcher + product: All cves: cve-2021-4104: investigated: false @@ -85508,10 +91674,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85523,43 +91690,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.vertica.com/discussion/242512/vertica-security-bulletin-a-potential-vulnerability-has-been-identified-apache-log4j-library-used + - https://twitter.com/felix_hrn/status/1470387338001977344 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Video Insight Inc. - product: Video Insight + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: AuthPoint cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://i-pro.com/eu/en/surveillance/news/i-pro-products-and-log4j-2x-vulnerability - notes: Video Insight is a part of Panasonic I-Pro. + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' references: - '' - last_updated: '2022-01-19T00:00:00' - - vendor: Viso Trust - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Dimension cves: cve-2021-4104: investigated: false @@ -85567,10 +91734,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85582,13 +91750,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.visotrust.com/viso-trust-statement-re-cve-2021-44228-log4j-a4b9b5767492 + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: VMware - product: API Portal for VMware Tanzu + - vendor: WatchGuard + product: EDPR and Panda AD360 cves: cve-2021-4104: investigated: false @@ -85597,10 +91765,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85612,13 +91780,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: App Metrics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Firebox cves: cve-2021-4104: investigated: false @@ -85627,10 +91795,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85642,13 +91810,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: Healthwatch for Tanzu Application Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: System Manager, Dimension, and Panda AD360 cves: cve-2021-4104: investigated: false @@ -85657,11 +91825,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -85673,13 +91840,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: Single Sign-On for VMware Tanzu Application Service + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Threat Detection and Response cves: cve-2021-4104: investigated: false @@ -85688,9 +91855,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -85703,13 +91870,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: Spring Cloud Gateway for Kubernetes + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Wi-Fi Cloud cves: cve-2021-4104: investigated: false @@ -85718,9 +91885,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -85733,13 +91900,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: Spring Cloud Gateway for VMware Tanzu + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Western Digital + product: '' cves: cve-2021-4104: investigated: false @@ -85747,9 +91914,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 1.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -85763,13 +91929,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: Spring Cloud Services for VMware Tanzu + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WIBU Systems + product: CodeMeter Cloud Lite cves: cve-2021-4104: investigated: false @@ -85778,9 +91944,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 2.2 and prior unaffected_versions: [] cve-2021-45046: investigated: false @@ -85793,13 +91959,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf notes: '' references: - - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: vCenter Server - OVA + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: WIBU Systems + product: CodeMeter Keyring for TIA Portal cves: cve-2021-4104: investigated: false @@ -85808,11 +91974,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 7.x - - 6.7.x - - 6.5.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 1.30 and prior unaffected_versions: [] cve-2021-45046: investigated: false @@ -85825,292 +91989,322 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '[Workaround @ KB87081 (vmware.com)](https://kb.vmware.com/s/article/87081 - )' + - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf + notes: Only the Password Manager is affected references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: VMware - product: vCenter Server - Windows + last_updated: '2021-12-22T00:00:00' + - vendor: WildFly + product: All cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true - affected_versions: - - 6.7.x - - 6.5.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - < 22 + - '> 26.0.0.Final' + - '>= 22' + - <= 26.0.0.Beta1 cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '[Workaround @ KB87096 (vmware.com)](https://kb.vmware.com/s/article/87096 - )' + - https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/ + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: VMware - product: VMware Carbon Black Cloud Workload Appliance + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS17 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true - affected_versions: - - 1.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Carbon Black EDR Server + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS18 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true - affected_versions: - - 7.x - - 6.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Cloud Foundation + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS19 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true - affected_versions: - - 4.x - - 3.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware HCX + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS21 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true - affected_versions: - - 4.x - - 3.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Horizon + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wind River + product: WRL-6 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true - affected_versions: - - 8.x - - 7.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '' + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. references: - - '[VMware KB 87073 (vmware.com)](https://kb.vmware.com/s/article/87073)' - last_updated: '2021-12-17T00:00:00' - - vendor: VMware - product: VMware Horizon Cloud Connector + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-7 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true - affected_versions: - - 1.x - - 2.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '' + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Horizon DaaS + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-8 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true - affected_versions: - - 9.1.x - - 9.0.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '' + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Identity Manager + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-9 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true - affected_versions: - - 3.3.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware NSX-T Data Centern + last_updated: '2022-01-21T00:00:00' + - vendor: WireShark + product: All cves: cve-2021-4104: investigated: false @@ -86119,11 +92313,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.x - - 2.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86135,13 +92328,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://www.wireshark.org/news/20211215.html notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Site Recovery Manager + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Wistia + product: All cves: cve-2021-4104: investigated: false @@ -86149,9 +92342,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 8.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -86165,13 +92357,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://status.wistia.com/incidents/jtg0dfl5l224 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu Application Service for VMs + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WitFoo + product: Precinct cves: cve-2021-4104: investigated: false @@ -86179,10 +92371,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 2.x - fixed_versions: [] + investigated: false + affected_versions: [] + fixed_versions: + - 6.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -86195,13 +92387,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '' + - https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ + notes: WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See + advisory. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu GemFire + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WordPress + product: All cves: cve-2021-4104: investigated: false @@ -86210,11 +92403,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 9.x - - 8.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86226,13 +92418,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/ notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu Greenplum + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Worksphere + product: All cves: cve-2021-4104: investigated: false @@ -86240,9 +92432,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 6.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -86256,13 +92447,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu Kubernetes Grid Integrated Edition + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wowza + product: Streaming Engine cves: cve-2021-4104: investigated: false @@ -86271,9 +92462,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 4.7.8 + - 4.8.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -86286,13 +92478,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + - https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu Observability by Wavefront Nozzle + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WSO2 + product: API Manager cves: cve-2021-4104: investigated: false @@ -86301,10 +92493,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.x - - 2.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '>= 3.0.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -86317,13 +92508,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu Operations Manager + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: API Manager Analytics cves: cve-2021-4104: investigated: false @@ -86332,9 +92523,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '>= 2.6.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -86347,13 +92538,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Tanzu SQL with MySQL for VMs + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator cves: cve-2021-4104: investigated: false @@ -86362,10 +92553,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x - - 1.