From 060c50db05f934410ba53a88c59d443b8ceadfb6 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Mon, 31 Jan 2022 16:00:10 -0700 Subject: [PATCH 01/55] Update cisagov_B.yml Updated BBraun status, updated Beckman Coulter --- data/cisagov_B.yml | 860 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 840 insertions(+), 20 deletions(-) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 5cb247d..d2ddc7f 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -216,10 +216,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -235,7 +236,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software cves: @@ -245,9 +246,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: investigated: false @@ -264,7 +266,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Outlook® Safety Infusion System Pump family cves: @@ -274,10 +276,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -293,7 +296,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Pinnacle® Compounder cves: @@ -303,10 +306,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -322,7 +326,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Pump, SpaceStation, and Space® Wireless Battery) cves: @@ -332,10 +336,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -351,7 +356,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® Space® Infusion @@ -362,10 +367,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -381,7 +387,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BD product: Arctic Sun™ Analytics cves: @@ -760,7 +766,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Beckman Coulter - product: '' + product: Access 2, Unicel DxI 600, Unicel DxI 800 (Immunoassay Systems) cves: cve-2021-4104: investigated: false @@ -768,10 +774,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxC700AU, AU480, AU640, AU680, AU 2700, AU5400, AU5800, AU5800 (Chemistry Systems) + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -787,7 +824,790 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 600, Unicel DxC 800 (Chemistry Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7300, PK7400 (Blood Bank) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PROService, RAP Box (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Inventory Manager (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Insights (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'All' + fixed_versions: + - 'Patch' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Patch has been applied + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: REMISOL ADVANCE (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Command Central (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'All' + fixed_versions: + - 'Workaround' + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Customers can follow instructions to remove log4j + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Workflow Manager (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 500/520/560 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 600, 800, SMS (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 900, 690T, SMS II (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX, HmX AL (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH 500, LH750, LH780, LH785, LH Slidemaker, LH Slidestraine (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T Family, Ac•T 5diff (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iRICELL, iQ Workcell, iChemVELOCITY, iQ200 (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUm, DxUc, DxU Workcell (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Express, Power Processor, Power Link (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1200, 1250, 2500, 2550 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000, DxA 5000 Fit (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ipaw, Intelligent Sample Banking ISB, Sorting Drive (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LabPro Workstation and Database Computers Provided by Beckman Coulter (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'All' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: The only known instance of vulnerability due to Log4J is using Axeda services + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: MicroScan autoSCAN-4 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HighFlexX Software (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 SI, WalkAway 96 SI, WalkAway 40 plus, WalkAway 96 plus (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1040, DxM WalkAway 1096, DxM Autoplak (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: IMMAGE 800 (Nephelometry) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' - vendor: Beijer Electronics product: acirro+ cves: From 6357717f67e726486f35aa54624f6c47d1d4e791 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 1 Feb 2022 15:34:52 +0000 Subject: [PATCH 02/55] Update the software list --- SOFTWARE-LIST.md | 16 +- data/cisagov.yml | 439 ++++++++++++++++++++++++++++++++++++++++++--- data/cisagov_Z.yml | 12 +- 3 files changed, 437 insertions(+), 30 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 45a5a86..e002271 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -3004,15 +3004,27 @@ NOTE: This file is automatically generated. To submit updates, please refer to | ZAMMAD | | | | Unknown | [link](https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zaproxy | | | | Unknown | [link](https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zebra | | | | Unknown | [link](https://www.zebra.com/us/en/support-downloads/lifeguard-security/cve-2021-442280-dubbed-log4shell-or-logjam-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Zeiss | Cataract Suite | | 1.3.1 | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | EQ Workplace | | 1.6, 1.8 | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | FORUM | | 4.2.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | Glaucoma Workplace | | 3.5.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | Laser Treatment Workplace | | 1.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | Retina Workplace | | 2.5.x, 2.6.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | | Zendesk | All Products | All Versions | | Affected | [link](https://support.zendesk.com/hc/en-us/articles/4413583476122) | Zendesk products are all cloud-based; thus there are no updates for the customers to install as the company is working on patching their infrastructure and systems. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | | Zenoss | | | | Unknown | [link](https://support.zenoss.com/hc/en-us) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zentera Systems, Inc. | CoIP Access Platform | | | Not Affected | [link](https://support.zentera.net/hc/en-us/articles/4416227743511--CVE-2021-44228-Log4Shell-Vulnerability-in-Apache-Log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Zerto | | | | Unknown | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Zerto | Cloud Appliance | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zerto | Cloud Manager | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zerto | Virtual Manager | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zerto | Virtual Replication Appliance | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | | Zesty | | | | Unknown | [link](https://www.zesty.io/mindshare/company-announcements/log4j-exploit/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zimbra | | | | Unknown | [link](https://bugzilla.zimbra.com/show_bug.cgi?id=109428) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zix | | | | Unknown | [link](https://status.appriver.com/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Zoom | | | | Unknown | [link](https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Zoho | Online | | | Unknown | [link](https://help.zoho.com/portal/en/community/topic/update-on-the-recent-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zoom | | | | Not Affected | [link](https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ZPE systems Inc | | | | Unknown | [link](https://support.zpesystems.com/portal/en/kb/articles/is-nodegrid-os-and-zpe-cloud-affected-by-cve-2021-44228-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zscaler | See Link (Multiple Products) | | | Unknown | [link](https://trust.zscaler.com/posts/9581) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Zyxel | | | | Unknown | [link](https://www.zyxel.com/support/Zyxel_security_advisory_for_Apache_Log4j_RCE_vulnerability.shtml) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Zyxel | All other products | | | Not Affected | [link](https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Zyxel | Netlas Element Management System (EMS) | | | Affected | [link](https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability) | Hotfix availibility Dec. 20 2021. Patch availability in end of Feb. 2022. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Zyxel | Security Firewall/Gateways | | | Not Affected | [link](https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | diff --git a/data/cisagov.yml b/data/cisagov.yml index fec6c78..db38138 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -88339,6 +88339,192 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Zeiss + product: Cataract Suite + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.3.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: EQ Workplace + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.6, 1.8 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: FORUM + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.2.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Glaucoma Workplace + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 3.5.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Laser Treatment Workplace + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Retina Workplace + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.5.x, 2.6.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' - vendor: Zendesk product: All Products cves: @@ -88431,34 +88617,137 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Zerto - product: '' + product: Cloud Appliance cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://help.zerto.com/kb/000004822 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Cloud Manager + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zerto.com/kb/000004822 + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Virtual Manager + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zerto.com/kb/000004822 + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Virtual Replication Appliance + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zerto.com/kb/000004822 + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' - vendor: Zesty product: '' cves: @@ -88546,29 +88835,66 @@ software: references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: Zoom - product: '' + - vendor: Zoho + product: Online cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zoho.com/portal/en/community/topic/update-on-the-recent-apache-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zoom + product: '' + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' vendor_links: - https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache notes: '' @@ -88663,13 +88989,80 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zyxel - product: Security Firewall/Gateways + product: All other products cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Zyxel + product: Netlas Element Management System (EMS) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability + notes: Hotfix availibility Dec. 20 2021. Patch availability in end of Feb. 2022. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Zyxel + product: Security Firewall/Gateways + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] @@ -88678,15 +89071,17 @@ software: - ZLD Firmware Security Services - Nebula cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability notes: '' diff --git a/data/cisagov_Z.yml b/data/cisagov_Z.yml index 0b56595..9cc36a6 100644 --- a/data/cisagov_Z.yml +++ b/data/cisagov_Z.yml @@ -133,7 +133,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.3.1' + - 1.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -164,7 +164,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.6, 1.8' + - 1.6, 1.8 unaffected_versions: [] cve-2021-45046: investigated: false @@ -195,7 +195,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '4.2.x' + - 4.2.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -226,7 +226,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '3.5.x' + - 3.5.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -257,7 +257,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.x' + - 1.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -288,7 +288,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2.5.x, 2.6.x' + - 2.5.x, 2.6.x unaffected_versions: [] cve-2021-45046: investigated: false From a4200ad0c4bb178887442acb86fc4e3daef394cf Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 10:44:33 -0500 Subject: [PATCH 03/55] Remove whitespace --- data/cisagov_B.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index d2ddc7f..6013fc4 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -1127,7 +1127,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter product: DxH 900, 690T, SMS II (Hematology) cves: From 768dc4061d1486665ba23823a78ed90ce8ef9f39 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 11:37:14 -0500 Subject: [PATCH 04/55] Sort and separate products --- data/cisagov_B.yml | 1299 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 1263 insertions(+), 36 deletions(-) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 6013fc4..311f50c 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -766,7 +766,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Beckman Coulter - product: Access 2, Unicel DxI 600, Unicel DxI 800 (Immunoassay Systems) + product: Access 2 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -796,7 +796,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxC700AU, AU480, AU640, AU680, AU 2700, AU5400, AU5800, AU5800 (Chemistry Systems) + product: Ac•T Family (Hematology) cves: cve-2021-4104: investigated: false @@ -826,7 +826,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: Unicel DxC 600, Unicel DxC 800 (Chemistry Systems) + product: Ac•T 5diff (Hematology) cves: cve-2021-4104: investigated: false @@ -856,7 +856,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: PK7300, PK7400 (Blood Bank) + product: AU480 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -886,7 +886,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: PROService, RAP Box (Information Systems) + product: AU640 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -915,6 +915,726 @@ software: references: - '' last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU680 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU2700 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5400 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5800 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1200 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1250 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2500 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2550 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 Fit (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 500 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 520 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 560 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 600 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 800 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 900 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 690T (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS II (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM Autoplak (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1040 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1096 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Command Central (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Customers can follow instructions to remove log4j + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Insights (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Patch has been applied. + references: + - '' + last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter product: DxONE Inventory Manager (Information Systems) cves: @@ -946,7 +1666,277 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxONE Insights (Information Systems) + product: DxONE Workflow Manager (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxU Workcell (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUc (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUm (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HighFlexX Software (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX AL (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iChemVELOCITY (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: IMMAGE 800 (Nephelometry) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Intelligent Sample Banking ISB (Lab Automation) cves: cve-2021-4104: investigated: false @@ -955,11 +1945,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: [] + unaffected_versions: - 'All' - fixed_versions: - - 'Patch' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ipaw (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -972,12 +1991,12 @@ software: unaffected_versions: [] vendor_links: - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: Patch has been applied + notes: '' references: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: REMISOL ADVANCE (Information Systems) + product: iQ200 (Urinalysis) cves: cve-2021-4104: investigated: false @@ -1007,7 +2026,67 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxONE Command Central (Information Systems) + product: iQ Workcell (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iRICELL (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LabPro Workstation and Database Computers Provided by Beckman Coulter (Microbiology) cves: cve-2021-4104: investigated: false @@ -1018,8 +2097,36 @@ software: investigated: true affected_versions: - 'All' - fixed_versions: - - 'Workaround' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: The only known instance of vulnerability due to Log4J is using Axeda services + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH 500 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] unaffected_versions: - 'All' cve-2021-45046: @@ -1034,12 +2141,12 @@ software: unaffected_versions: [] vendor_links: - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: Customers can follow instructions to remove log4j + notes: '' references: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxONE Workflow Manager (Information Systems) + product: LH750 (Hematology) cves: cve-2021-4104: investigated: false @@ -1069,7 +2176,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxH 500/520/560 (Hematology) + product: LH780 (Hematology) cves: cve-2021-4104: investigated: false @@ -1099,7 +2206,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxH 600, 800, SMS (Hematology) + product: LH785 (Hematology) cves: cve-2021-4104: investigated: false @@ -1129,7 +2236,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxH 900, 690T, SMS II (Hematology) + product: LH Slidemaker (Hematology) cves: cve-2021-4104: investigated: false @@ -1159,7 +2266,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: HmX, HmX AL (Hematology) + product: LH Slidestraine (Hematology) cves: cve-2021-4104: investigated: false @@ -1189,7 +2296,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: LH 500, LH750, LH780, LH785, LH Slidemaker, LH Slidestraine (Hematology) + product: MicroScan autoSCAN-4 (Microbiology) cves: cve-2021-4104: investigated: false @@ -1219,7 +2326,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: Ac•T Family, Ac•T 5diff (Hematology) + product: PK7300 (Blood Bank) cves: cve-2021-4104: investigated: false @@ -1249,7 +2356,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: iRICELL, iQ Workcell, iChemVELOCITY, iQ200 (Urinalysis) + product: PK7400 (Blood Bank) cves: cve-2021-4104: investigated: false @@ -1279,7 +2386,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxUm, DxUc, DxU Workcell (Urinalysis) + product: Power Express (Lab Automation) cves: cve-2021-4104: investigated: false @@ -1309,7 +2416,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: Power Express, Power Processor, Power Link (Lab Automation) + product: Power Link (Lab Automation) cves: cve-2021-4104: investigated: false @@ -1339,7 +2446,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: AutoMate 1200, 1250, 2500, 2550 (Lab Automation) + product: Power Processor (Lab Automation) cves: cve-2021-4104: investigated: false @@ -1369,7 +2476,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxA 5000, DxA 5000 Fit (Lab Automation) + product: PROService (Information Systems) cves: cve-2021-4104: investigated: false @@ -1399,7 +2506,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: Ipaw, Intelligent Sample Banking ISB, Sorting Drive (Lab Automation) + product: RAP Box (Information Systems) cves: cve-2021-4104: investigated: false @@ -1429,7 +2536,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: LabPro Workstation and Database Computers Provided by Beckman Coulter (Microbiology) + product: REMISOL ADVANCE (Information Systems) cves: cve-2021-4104: investigated: false @@ -1438,10 +2545,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: [] + unaffected_versions: - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Sorting Drive (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1454,12 +2591,12 @@ software: unaffected_versions: [] vendor_links: - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: The only known instance of vulnerability due to Log4J is using Axeda services + notes: '' references: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: MicroScan autoSCAN-4 (Microbiology) + product: Unicel DxC 600 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -1489,7 +2626,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: HighFlexX Software (Microbiology) + product: Unicel DxC 800 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -1519,7 +2656,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: WalkAway 40 SI, WalkAway 96 SI, WalkAway 40 plus, WalkAway 96 plus (Microbiology) + product: Unicel DxI 600 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -1549,7 +2686,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxM WalkAway 1040, DxM WalkAway 1096, DxM Autoplak (Microbiology) + product: Unicel DxI 800 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -1579,7 +2716,97 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: IMMAGE 800 (Nephelometry) + product: WalkAway 40 plus (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 SI (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 plus (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 SI (Microbiology) cves: cve-2021-4104: investigated: false From 87863c903d5689d9ea40d8d497a343d6913cfa93 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 1 Feb 2022 16:41:25 +0000 Subject: [PATCH 05/55] Update the software list --- SOFTWARE-LIST.md | 82 +- data/cisagov.yml | 2088 +++++++++++++++++++++++++++++++++++++++++++- data/cisagov_B.yml | 187 ++-- 3 files changed, 2237 insertions(+), 120 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index e002271..88658c9 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -202,12 +202,12 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Barco | | | | Unknown | [link](https://www.barco.com/en/support/knowledge-base/kb12495) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Barracuda | | | | Unknown | [link](https://www.barracuda.com/company/legal/trust-center) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Baxter | | | | Unknown | [link](https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | APEX® Compounder | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | Outlook® Safety Infusion System Pump family | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | Pinnacle® Compounder | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | Pump, SpaceStation, and Space® Wireless Battery) | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® Space® Infusion | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BBraun | APEX® Compounder | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software | | All | Fixed | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Outlook® Safety Infusion System Pump family | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Pinnacle® Compounder | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Pump, SpaceStation, and Space® Wireless Battery) | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® Space® Infusion | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | | BD | Arctic Sun™ Analytics | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | BD | BD Diabetes Care App Cloud | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | BD | BD HealthSight™ Clinical Advisor | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | @@ -221,7 +221,75 @@ NOTE: This file is automatically generated. To submit updates, please refer to | BD | BD Knowledge Portal for Medication Technologies | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | BD | BD Synapsys™ Informatics Solution | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | BD | BD Veritor™ COVID At Home Solution Cloud | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Beckman Coulter | | | | Unknown | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Beckman Coulter | Access 2 (Immunoassay System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Ac•T 5diff (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Ac•T Family (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU2700 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU480 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU5400 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU5800 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU640 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU680 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AutoMate 1200 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AutoMate 1250 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AutoMate 2500 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AutoMate 2550 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxA 5000 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxA 5000 Fit (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 500 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 520 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 560 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 600 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 690T (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 800 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 900 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH SMS (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH SMS II (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxM Autoplak (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxM WalkAway 1040 (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxM WalkAway 1096 (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxONE Command Central (Information Systems) | | All | Fixed | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | Customers can follow instructions to remove log4j | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxONE Insights (Information Systems) | | | Fixed | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | Patch has been applied. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxONE Inventory Manager (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxONE Workflow Manager (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxU Workcell (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxUc (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxUm (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | HighFlexX Software (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | HmX (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | HmX AL (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | iChemVELOCITY (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | IMMAGE 800 (Nephelometry) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Intelligent Sample Banking ISB (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Ipaw (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | iQ Workcell (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | iQ200 (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | iRICELL (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LabPro Workstation and Database Computers Provided by Beckman Coulter (Microbiology) | All | | Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | The only known instance of vulnerability due to Log4J is using Axeda services | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH 500 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH Slidemaker (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH Slidestraine (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH750 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH780 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH785 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | MicroScan autoSCAN-4 (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | PK7300 (Blood Bank) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | PK7400 (Blood Bank) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Power Express (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Power Link (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Power Processor (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | PROService (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | RAP Box (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | REMISOL ADVANCE (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Sorting Drive (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Unicel DxC 600 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Unicel DxC 800 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Unicel DxI 600 (Immunoassay System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Unicel DxI 800 (Immunoassay System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | WalkAway 40 plus (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | WalkAway 40 SI (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | WalkAway 96 plus (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | WalkAway 96 SI (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | | Beijer Electronics | acirro+ | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Beijer Electronics | BFI frequency inverters | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Beijer Electronics | BSD servo drives | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | diff --git a/data/cisagov.yml b/data/cisagov.yml index db38138..f5148b9 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -5446,10 +5446,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5465,7 +5466,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software cves: @@ -5475,9 +5476,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -5494,7 +5496,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Outlook® Safety Infusion System Pump family cves: @@ -5504,10 +5506,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5523,7 +5526,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Pinnacle® Compounder cves: @@ -5533,10 +5536,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5552,7 +5556,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Pump, SpaceStation, and Space® Wireless Battery) cves: @@ -5562,10 +5566,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5581,7 +5586,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® Space® Infusion @@ -5592,10 +5597,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5611,7 +5617,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BD product: Arctic Sun™ Analytics cves: @@ -5990,7 +5996,37 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Beckman Coulter - product: '' + product: Access 2 (Immunoassay System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T 5diff (Hematology) cves: cve-2021-4104: investigated: false @@ -5998,10 +6034,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T Family (Hematology) + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6017,7 +6084,1988 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU2700 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU480 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5400 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5800 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU640 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU680 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1200 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1250 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2500 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2550 