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '>= 6.1.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -86378,13 +92568,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Telco Cloud Automation + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator Analytics cves: cve-2021-4104: investigated: false @@ -86393,10 +92583,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.x - - 1.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '>= 6.6.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -86409,13 +92598,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Unified Access Gateway + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server cves: cve-2021-4104: investigated: false @@ -86424,11 +92613,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 21.x - - 20.x - - 3.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '>= 5.9.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -86441,13 +92628,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vCenter Cloud Gateway + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server Analytics cves: cve-2021-4104: investigated: false @@ -86456,9 +92643,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 1.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '>= 5.7.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -86471,13 +92658,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Automation + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server as Key Manager cves: cve-2021-4104: investigated: false @@ -86486,10 +92673,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x - - 7.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '>= 5.9.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -86502,13 +92688,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Lifecycle Manager + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Gateway cves: cve-2021-4104: investigated: false @@ -86517,9 +92703,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '>= 3.2.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -86532,13 +92718,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Log Insight + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator cves: cve-2021-4104: investigated: false @@ -86547,9 +92733,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '>= 1.1.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -86562,13 +92748,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Operations + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Dashboard cves: cve-2021-4104: investigated: false @@ -86577,9 +92763,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '>= 4.0.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -86592,13 +92778,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Operations Cloud Proxy + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Monitoring Dashboard cves: cve-2021-4104: investigated: false @@ -86607,9 +92793,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Any - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '>= 1.0.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -86622,13 +92808,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware vRealize Orchestrator + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking AM cves: cve-2021-4104: investigated: false @@ -86637,10 +92823,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.x - - 7.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '>= 2.0.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -86653,13 +92838,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Workspace ONE Access + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking BI cves: cve-2021-4104: investigated: false @@ -86668,10 +92853,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 21.x - - 20.10.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '>= 1.3.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -86684,13 +92868,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: VMware Workspace ONE Access Connector (VMware Identity Manager Connector) + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking KM cves: cve-2021-4104: investigated: false @@ -86699,11 +92883,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 21.x - - 20.10.x - - 19.03.0.1 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '>= 2.0.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -86716,43 +92898,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: VTScada - product: All + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vtscada.com/vtscada-unaffected-by-log4j/ - notes: Java is not utilized within VTScada software, and thus our users are unaffected. + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Vyaire - product: '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator Tooling cves: cve-2021-4104: investigated: false @@ -86760,9 +92942,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>= 1.0.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -86775,13 +92958,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.vyaire.com/sites/us/files/2021-12/2021-12-15-product-security-bulletin-for-log4shell-vulnerability.pdf - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: WAGO - product: WAGO Smart Script + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Processor cves: cve-2021-4104: investigated: false @@ -86790,9 +92973,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.2.x < 4.8.1.3 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '>= 4.0.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -86805,12 +92988,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.wago.com/de/automatisierungstechnik/psirt#log4j - notes: '' + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Wallarm + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: XCP-ng product: '' cves: cve-2021-4104: @@ -86834,12 +93017,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://lab.wallarm.com/cve-2021-44228-mitigation-update/ + - https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Wasp Barcode technologies + - vendor: XenForo product: '' cves: cve-2021-4104: @@ -86863,13 +93046,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no + - https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: WatchGuard - product: Secplicity + - vendor: Xerox + product: '' cves: cve-2021-4104: investigated: false @@ -86892,12 +93075,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/ + - https://securitydocs.business.xerox.com/wp-content/uploads/2021/12/Xerox-Special-Bulletin-XRX21-021-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.6.pdf notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Western Digital + - vendor: XPertDoc product: '' cves: cve-2021-4104: @@ -86921,13 +93104,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis + - https://kb.xpertdoc.com/pages/viewpage.action?pageId=87622727 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: WIBU Systems - product: CodeMeter Cloud Lite + - vendor: XPLG + product: '' cves: cve-2021-4104: investigated: false @@ -86935,9 +93118,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 2.2 and prior + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -86951,13 +93133,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf + - https://www.xplg.com/log4j-vulnerability-exploit-log4shell-xplg-secure/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: WIBU Systems - product: CodeMeter Keyring for TIA Portal + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: XWIKI + product: '' cves: cve-2021-4104: investigated: false @@ -86965,9 +93147,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 1.30 and prior + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -86981,286 +93162,245 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf - notes: Only the Password Manager is affected + - https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-zero-day-vulnerability/9557 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Wind River - product: LTS17 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xylem + product: Aquatalk cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: Wind River - product: LTS18 + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Avensor cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: Wind River - product: LTS19 + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Configuration change complete cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: Wind River - product: LTS21 + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus Analytics cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Wind River - product: WRL-6 + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus Automation Control Configuration change complete cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 - and JMSAppender components, however, JMSAppender is deactivated in the release - package and not affected by CVE-2021-4104 customers are advised to NOT manually - activate the JMSAppender component. + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: Wind River - product: WRL-7 + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus Cathodic Protection Mitigation in process Mitigation in process cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 - and JMSAppender components, however, JMSAppender is deactivated in the release - package and not affected by CVE-2021-4104 customers are advised to NOT manually - activate the JMSAppender component. + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: Wind River - product: WRL-8 + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus FieldLogic LogServer cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 - and JMSAppender components, however, JMSAppender is deactivated in the release - package and not affected by CVE-2021-4104 customers are advised to NOT manually - activate the JMSAppender component. + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: Wind River - product: WRL-9 + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus Lighting Control cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' - - vendor: WireShark - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus NetMetrics Configuration change complete cves: cve-2021-4104: investigated: false @@ -87283,13 +93423,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://gitlab.com/wireshark/wireshark/-/issues/17783 + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Wistia - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus RNI On Prem cves: cve-2021-4104: investigated: false @@ -87297,8 +93437,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.7 through 4.10 + - 4.4 through 4.6 + - '4.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -87312,13 +93455,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.wistia.com/incidents/jtg0dfl5l224 + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: WitFoo - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus RNI Saas cves: cve-2021-4104: investigated: false @@ -87326,8 +93469,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.7 through 4.10 + - 4.4 through 4.6 + - '4.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -87341,13 +93487,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: WordPress - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Sensus SCS cves: cve-2021-4104: investigated: false @@ -87370,13 +93516,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/ + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Worksphere - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Smart Irrigation cves: cve-2021-4104: investigated: false @@ -87399,13 +93545,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228 + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Wowza - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Water Loss Management (Visenti) cves: cve-2021-4104: investigated: false @@ -87428,13 +93574,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: WSO2 - product: WSO2 Enterprise Integrator + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Xylem Cloud cves: cve-2021-4104: investigated: false @@ -87442,9 +93588,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 6.1.0 and above + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -87458,13 +93603,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: XCP-ng - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Xylem + product: Xylem Edge Gateway (xGW) cves: cve-2021-4104: investigated: false @@ -87487,41 +93632,46 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact + - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: XenForo - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: Yahoo + product: Vespa cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - - https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/ - notes: '' + - https://blog.vespa.ai/log4j-vulnerability/ + notes: Your Vespa application may still be affected if log4j is included in your + application package. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Xerox + - vendor: Yellowbrick product: '' cves: cve-2021-4104: @@ -87545,13 +93695,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://securitydocs.business.xerox.com/wp-content/uploads/2021/12/Xerox-Special-Bulletin-XRX21-021-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.6.pdf + - https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: XPertDoc - product: '' + - vendor: YellowFin + product: All cves: cve-2021-4104: investigated: false @@ -87559,9 +93709,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 8.0.10.3, 9.7.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -87574,13 +93725,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.xpertdoc.com/pages/viewpage.action?pageId=87622727 - notes: '' + - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 + notes: v7 and v6 releases are not affected unless you have manually upgraded to + Log4j2. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: XPLG - product: '' + - vendor: Yenlo + product: Connext cves: cve-2021-4104: investigated: false @@ -87588,10 +93740,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2.x cve-2021-45046: investigated: false affected_versions: [] @@ -87603,13 +93756,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xplg.com/log4j-vulnerability-exploit-log4shell-xplg-secure/ - notes: '' + - https://www.yenlo.com/news/vulnerability-code-log4shell-log4j2/ + notes: Connext Platform (Managed WSO2 Cloud) and all underlying middleware components + are not vulnerable. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: XWIKI - product: '' + - vendor: YOKOGAWA + product: CENTUM VP cves: cve-2021-4104: investigated: false @@ -87632,13 +93786,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-zero-day-vulnerability/9557 - notes: '' + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Xylem - product: Aquatalk + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: CENTUM VP (other components) cves: cve-2021-4104: investigated: false @@ -87646,10 +93800,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87661,13 +93816,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf - notes: '' + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier is + still under investigation. references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Avensor + - vendor: YOKOGAWA + product: CI Server cves: cve-2021-4104: investigated: false @@ -87675,10 +93831,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87690,13 +93847,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Configuration change complete + - vendor: YOKOGAWA + product: Exaopc cves: cve-2021-4104: investigated: false @@ -87704,10 +93861,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87719,13 +93877,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus Analytics + - vendor: YOKOGAWA + product: Exaplog cves: cve-2021-4104: investigated: false @@ -87733,10 +93891,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87748,13 +93907,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus Automation Control Configuration change complete + - vendor: YOKOGAWA + product: Exaquantum cves: cve-2021-4104: investigated: false @@ -87762,10 +93921,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87777,13 +93937,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus Cathodic Protection Mitigation in process Mitigation in process + - vendor: YOKOGAWA + product: FAST/TOOLS cves: cve-2021-4104: investigated: false @@ -87791,10 +93951,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87806,13 +93967,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus FieldLogic LogServer + - vendor: YOKOGAWA + product: PRM cves: cve-2021-4104: investigated: false @@ -87820,10 +93981,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87835,13 +93997,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus Lighting Control + - vendor: YOKOGAWA + product: ProSafe-RS cves: cve-2021-4104: investigated: false @@ -87849,10 +94011,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87864,13 +94027,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus NetMetrics Configuration change complete + - vendor: YOKOGAWA + product: ProSafe-RS Lite cves: cve-2021-4104: investigated: false @@ -87878,10 +94041,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87893,13 +94057,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus RNI On Prem + - vendor: YOKOGAWA + product: STARDOM cves: cve-2021-4104: investigated: false @@ -87908,12 +94072,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.7 through 4.10 - - 4.4 through 4.6 - - '4.2' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87925,13 +94087,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus RNI Saas + - vendor: YOKOGAWA + product: VTSPortal cves: cve-2021-4104: investigated: false @@ -87940,12 +94102,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.7 through 4.10 - - 4.4 through 4.6 - - '4.2' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87957,13 +94117,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Sensus SCS + - vendor: YSoft + product: SAFEQ 4 cves: cve-2021-4104: investigated: false @@ -87971,10 +94131,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -87986,13 +94147,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Smart Irrigation + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 5 cves: cve-2021-4104: investigated: false @@ -88000,10 +94161,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -88015,13 +94177,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Water Loss Management (Visenti) + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 6 cves: cve-2021-4104: investigated: false @@ -88029,10 +94191,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: [] + fixed_versions: + - <=6.0.63 + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -88044,13 +94208,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Xylem Cloud + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Zabbix + product: '' cves: cve-2021-4104: investigated: false @@ -88073,13 +94237,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://blog.zabbix.com/zabbix-not-affected-by-the-log4j-exploit/17873/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Xylem - product: Xylem Edge Gateway (xGW) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ZAMMAD + product: '' cves: cve-2021-4104: investigated: false @@ -88102,12 +94266,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf + - https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256 notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Yellowbrick + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Zaproxy product: '' cves: cve-2021-4104: @@ -88131,12 +94295,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability + - https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: YellowFin + - vendor: Zebra product: '' cves: cve-2021-4104: @@ -88160,23 +94324,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 + - https://www.zebra.com/us/en/support-downloads/lifeguard-security/cve-2021-442280-dubbed-log4shell-or-logjam-vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: YOKOGAWA - product: '' + - vendor: Zeiss + product: Cataract Suite cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -88189,23 +94355,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ - notes: '' + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: YSoft SAFEQ - product: '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: EQ Workplace cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.6, 1.8 unaffected_versions: [] cve-2021-45046: investigated: false @@ -88218,23 +94386,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf - notes: '' + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Zabbix - product: '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: FORUM cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.2.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -88247,23 +94417,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.zabbix.com/zabbix-not-affected-by-the-log4j-exploit/17873/ - notes: '' + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ZAMMAD - product: '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Glaucoma Workplace cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.5.