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 Fit (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 500 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 520 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 560 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 600 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 690T (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 800 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 900 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS II (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM Autoplak (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1040 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1096 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Command Central (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Customers can follow instructions to remove log4j + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Insights (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Patch has been applied. + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Inventory Manager (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Workflow Manager (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxU Workcell (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUc (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUm (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HighFlexX Software (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX AL (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iChemVELOCITY (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: IMMAGE 800 (Nephelometry) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Intelligent Sample Banking ISB (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ipaw (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ Workcell (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ200 (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iRICELL (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LabPro Workstation and Database Computers Provided by Beckman Coulter + (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: The only known instance of vulnerability due to Log4J is using Axeda services + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH 500 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidemaker (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidestraine (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH750 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH780 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH785 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: MicroScan autoSCAN-4 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7300 (Blood Bank) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7400 (Blood Bank) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Express (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Link (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Processor (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PROService (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: RAP Box (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: REMISOL ADVANCE (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Sorting Drive (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 600 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 800 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 600 (Immunoassay System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 800 (Immunoassay System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 plus (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 SI (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 plus (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 SI (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' - vendor: Beijer Electronics product: acirro+ cves: diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 311f50c..8368b2e 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -220,7 +220,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -249,7 +249,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -280,7 +280,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -310,7 +310,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -340,7 +340,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -371,7 +371,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -778,7 +778,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -796,7 +796,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: Ac•T Family (Hematology) + product: Ac•T 5diff (Hematology) cves: cve-2021-4104: investigated: false @@ -808,7 +808,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -826,7 +826,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: Ac•T 5diff (Hematology) + product: Ac•T Family (Hematology) cves: cve-2021-4104: investigated: false @@ -838,7 +838,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -856,7 +856,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: AU480 (Chemistry System) + product: AU2700 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -868,7 +868,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -886,7 +886,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: AU640 (Chemistry System) + product: AU480 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -898,7 +898,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -916,7 +916,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: AU680 (Chemistry System) + product: AU5400 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -928,7 +928,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -946,7 +946,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: AU2700 (Chemistry System) + product: AU5800 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -958,7 +958,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -976,7 +976,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: AU5400 (Chemistry System) + product: AU640 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -988,7 +988,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1006,7 +1006,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: AU5800 (Chemistry System) + product: AU680 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -1018,7 +1018,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1048,7 +1048,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1078,7 +1078,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1108,7 +1108,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1138,7 +1138,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1168,7 +1168,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1198,7 +1198,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1228,7 +1228,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1258,7 +1258,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1288,7 +1288,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1318,7 +1318,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1336,7 +1336,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxH 800 (Hematology) + product: DxH 690T (Hematology) cves: cve-2021-4104: investigated: false @@ -1348,7 +1348,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1366,7 +1366,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxH SMS (Hematology) + product: DxH 800 (Hematology) cves: cve-2021-4104: investigated: false @@ -1378,7 +1378,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1408,7 +1408,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1426,7 +1426,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxH 690T (Hematology) + product: DxH SMS (Hematology) cves: cve-2021-4104: investigated: false @@ -1438,7 +1438,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1468,7 +1468,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1498,7 +1498,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1528,7 +1528,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1558,7 +1558,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1587,7 +1587,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -1648,7 +1648,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1678,7 +1678,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1708,7 +1708,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1738,7 +1738,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1768,7 +1768,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1798,7 +1798,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1828,7 +1828,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1858,7 +1858,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1888,7 +1888,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1918,7 +1918,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1948,7 +1948,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1978,7 +1978,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1996,7 +1996,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: iQ200 (Urinalysis) + product: iQ Workcell (Urinalysis) cves: cve-2021-4104: investigated: false @@ -2008,7 +2008,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2026,7 +2026,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: iQ Workcell (Urinalysis) + product: iQ200 (Urinalysis) cves: cve-2021-4104: investigated: false @@ -2038,7 +2038,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2068,7 +2068,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2086,7 +2086,8 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: LabPro Workstation and Database Computers Provided by Beckman Coulter (Microbiology) + product: LabPro Workstation and Database Computers Provided by Beckman Coulter + (Microbiology) cves: cve-2021-4104: investigated: false @@ -2096,7 +2097,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'All' + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2128,7 +2129,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2146,7 +2147,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: LH750 (Hematology) + product: LH Slidemaker (Hematology) cves: cve-2021-4104: investigated: false @@ -2158,7 +2159,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2176,7 +2177,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: LH780 (Hematology) + product: LH Slidestraine (Hematology) cves: cve-2021-4104: investigated: false @@ -2188,7 +2189,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2206,7 +2207,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: LH785 (Hematology) + product: LH750 (Hematology) cves: cve-2021-4104: investigated: false @@ -2218,7 +2219,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2236,7 +2237,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: LH Slidemaker (Hematology) + product: LH780 (Hematology) cves: cve-2021-4104: investigated: false @@ -2248,7 +2249,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2266,7 +2267,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: LH Slidestraine (Hematology) + product: LH785 (Hematology) cves: cve-2021-4104: investigated: false @@ -2278,7 +2279,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2308,7 +2309,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2338,7 +2339,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2368,7 +2369,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2398,7 +2399,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2428,7 +2429,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2458,7 +2459,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2488,7 +2489,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2518,7 +2519,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2548,7 +2549,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2578,7 +2579,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2608,7 +2609,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2638,7 +2639,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2668,7 +2669,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2698,7 +2699,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2728,7 +2729,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2758,7 +2759,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2788,7 +2789,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2818,7 +2819,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] From 863158f02584055d45e3dae1773d8ab577ab721d Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 16:13:26 -0500 Subject: [PATCH 06/55] Add YSoft entries --- data/cisagov_Y.yml | 91 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) diff --git a/data/cisagov_Y.yml b/data/cisagov_Y.yml index cc2fe73..ad41e58 100644 --- a/data/cisagov_Y.yml +++ b/data/cisagov_Y.yml @@ -4,6 +4,97 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: + - vendor: YSoft + product: SAFEQ 4 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 6 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '<=6.0.63' + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' - vendor: Yellowbrick product: '' cves: From 8aca06ccc6785d143aa10b9171bdd0aaf4aa51e1 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 16:26:24 -0500 Subject: [PATCH 07/55] Add Yokogawa Products --- data/cisagov_Y.yml | 417 ++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 391 insertions(+), 26 deletions(-) diff --git a/data/cisagov_Y.yml b/data/cisagov_Y.yml index ad41e58..79edfbf 100644 --- a/data/cisagov_Y.yml +++ b/data/cisagov_Y.yml @@ -4,8 +4,159 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: - - vendor: YSoft - product: SAFEQ 4 + - vendor: Yahoo + product: Vespa + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://blog.vespa.ai/log4j-vulnerability/ + notes: Your Vespa application may still be affected if log4j is included in your application package. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Yellowbrick + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: YellowFin + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '8.0.10.3, 9.7.0.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 + notes: v7 and v6 releases are not affected unless you have manually upgraded to Log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Yenlo + product: Connext + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '2.x' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yenlo.com/news/vulnerability-code-log4shell-log4j2/ + notes: Connext Platform (Managed WSO2 Cloud) and all underlying middleware components are not vulnerable. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: YOKOGAWA + product: CENTUM VP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: CENTUM VP (other components) cves: cve-2021-4104: investigated: false @@ -29,13 +180,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier is still under investigation. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: CI Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' - last_updated: '2022-02-01T07:18:50+00:00' - - vendor: YSoft - product: SAFEQ 5 + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: Exaopc cves: cve-2021-4104: investigated: false @@ -59,13 +240,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' - last_updated: '2022-02-01T07:18:50+00:00' - - vendor: YSoft - product: SAFEQ 6 + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: Exaplog cves: cve-2021-4104: investigated: false @@ -75,8 +256,7 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '<=6.0.63' + fixed_versions: [] unaffected_versions: - '' cve-2021-45046: @@ -90,13 +270,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' - last_updated: '2022-02-01T07:18:50+00:00' - - vendor: Yellowbrick - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: Exaquantum cves: cve-2021-4104: investigated: false @@ -104,10 +284,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: FAST/TOOLS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -119,13 +330,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: YellowFin - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: PRM cves: cve-2021-4104: investigated: false @@ -133,10 +344,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: ProSafe-RS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -148,13 +390,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-22T00:00:00' - vendor: YOKOGAWA - product: '' + product: ProSafe-RS Lite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: STARDOM cves: cve-2021-4104: investigated: false @@ -162,10 +434,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: VTSPortal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -182,8 +485,8 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: YSoft SAFEQ - product: '' + - vendor: YSoft + product: SAFEQ 4 cves: cve-2021-4104: investigated: false @@ -191,10 +494,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -210,5 +544,36 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 6 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '<=6.0.63' + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' ... From 27ab8c3cb17d573a35e1251eb539dc1aa1965327 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 16:30:01 -0500 Subject: [PATCH 08/55] Fix trailing whitespace --- data/cisagov_Y.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_Y.yml b/data/cisagov_Y.yml index 79edfbf..ea12dca 100644 --- a/data/cisagov_Y.yml +++ b/data/cisagov_Y.yml @@ -36,7 +36,7 @@ software: notes: Your Vespa application may still be affected if log4j is included in your application package. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Yellowbrick product: '' cves: From c1649674e8e5eb09bfca9d2e60b9f9d9b8dfcbc0 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 1 Feb 2022 21:35:23 +0000 Subject: [PATCH 09/55] Update the software list --- SOFTWARE-LIST.md | 21 +- data/cisagov.yml | 474 ++++++++++++++++++++++++++++++++++++++++++++- data/cisagov_Y.yml | 18 +- 3 files changed, 496 insertions(+), 17 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 88658c9..c297288 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -3064,10 +3064,25 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Xylem | Water Loss Management (Visenti) | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Xylem | Xylem Cloud | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Xylem | Xylem Edge Gateway (xGW) | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Yahoo | Vespa | | | Not Affected | [link](https://blog.vespa.ai/log4j-vulnerability/) | Your Vespa application may still be affected if log4j is included in your application package. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Yellowbrick | | | | Unknown | [link](https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| YellowFin | | | | Unknown | [link](https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| YOKOGAWA | | | | Unknown | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| YSoft SAFEQ | | | | Unknown | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| YellowFin | All | | 8.0.10.3, 9.7.0.2 | Fixed | [link](https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2) | v7 and v6 releases are not affected unless you have manually upgraded to Log4j2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Yenlo | Connext | | | Not Affected | [link](https://www.yenlo.com/news/vulnerability-code-log4shell-log4j2/) | Connext Platform (Managed WSO2 Cloud) and all underlying middleware components are not vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| YOKOGAWA | CENTUM VP | | | Unknown | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | CENTUM VP (other components) | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier is still under investigation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | CI Server | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | Exaopc | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | Exaplog | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | Exaquantum | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | FAST/TOOLS | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | PRM | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | ProSafe-RS | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | ProSafe-RS Lite | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | STARDOM | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | VTSPortal | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YSoft | SAFEQ 4 | | | Not Affected | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| YSoft | SAFEQ 5 | | | Not Affected | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| YSoft | SAFEQ 6 | | <=6.0.63 | Fixed | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | | Zabbix | | | | Unknown | [link](https://blog.zabbix.com/zabbix-not-affected-by-the-log4j-exploit/17873/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ZAMMAD | | | | Unknown | [link](https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zaproxy | | | | Unknown | [link](https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index f5148b9..ae96426 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -90155,6 +90155,40 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: Yahoo + product: Vespa + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://blog.vespa.ai/log4j-vulnerability/ + notes: Your Vespa application may still be affected if log4j is included in your + application package. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Yellowbrick product: '' cves: @@ -90185,7 +90219,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: YellowFin - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -90193,10 +90227,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 8.0.10.3, 9.7.0.2 + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 + notes: v7 and v6 releases are not affected unless you have manually upgraded to + Log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Yenlo + product: Connext + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 2.x cve-2021-45046: investigated: false affected_versions: [] @@ -90208,13 +90274,74 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 - notes: '' + - https://www.yenlo.com/news/vulnerability-code-log4shell-log4j2/ + notes: Connext Platform (Managed WSO2 Cloud) and all underlying middleware components + are not vulnerable. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: YOKOGAWA - product: '' + product: CENTUM VP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: CENTUM VP (other components) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier is + still under investigation. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: CI Server cves: cve-2021-4104: investigated: false @@ -90222,10 +90349,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: Exaopc + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -90242,8 +90400,8 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: YSoft SAFEQ - product: '' + - vendor: YOKOGAWA + product: Exaplog cves: cve-2021-4104: investigated: false @@ -90251,10 +90409,251 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: Exaquantum + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: FAST/TOOLS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: PRM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: ProSafe-RS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: ProSafe-RS Lite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: STARDOM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: VTSPortal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YSoft + product: SAFEQ 4 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -90270,7 +90669,68 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 6 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - <=6.0.63 + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' - vendor: Zabbix product: '' cves: diff --git a/data/cisagov_Y.yml b/data/cisagov_Y.yml index ea12dca..006fd08 100644 --- a/data/cisagov_Y.yml +++ b/data/cisagov_Y.yml @@ -33,7 +33,8 @@ software: - '' vendor_links: - https://blog.vespa.ai/log4j-vulnerability/ - notes: Your Vespa application may still be affected if log4j is included in your application package. + notes: Your Vespa application may still be affected if log4j is included in your + application package. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -78,7 +79,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '8.0.10.3, 9.7.0.2' + - 8.0.10.3, 9.7.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -92,7 +93,8 @@ software: unaffected_versions: [] vendor_links: - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 - notes: v7 and v6 releases are not affected unless you have manually upgraded to Log4j2. + notes: v7 and v6 releases are not affected unless you have manually upgraded to + Log4j2. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -109,7 +111,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '2.x' + - 2.x cve-2021-45046: investigated: false affected_versions: [] @@ -122,7 +124,8 @@ software: unaffected_versions: [] vendor_links: - https://www.yenlo.com/news/vulnerability-code-log4shell-log4j2/ - notes: Connext Platform (Managed WSO2 Cloud) and all underlying middleware components are not vulnerable. + notes: Connext Platform (Managed WSO2 Cloud) and all underlying middleware components + are not vulnerable. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -181,7 +184,8 @@ software: unaffected_versions: [] vendor_links: - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ - notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier is still under investigation. + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier is + still under investigation. references: - '' last_updated: '2021-12-22T00:00:00' @@ -557,7 +561,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '<=6.0.63' + - <=6.0.63 unaffected_versions: - '' cve-2021-45046: From e2f22c4620854471129cea0f0016df9fb885a377 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 16:38:36 -0500 Subject: [PATCH 10/55] Update Google Cloud to BigQuery --- data/cisagov_G.yml | 120 +++++++++++++++++++++++++++------------------ 1 file changed, 72 insertions(+), 48 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 88012b6..753ac03 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -693,10 +693,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -723,10 +724,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -755,10 +757,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -785,10 +788,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -815,10 +819,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -845,10 +850,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -878,10 +884,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -908,10 +915,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -938,10 +946,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -968,10 +977,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -998,10 +1008,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1032,10 +1043,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1062,10 +1074,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1092,10 +1105,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1127,10 +1141,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1160,10 +1175,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1193,10 +1209,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1223,10 +1240,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1253,10 +1271,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1283,10 +1302,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1313,10 +1333,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1343,10 +1364,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1373,10 +1395,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1403,10 +1426,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 14c20608663c9f66655d85bb79c2b8c1425d7d8c Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 16:46:24 -0500 Subject: [PATCH 11/55] Update Google Cloud to CompilerWorks --- data/cisagov_G.yml | 225 +++++++++++++++++++++++++++------------------ 1 file changed, 135 insertions(+), 90 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 753ac03..05a7dfb 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -1457,10 +1457,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1487,10 +1488,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1517,10 +1519,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1548,10 +1551,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1578,10 +1582,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1608,10 +1613,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1638,10 +1644,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1668,10 +1675,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1698,10 +1706,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1731,10 +1740,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1761,10 +1771,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1796,10 +1807,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1826,10 +1838,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1856,10 +1869,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1886,10 +1900,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1916,10 +1931,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1946,10 +1962,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1976,10 +1993,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2006,10 +2024,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2039,10 +2058,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2069,10 +2089,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2099,10 +2120,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2129,10 +2151,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2159,10 +2182,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2189,10 +2213,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2219,10 +2244,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2249,10 +2275,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2279,10 +2306,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2309,10 +2337,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2339,10 +2368,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2372,10 +2402,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2405,10 +2436,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2435,10 +2467,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2465,10 +2498,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2498,10 +2532,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2528,10 +2563,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2558,10 +2594,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2588,10 +2625,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2618,10 +2656,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2648,10 +2687,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2678,10 +2718,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2708,10 +2749,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2738,10 +2780,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2768,10 +2811,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2798,10 +2842,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 9f992c4144892df7a884dc39d29e88ef3c06f6fd Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 07:59:48 -0500 Subject: [PATCH 12/55] Update Google Cloud through Looker --- data/cisagov_G.yml | 150 +++++++++++++++++++++++++++------------------ 1 file changed, 90 insertions(+), 60 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 05a7dfb..8978cb5 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -2873,10 +2873,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2903,10 +2904,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2935,10 +2937,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2965,10 +2968,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2995,10 +2999,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3025,10 +3030,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3057,10 +3063,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3090,10 +3097,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3120,10 +3128,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3154,10 +3163,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3186,10 +3196,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3219,10 +3230,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3249,10 +3261,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3279,10 +3292,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3309,10 +3323,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3339,10 +3354,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3369,10 +3385,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3399,10 +3416,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3431,10 +3449,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3461,10 +3480,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3491,10 +3511,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3521,10 +3542,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3551,10 +3573,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3581,10 +3604,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3611,10 +3635,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3644,10 +3669,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3674,10 +3700,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3704,10 +3731,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3734,10 +3762,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3764,10 +3793,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 4ef7442b3c5f42dd2659656f1b346c6633da4b7a Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 08:05:56 -0500 Subject: [PATCH 13/55] Finish Google Cloud product updates --- data/cisagov_G.yml | 150 +++++++++++++++++++++++++++------------------ 1 file changed, 90 insertions(+), 60 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 8978cb5..af20044 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -3831,10 +3831,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3861,10 +3862,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3891,10 +3893,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3921,10 +3924,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3954,10 +3958,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3984,10 +3989,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4014,10 +4020,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4044,10 +4051,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4074,10 +4082,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4104,10 +4113,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4137,10 +4147,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4167,10 +4178,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4197,10 +4209,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4227,10 +4240,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4257,10 +4271,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4287,10 +4302,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4317,10 +4333,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4347,10 +4364,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4377,10 +4395,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4407,10 +4426,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4437,10 +4457,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4467,10 +4488,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4497,10 +4519,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4527,10 +4550,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4557,10 +4581,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4587,10 +4612,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4617,10 +4643,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4647,10 +4674,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4677,10 +4705,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4707,10 +4736,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From e10830cafac4ed3d70687b1815f3935fb56a3d8e Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 08:12:20 -0500 Subject: [PATCH 14/55] Update Gradle & Grafana products --- data/cisagov_G.yml | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index af20044..4c8d896 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -4759,7 +4759,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Gradle - product: Gradle + product: All cves: cve-2021-4104: investigated: false @@ -4767,10 +4767,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4797,9 +4798,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2021.3.6 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 2021.3.6' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4827,9 +4828,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 10.1 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 10.1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4857,9 +4858,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 1.6.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 1.6.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4878,7 +4879,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grafana - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4886,10 +4887,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 46331c4c53278fc02a4f3a40f717fa83ad141f09 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 08:25:14 -0500 Subject: [PATCH 15/55] Update GE Gas Power products --- data/cisagov_G.yml | 55 +++++++++++++++++++++++++--------------------- 1 file changed, 30 insertions(+), 25 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 4c8d896..2c86e88 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: GE Digital - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35,7 +35,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Digital Grid - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -73,9 +73,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -88,8 +89,9 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: GE verifying workaround. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently + deploying the fixes in the production environment. references: - '' last_updated: '2021-12-22T00:00:00' @@ -102,8 +104,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -117,9 +120,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power is still validating the workaroun provided by FoxGuard in Technical Information Notice – M1221-S01. references: - '' last_updated: '2021-12-22T00:00:00' @@ -132,9 +134,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -147,11 +150,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). + The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not + been reviewed by CISA. references: - - '' + - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power product: Control Server @@ -162,8 +166,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -177,9 +182,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: The Control Server is Affected via vCenter. There is a fix for vCenter. - Please see below. GE verifying the vCenter fix as proposed by the vendor. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter. references: - '' last_updated: '2021-12-22T00:00:00' @@ -192,9 +196,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -207,7 +212,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' From f510000b4d8d4e2edc96fc4779409f7b48f963ed Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 08:29:04 -0500 Subject: [PATCH 16/55] Fix whitespace --- data/cisagov_G.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 2c86e88..fb5c3eb 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -91,7 +91,7 @@ software: vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently - deploying the fixes in the production environment. + deploying the fixes in the production environment. references: - '' last_updated: '2021-12-22T00:00:00' @@ -152,7 +152,7 @@ software: vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf notes: GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). - The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not + The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. references: - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420' From 009cb1bf9086ebcbed75f27e9387e33a3ade7b3e Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 08:39:23 -0500 Subject: [PATCH 17/55] Add GE Gas products --- data/cisagov_G.yml | 122 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 122 insertions(+) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index fb5c3eb..c3be111 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -187,6 +187,96 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: MyFleet + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: OPM Performance Intelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: OPM Performance Planning + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power product: Tag Mapping Service cves: @@ -217,6 +307,38 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: vCenter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the update provided by Vmware. + The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not + been reviewed by CISA. + references: + - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417' + last_updated: '2021-12-22T00:00:00' - vendor: GE Healthcare product: '' cves: From f25a72682b664eacc73cbd24a38ada41bd227312 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 08:43:46 -0500 Subject: [PATCH 18/55] Add GeoSolutions --- data/cisagov_G.yml | 60 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index c3be111..6fe4869 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -456,6 +456,66 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GeoSolutions + product: Geonetwork + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: GeoSolutions + product: GeoServer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' - vendor: Gerrit code review product: '' cves: From 7397fea09dab23ec5a5733414ec4ae1eb2bb2b98 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 08:49:19 -0500 Subject: [PATCH 19/55] Add GFI Software Kerio, small updates --- data/cisagov_G.yml | 50 ++++++++++++++++++++++++++++++++++++---------- 1 file changed, 40 insertions(+), 10 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 6fe4869..c5746a7 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -340,7 +340,7 @@ software: - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417' last_updated: '2021-12-22T00:00:00' - vendor: GE Healthcare - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -370,7 +370,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Gearset - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -399,7 +399,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Genesys - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -428,7 +428,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GeoServer - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -457,7 +457,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GeoSolutions - product: Geonetwork + product: GeoNetwork cves: cve-2021-4104: investigated: false @@ -516,8 +516,8 @@ software: references: - '' last_updated: '2021-12-16T07:18:50+00:00' - - vendor: Gerrit code review - product: '' + - vendor: Gerrit Code Review + product: All cves: cve-2021-4104: investigated: false @@ -545,8 +545,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GFI - product: '' + - vendor: GFI Software + product: All cves: cve-2021-4104: investigated: false @@ -574,8 +574,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GFI Software + product: Kerio Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ghidra - product: '' + product: All cves: cve-2021-4104: investigated: false From 08854031a804a1cab3a7e1f4490aa8791f7f10c9 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 08:58:08 -0500 Subject: [PATCH 20/55] Add GitHub & Gitlab products --- data/cisagov_G.yml | 256 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 250 insertions(+), 6 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index c5746a7..569f308 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -633,6 +633,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ghisler + product: Total Commander + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ghisler.com/whatsnew.htm + notes: Third Party plugins might contain log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gigamon product: Fabric Manager cves: @@ -643,9 +673,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <5.13.01.02 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '<5.13.01.02' unaffected_versions: [] cve-2021-45046: investigated: false @@ -694,8 +724,41 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' + - vendor: GitHub + product: GitHub Enterprise Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '3.0.22' + - '3.1.14' + - '3.2.6' + - '3.3.