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -88276,23 +94448,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256 - notes: '' + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Zaproxy - product: '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Laser Treatment Workplace cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -88305,23 +94479,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/ - notes: '' + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Zebra - product: '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Retina Workplace cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2.5.x, 2.6.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -88334,11 +94510,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.zebra.com/us/en/support-downloads/lifeguard-security/cve-2021-442280-dubbed-log4shell-or-logjam-vulnerability.html - notes: '' + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-02-01T00:00:00' - vendor: Zendesk product: All Products cves: @@ -88431,34 +94607,137 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Zerto - product: '' + product: Cloud Appliance cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://help.zerto.com/kb/000004822 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Cloud Manager + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zerto.com/kb/000004822 + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Virtual Manager + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zerto.com/kb/000004822 + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Virtual Replication Appliance + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zerto.com/kb/000004822 + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' - vendor: Zesty product: '' cves: @@ -88546,29 +94825,66 @@ software: references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: Zoom - product: '' + - vendor: Zoho + product: Online cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zoho.com/portal/en/community/topic/update-on-the-recent-apache-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zoom + product: '' + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' vendor_links: - https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache notes: '' @@ -88663,13 +94979,80 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zyxel - product: Security Firewall/Gateways + product: All other products cves: cve-2021-4104: - investigated: false + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true affected_versions: [] fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Zyxel + product: Netlas Element Management System (EMS) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability + notes: Hotfix availibility Dec. 20 2021. Patch availability in end of Feb. 2022. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Zyxel + product: Security Firewall/Gateways + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] @@ -88678,15 +95061,17 @@ software: - ZLD Firmware Security Services - Nebula cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability notes: '' diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index f569214..17499a2 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -475,6 +475,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Advanced Micro Devices (AMD) + product: All + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' - vendor: Advanced Systems Concepts (formally Jscape) product: Active MFT cves: diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 5cb247d..8368b2e 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -216,10 +216,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -235,7 +236,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software cves: @@ -245,9 +246,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -264,7 +266,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Outlook® Safety Infusion System Pump family cves: @@ -274,10 +276,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -293,7 +296,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Pinnacle® Compounder cves: @@ -303,10 +306,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -322,7 +326,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Pump, SpaceStation, and Space® Wireless Battery) cves: @@ -332,10 +336,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -351,7 +356,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® Space® Infusion @@ -362,10 +367,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -381,7 +387,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BD product: Arctic Sun™ Analytics cves: @@ -760,7 +766,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Beckman Coulter - product: '' + product: Access 2 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -768,10 +774,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T 5diff (Hematology) + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -787,7 +824,2018 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T Family (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU2700 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU480 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5400 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5800 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU640 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU680 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1200 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1250 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2500 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2550 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 Fit (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 500 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 520 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 560 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 600 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 690T (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 800 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 900 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS II (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM Autoplak (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1040 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1096 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Command Central (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Customers can follow instructions to remove log4j + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Insights (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Patch has been applied. + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Inventory Manager (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Workflow Manager (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxU Workcell (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUc (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUm (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HighFlexX Software (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX AL (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iChemVELOCITY (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: IMMAGE 800 (Nephelometry) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Intelligent Sample Banking ISB (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ipaw (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ Workcell (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ200 (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iRICELL (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LabPro Workstation and Database Computers Provided by Beckman Coulter + (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: The only known instance of vulnerability due to Log4J is using Axeda services + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH 500 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidemaker (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidestraine (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH750 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH780 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH785 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: MicroScan autoSCAN-4 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7300 (Blood Bank) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7400 (Blood Bank) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Express (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Link (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Processor (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PROService (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: RAP Box (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: REMISOL ADVANCE (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Sorting Drive (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 600 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 800 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 600 (Immunoassay System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 800 (Immunoassay System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 plus (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 SI (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 plus (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 SI (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' - vendor: Beijer Electronics product: acirro+ cves: diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index 696782e..ab59ef7 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -121,7 +121,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: Alphenix (Angio Workstation) + product: Canon DR Products CXDI_NE) cves: cve-2021-4104: investigated: false @@ -129,10 +129,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -145,10 +146,10 @@ software: unaffected_versions: [] vendor_links: - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability - notes: '' + notes: Such as Omnera, FlexPro, Soltus references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: CT Medical Imaging Products cves: @@ -158,10 +159,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -177,9 +179,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: Infinix-i (Angio Workstation) + product: Eye-Care Products cves: cve-2021-4104: investigated: false @@ -187,10 +189,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -206,7 +209,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: MR Medical Imaging Products cves: @@ -216,10 +219,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -235,7 +239,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: NM Medical Imaging Products cves: @@ -245,10 +249,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -264,7 +269,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: UL Medical Imaging Products cves: @@ -274,10 +279,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -293,7 +299,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: Vitrea Advanced 7.x cves: @@ -303,10 +309,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: VL Alphenix Angio Workstation (AWS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -322,9 +359,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: XR Medical Imaging Products + product: VL Infinix-i Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -332,10 +369,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: XR Medical Imaging Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -351,7 +419,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: CapStorm product: Copystorm cves: diff --git a/data/cisagov_E.yml b/data/cisagov_E.yml index 1578987..687ac2d 100644 --- a/data/cisagov_E.yml +++ b/data/cisagov_E.yml @@ -4524,7 +4524,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ewon - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4532,10 +4532,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4551,7 +4552,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-02-02T07:18:50+00:00' - vendor: Exabeam product: '' cves: diff --git a/data/cisagov_F.yml b/data/cisagov_F.yml index 8598911..adcaaab 100644 --- a/data/cisagov_F.yml +++ b/data/cisagov_F.yml @@ -2033,6 +2033,248 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000S series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS2000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V8 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V9 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH X1 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: TELLUS and V-Server + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 3 + - Version 4 + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: V-SFT + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 5 + - Version 6 + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' - vendor: Fujitsu product: '' cves: diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 88012b6..65b7c07 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: GE Digital - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35,7 +35,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Digital Grid - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -66,6 +66,549 @@ software: last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power product: Asset Performance Management (APM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed + in development environment and the team is currently deploying the fixes in + the production environment. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Baseline Security Center (BSC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power is still validating the workaround provided by FoxGuard in + Technical Information Notice – M1221-S01. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Baseline Security Center (BSC) 2.0 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the component of the BSC 2.0 that + is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded + from link in reference section. This update is available to customer only and + has not been reviewed by CISA. + references: + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Control Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Please see vCenter. Control Server is not directly impacted. It is impacted + through vCenter. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: MyFleet + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: OPM Performance Intelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: OPM Performance Planning + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Tag Mapping Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: vCenter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the update provided by Vmware. The + update and instructions can be downloaded from link in reference section. This + update is available to customer only and has not been reviewed by CISA. + references: + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Healthcare + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securityupdate.gehealthcare.com + notes: This advisory is not available at the time of this review, due to maintence + on the GE Healthcare website. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Gearset + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Genesys + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GeoServer + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GeoSolutions + product: GeoNetwork + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: GeoSolutions + product: GeoServer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: Gerrit Code Review + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.gerritcodereview.com/2021-12-13-log4j-statement.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GFI Software + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GFI Software + product: Kerio Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ghidra + product: All cves: cve-2021-4104: investigated: false @@ -88,13 +631,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: GE verifying workaround. + - https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Baseline Security Center (BSC) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ghisler + product: Total Commander cves: cve-2021-4104: investigated: false @@ -102,10 +645,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -117,14 +661,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details. + - https://www.ghisler.com/whatsnew.htm + notes: Third Party plugins might contain log4j. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Baseline Security Center (BSC) 2.0 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Gigamon + product: Fabric Manager cves: cve-2021-4104: investigated: false @@ -132,9 +675,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - <5.13.01.02 unaffected_versions: [] cve-2021-45046: investigated: false @@ -147,14 +691,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details + - https://community.gigamon.com/gigamoncp/s/my-gigamon + notes: Updates available via the Gigamon Support Portal. This advisory available + to customers only and has not been reviewed by CISA. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Control Server + last_updated: '2021-12-21T00:00:00' + - vendor: GitHub + product: GitHub cves: cve-2021-4104: investigated: false @@ -162,9 +706,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - GitHub.com and GitHub Enterprise Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -177,14 +722,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: The Control Server is Affected via vCenter. There is a fix for vCenter. - Please see below. GE verifying the vCenter fix as proposed by the vendor. + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Tag Mapping Service + last_updated: '2021-12-17T00:00:00' + - vendor: GitHub + product: GitHub Enterprise Server cves: cve-2021-4104: investigated: false @@ -192,9 +736,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.0.22 + - 3.1.14 + - 3.2.6 + - 3.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -207,13 +755,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Healthcare - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: GitLab + product: All cves: cve-2021-4104: investigated: false @@ -221,10 +769,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -236,14 +785,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://securityupdate.gehealthcare.com - notes: This advisory is not available at the time of this review, due to maintence - on the GE Healthcare website. + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Gearset - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: DAST Analyzer cves: cve-2021-4104: investigated: false @@ -251,10 +799,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -266,13 +815,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021 + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Genesys - product: '' + - vendor: GitLab + product: Dependency Scanning cves: cve-2021-4104: investigated: false @@ -280,9 +829,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -295,13 +845,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GeoServer - product: '' + - vendor: GitLab + product: Gemnasium-Maven cves: cve-2021-4104: investigated: false @@ -309,9 +859,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -324,13 +875,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gerrit code review - product: '' + - vendor: GitLab + product: PMD OSS cves: cve-2021-4104: investigated: false @@ -338,9 +889,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -353,13 +905,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gerritcodereview.com/2021-12-13-log4j-statement.html + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GFI - product: '' + - vendor: GitLab + product: SAST cves: cve-2021-4104: investigated: false @@ -367,9 +919,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -382,13 +935,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ghidra - product: '' + - vendor: GitLab + product: Spotbugs cves: cve-2021-4104: investigated: false @@ -396,9 +949,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -411,13 +965,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gigamon - product: Fabric Manager + - vendor: Globus + product: All cves: cve-2021-4104: investigated: false @@ -425,9 +979,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <5.13.01.02 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -441,14 +994,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.gigamon.com/gigamoncp/s/my-gigamon - notes: Updates available via the Gigamon Support Portal. This advisory available - to customers only and has not been reviewed by CISA. + - https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: GitHub - product: GitHub + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GoAnywhere + product: Agents cves: cve-2021-4104: investigated: false @@ -459,7 +1011,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - GitHub.com and GitHub Enterprise Cloud + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -472,13 +1024,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: GitLab - product: '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Gateway cves: cve-2021-4104: investigated: false @@ -486,9 +1038,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Version 2.7.0 or later unaffected_versions: [] cve-2021-45046: investigated: false @@ -501,13 +1054,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763 + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Globus - product: '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: MFT cves: cve-2021-4104: investigated: false @@ -515,9 +1068,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Version 5.3.0 or later unaffected_versions: [] cve-2021-45046: investigated: false @@ -530,13 +1084,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4 + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-18T00:00:00' - vendor: GoAnywhere - product: Gateway + product: MFT Agents cves: cve-2021-4104: investigated: false @@ -546,7 +1100,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.8.4 + - 1.4.2 or later fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -561,12 +1115,12 @@ software: unaffected_versions: [] vendor_links: - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps - notes: '' + notes: Versions less than GoAnywhere Agent version 1.4.2 are not affected. references: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoAnywhere - product: MFT + product: Open PGP Studio cves: cve-2021-4104: investigated: false @@ -575,9 +1129,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 6.8.6 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -596,7 +1150,7 @@ software: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoAnywhere - product: MFT Agents + product: Suveyor/400 cves: cve-2021-4104: investigated: false @@ -605,10 +1159,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 1.6.5 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -626,7 +1180,7 @@ software: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoCD - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -666,7 +1220,8 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: true affected_versions: [] @@ -693,10 +1248,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -723,10 +1279,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -755,10 +1312,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -785,10 +1343,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -815,10 +1374,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -845,10 +1405,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -878,10 +1439,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -908,10 +1470,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -938,10 +1501,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -968,10 +1532,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -998,10 +1563,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1032,10 +1598,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1062,10 +1629,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1092,10 +1660,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1127,10 +1696,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1160,10 +1730,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1193,10 +1764,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1223,10 +1795,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1253,10 +1826,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1283,10 +1857,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1313,10 +1888,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1343,10 +1919,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1373,10 +1950,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1403,10 +1981,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1433,10 +2012,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1463,10 +2043,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1493,10 +2074,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1524,10 +2106,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1554,10 +2137,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1584,10 +2168,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1614,10 +2199,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1644,10 +2230,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1674,10 +2261,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1707,10 +2295,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1737,10 +2326,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1772,10 +2362,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1802,10 +2393,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1832,10 +2424,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1862,10 +2455,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1892,10 +2486,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1922,10 +2517,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1952,10 +2548,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1982,10 +2579,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2015,10 +2613,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2045,10 +2644,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2075,10 +2675,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2105,10 +2706,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2135,10 +2737,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2165,10 +2768,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2195,10 +2799,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2225,10 +2830,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2255,10 +2861,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2285,10 +2892,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2315,10 +2923,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2348,10 +2957,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2381,10 +2991,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2411,10 +3022,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2441,10 +3053,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2474,10 +3087,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2504,10 +3118,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2534,10 +3149,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2564,10 +3180,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2594,10 +3211,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2624,10 +3242,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2654,10 +3273,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2684,10 +3304,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2714,10 +3335,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2744,10 +3366,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2774,10 +3397,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2804,10 +3428,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2834,10 +3459,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2866,10 +3492,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2896,10 +3523,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2926,10 +3554,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2956,10 +3585,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2988,10 +3618,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3021,10 +3652,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3051,10 +3683,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3085,10 +3718,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3117,10 +3751,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3150,10 +3785,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3180,10 +3816,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3210,10 +3847,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3240,10 +3878,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3270,10 +3909,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3300,10 +3940,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3330,10 +3971,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3362,10 +4004,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3392,10 +4035,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3422,10 +4066,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3452,10 +4097,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3482,10 +4128,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3512,10 +4159,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3542,10 +4190,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3575,10 +4224,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3605,10 +4255,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3635,10 +4286,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3665,10 +4317,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3695,10 +4348,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3732,10 +4386,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3762,10 +4417,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3792,10 +4448,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3822,10 +4479,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3855,10 +4513,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3885,10 +4544,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3915,10 +4575,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3945,10 +4606,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3975,10 +4637,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4005,10 +4668,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4038,10 +4702,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4068,10 +4733,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4098,10 +4764,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4128,10 +4795,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4158,10 +4826,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4188,10 +4857,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4218,10 +4888,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4248,10 +4919,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4278,10 +4950,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4308,10 +4981,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4338,10 +5012,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4368,10 +5043,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4398,10 +5074,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4428,10 +5105,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4458,10 +5136,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4488,10 +5167,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4518,10 +5198,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4548,10 +5229,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4578,10 +5260,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4608,10 +5291,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4630,7 +5314,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Gradle - product: Gradle + product: All cves: cve-2021-4104: investigated: false @@ -4638,10 +5322,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4668,9 +5353,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - < 2021.3.6 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -4698,9 +5383,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - < 10.1 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -4728,9 +5413,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - < 1.6.2 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -4749,7 +5434,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grafana - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4757,10 +5442,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4778,7 +5464,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grandstream - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5016,8 +5702,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee.io - product: '' + - vendor: Gravwell + product: All cves: cve-2021-4104: investigated: false @@ -5025,10 +5711,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5040,13 +5727,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products + notes: Gravwell products do not use Java. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravwell - product: '' + - vendor: Graylog + product: All cves: cve-2021-4104: investigated: false @@ -5054,9 +5741,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.3.15 + - 4.0.14 + - 4.1.9 + - 4.2.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5069,8 +5760,10 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products - notes: '' + - https://www.graylog.org/post/graylog-update-for-log4j + notes: The vulnerable Log4j library is used to record GrayLogs own log information. + Vulnerability is not triggered when GrayLog stores exploitation vector from + an outer system. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -5084,9 +5777,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - All versions >= 1.2.0 and <= 4.2.2 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -5105,7 +5798,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GreenShot - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5113,10 +5806,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5162,8 +5856,38 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: GuardedBox + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 3.1.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/GuardedBox/status/1469739834117799939 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Guidewire - product: '' + product: All cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index 7149f4a..2f4d413 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: K15t - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -34,7 +34,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: K6 - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -62,8 +62,68 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn SaaS in the classic Learn experience + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v3900.28.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn Self- and Managed-Hosting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v3900.26.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' - vendor: Karakun - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -92,7 +152,37 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kaseya - product: '' + product: AuthAnvil + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: BMS cves: cve-2021-4104: investigated: false @@ -100,10 +190,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: ID Agent DarkWeb ID and BullPhish ID + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -119,9 +240,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Keeper Security - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: IT Glue cves: cve-2021-4104: investigated: false @@ -129,10 +250,341 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: MyGlue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Network Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Passly + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: RocketCyber + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spannign Salesforce Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spanning O365 Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Unitrends + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Vorex + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: VSA SaaS and VSA On-Premises + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: KeePass + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keeper + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -149,8 +601,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP - product: '' + - vendor: Kemp + product: All cves: cve-2021-4104: investigated: false @@ -175,11 +627,41 @@ software: vendor_links: - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit notes: '' + references: + - '[Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-)' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keycloak + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/keycloak/keycloak/discussions/9078 + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP 2 - product: '' + - vendor: Kofax + product: Capture cves: cve-2021-4104: investigated: false @@ -187,10 +669,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Communication Manager + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.3 - 5.5 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -202,13 +715,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228- + - https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kofax - product: '' + product: Robot File System (RFS) cves: cve-2021-4104: investigated: false @@ -216,10 +729,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=10.7' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Robotic Process Automation (RPA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '11.1' + - '11.2' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -231,13 +776,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228) + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Konica Minolta - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -266,7 +811,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kronos UKG - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -295,7 +840,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kyberna - product: '' + product: All cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_Q.yml b/data/cisagov_Q.yml index 7062f16..5f2d36c 100644 --- a/data/cisagov_Q.yml +++ b/data/cisagov_Q.yml @@ -4,8 +4,841 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: + - vendor: Qconference + product: FaceTalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://qconferencing.com/status-vulnerability-log4j-en-qconferencing/ + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' - vendor: QF-Test - product: '' + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Qlik + product: AIS, including ARC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Attunity Visibility + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: AutoML + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Blendr + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DW + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - 6.6.1 + - '7.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.10.0 + - 4.10.1 + - 4.10.2 + - 4.11.0 + - 4.11.1 + - 4.12.0 + - 4.12.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2021.2' + - '2021.5' + - '2021.8' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Lakes + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6.6' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869987 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Wharehouses + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6.6' + - 6.6.1 + - '7.0' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869990 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Plus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.26.5 + - 5.27.5 - 5.28.2 + - 5.29.4 - 5.30.1 + - 5.31.1 + - 5.31.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.19.1 - 4.27.3 + - 4.23.4 + - 4.32.3 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nodegraph + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nprinting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: ODBC Connector Package + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: QEM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Alerting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - May 2021 release and after + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Data Transfer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Enterprise Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869994 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Forts + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik RepliWeb and ARC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Business + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise SaaS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik View cves: cve-2021-4104: investigated: false @@ -13,10 +846,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Web Connectors + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -28,13 +892,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: Qlik - product: '' + product: Replicate cves: cve-2021-4104: investigated: false @@ -42,10 +906,44 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: REST Connectors + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -61,7 +959,37 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Salesforce and SAP Connectors + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: Connectos are not affected. + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: QMATIC product: Appointment Booking cves: @@ -72,9 +1000,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 2.4+ - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -102,9 +1030,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Cloud/Managed Service - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -132,9 +1060,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Cloud - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -183,7 +1111,67 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: QNAP - product: '' + product: QES Operating System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: Qsirch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QTS Operating System cves: cve-2021-4104: investigated: false @@ -191,10 +1179,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QuTS Hero Operating System + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -212,7 +1231,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: QOPPA - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -240,8 +1259,37 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QOS.ch + product: SLF4J Simple Logging Facade for Java + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.slf4j.org/log4shell.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: QSC Q-SYS - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -270,7 +1318,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: QT - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -298,8 +1346,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Quest Global - product: '' + - vendor: Quest + product: Foglight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '5.9' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Foglight cves: cve-2021-4104: investigated: false @@ -307,10 +1385,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Quest KACE SMA + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index b2629d1..74a2c36 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -14,9 +14,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 4.2.x < 4.8.1.3 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -35,7 +35,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Wallarm - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -63,8 +63,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wallix + product: Access Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.wallix.com/fr/support/alerts/ + notes: Customer Portal for patch found in advisory. This patch is available to + customer only and has not been reviewed by CISA. + references: + - '' - vendor: Wasp Barcode technologies - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -92,8 +122,158 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Watcher + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/felix_hrn/status/1470387338001977344 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: AuthPoint + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Dimension + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: EDPR and Panda AD360 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Firebox + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WatchGuard - product: Secplicity + product: System Manager, Dimension, and Panda AD360 cves: cve-2021-4104: investigated: false @@ -101,10 +281,71 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Threat Detection and Response + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Wi-Fi Cloud + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -116,7 +357,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/ + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' @@ -160,9 +401,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 2.2 and prior - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -190,9 +431,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 1.30 and prior - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -210,6 +451,42 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: WildFly + product: All + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - < 22 + - '> 26.0.0.Final' + - '>= 22' + - <= 26.0.0.Beta1 + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/ + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' - vendor: Wind River product: LTS17 cves: @@ -484,7 +761,7 @@ software: - '' last_updated: '2022-01-21T00:00:00' - vendor: WireShark - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -492,10 +769,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -507,13 +785,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://gitlab.com/wireshark/wireshark/-/issues/17783 + - https://www.wireshark.org/news/20211215.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: Wistia - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -542,7 +820,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: WitFoo - product: '' + product: Precinct cves: cve-2021-4104: investigated: false @@ -552,7 +830,8 @@ software: cve-2021-44228: investigated: false affected_versions: [] - fixed_versions: [] + fixed_versions: + - 6.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -566,12 +845,13 @@ software: unaffected_versions: [] vendor_links: - https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ - notes: '' + notes: WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See + advisory. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: WordPress - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -579,10 +859,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -600,7 +881,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Worksphere - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -629,7 +910,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Wowza - product: '' + product: Streaming Engine cves: cve-2021-4104: investigated: false @@ -637,9 +918,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.7.8 + - 4.8.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -658,7 +941,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: WSO2 - product: WSO2 Enterprise Integrator + product: API Manager cves: cve-2021-4104: investigated: false @@ -667,10 +950,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.1.0 and above + affected_versions: [] + fixed_versions: + - '>= 3.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: API Manager Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 2.6.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -683,8 +996,458 @@ software: unaffected_versions: [] vendor_links: - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 6.1.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 6.6.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.9.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.7.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server as Key Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.9.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 3.2.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.1.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Dashboard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 4.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Monitoring Dashboard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking AM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 2.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking BI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.3.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking KM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 2.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator Tooling + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Processor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 4.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' ... diff --git a/data/cisagov_Y.yml b/data/cisagov_Y.yml index cc2fe73..006fd08 100644 --- a/data/cisagov_Y.yml +++ b/data/cisagov_Y.yml @@ -4,6 +4,40 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: + - vendor: Yahoo + product: Vespa + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://blog.vespa.ai/log4j-vulnerability/ + notes: Your Vespa application may still be affected if log4j is included in your + application package. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Yellowbrick product: '' cves: @@ -34,7 +68,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: YellowFin - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -42,10 +76,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 8.0.10.3, 9.7.0.2 + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 + notes: v7 and v6 releases are not affected unless you have manually upgraded to + Log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Yenlo + product: Connext + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 2.x cve-2021-45046: investigated: false affected_versions: [] @@ -57,13 +123,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 - notes: '' + - https://www.yenlo.com/news/vulnerability-code-log4shell-log4j2/ + notes: Connext Platform (Managed WSO2 Cloud) and all underlying middleware components + are not vulnerable. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: YOKOGAWA - product: '' + product: CENTUM VP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: CENTUM VP (other components) cves: cve-2021-4104: investigated: false @@ -71,10 +167,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier is + still under investigation. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: CI Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -91,8 +219,188 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: YSoft SAFEQ - product: '' + - vendor: YOKOGAWA + product: Exaopc + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: Exaplog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: Exaquantum + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: FAST/TOOLS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: PRM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: ProSafe-RS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: ProSafe-RS Lite cves: cve-2021-4104: investigated: false @@ -100,10 +408,101 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: STARDOM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: VTSPortal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YSoft + product: SAFEQ 4 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -119,5 +518,66 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 6 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - <=6.0.63 + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' ... diff --git a/data/cisagov_Z.yml b/data/cisagov_Z.yml index 0b56595..9cc36a6 100644 --- a/data/cisagov_Z.yml +++ b/data/cisagov_Z.yml @@ -133,7 +133,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.3.1' + - 1.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -164,7 +164,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.6, 1.8' + - 1.6, 1.8 unaffected_versions: [] cve-2021-45046: investigated: false @@ -195,7 +195,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '4.2.x' + - 4.2.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -226,7 +226,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '3.5.x' + - 3.5.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -257,7 +257,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.x' + - 1.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -288,7 +288,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2.5.x, 2.6.x' + - 2.5.x, 2.6.x unaffected_versions: [] cve-2021-45046: investigated: false