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' - vendor: GitLab - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -703,10 +766,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: DAST Analyzer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -718,13 +812,163 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763 + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Dependency Scanning + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Gemnasium-Maven + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: PMD OSS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: SAST + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Spotbugs + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Globus - product: '' + product: All cves: cve-2021-4104: investigated: false From 70f7b6d21e7200280d9a3141806111ac3fff5dac Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 09:04:31 -0500 Subject: [PATCH 21/55] Add GoAnywhere products --- data/cisagov_G.yml | 104 ++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 97 insertions(+), 7 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 569f308..8c42f23 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -997,7 +997,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GoAnywhere - product: Gateway + product: Agents cves: cve-2021-4104: investigated: false @@ -1006,10 +1006,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2.8.4 + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'Version 2.7.0 or later' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1036,9 +1066,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 6.8.6 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'Version 5.3.0 or later' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1067,9 +1097,69 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 1.6.5 + - '1.4.2 or later' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: Versions less than GoAnywhere Agent version 1.4.2 are not affected. + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Open PGP Studio + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Suveyor/400 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 9dc38fcc6ccf7d63f898ebb02147148b1d001032 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 09:14:18 -0500 Subject: [PATCH 22/55] Add Graylog, Update Gravitee --- data/cisagov_G.yml | 96 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 67 insertions(+), 29 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 8c42f23..a2a00f9 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -1177,7 +1177,7 @@ software: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoCD - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1217,7 +1217,8 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: true affected_versions: [] @@ -5460,7 +5461,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grandstream - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5501,7 +5502,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - '3.10.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5531,7 +5532,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - '3.5.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5561,7 +5562,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.5.x + - '1.5.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5591,7 +5592,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.4.x + - '1.4.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5621,7 +5622,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - '3.10.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5651,7 +5652,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - '3.5.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5681,7 +5682,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.4.x + - '1.4.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5698,8 +5699,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee.io - product: '' + - vendor: Gravwell + product: All cves: cve-2021-4104: investigated: false @@ -5707,10 +5708,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5722,13 +5724,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products + notes: Gravwell products do not use Java. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravwell - product: '' + - vendor: Graylog + product: All cves: cve-2021-4104: investigated: false @@ -5736,9 +5738,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '3.3.15' + - '4.0.14' + - '4.1.9' + - '4.2.3' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5751,8 +5757,9 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products - notes: '' + - https://www.graylog.org/post/graylog-update-for-log4j + notes: The vulnerable Log4j library is used to record GrayLogs own log information. + Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -5766,9 +5773,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All versions >= 1.2.0 and <= 4.2.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'All versions >= 1.2.0 and <= 4.2.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5787,7 +5794,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GreenShot - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5795,10 +5802,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5844,8 +5852,38 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: GuardedBox + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '3.1.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/GuardedBox/status/1469739834117799939 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Guidewire - product: '' + product: All cves: cve-2021-4104: investigated: false From 64e126ba2542a7eb7b107eff2c04d4ffcc566bc7 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 09:35:35 -0500 Subject: [PATCH 23/55] Fix whitespace --- data/cisagov_G.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index a2a00f9..f0a3cc9 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -5759,7 +5759,7 @@ software: vendor_links: - https://www.graylog.org/post/graylog-update-for-log4j notes: The vulnerable Log4j library is used to record GrayLogs own log information. - Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. + Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. references: - '' last_updated: '2022-01-12T07:18:50+00:00' From 4407f83b562853fd80bbb990becbf78160f2a6ec Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 10:02:52 -0500 Subject: [PATCH 24/55] Fix indent issue --- data/cisagov_G.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index f0a3cc9..81be8e1 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -1218,7 +1218,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - '' cve-2021-45046: investigated: true affected_versions: [] From c5450b3b379b8b5a5e4f514f87d1cc4549750031 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 10:23:32 -0500 Subject: [PATCH 25/55] Revert "Update G products" --- data/cisagov_G.yml | 1540 ++++++++++++-------------------------------- 1 file changed, 410 insertions(+), 1130 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 81be8e1..88012b6 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: GE Digital - product: All + product: '' cves: cve-2021-4104: investigated: false @@ -35,7 +35,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Digital Grid - product: All + product: '' cves: cve-2021-4104: investigated: false @@ -73,520 +73,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently - deploying the fixes in the production environment. - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Baseline Security Center (BSC) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - '' - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: investigated: false affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power is still validating the workaroun provided by FoxGuard in Technical Information Notice – M1221-S01. - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Baseline Security Center (BSC) 2.0 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). - The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not - been reviewed by CISA. - references: - - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Control Server - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - '' - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter. - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: MyFleet - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: OPM Performance Intelligence - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: OPM Performance Planning - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Tag Mapping Service - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: vCenter - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power has tested and validated the update provided by Vmware. - The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not - been reviewed by CISA. - references: - - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Healthcare - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://securityupdate.gehealthcare.com - notes: This advisory is not available at the time of this review, due to maintence - on the GE Healthcare website. - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Gearset - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Genesys - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GeoServer - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GeoSolutions - product: GeoNetwork - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - 'All' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html - notes: '' - references: - - '' - last_updated: '2021-12-16T07:18:50+00:00' - - vendor: GeoSolutions - product: GeoServer - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html - notes: '' - references: - - '' - last_updated: '2021-12-16T07:18:50+00:00' - - vendor: Gerrit Code Review - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.gerritcodereview.com/2021-12-13-log4j-statement.html - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GFI Software - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GFI Software - product: Kerio Connect - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -599,13 +88,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ - notes: '' + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf + notes: GE verifying workaround. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ghidra - product: All + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Baseline Security Center (BSC) cves: cve-2021-4104: investigated: false @@ -628,13 +117,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning - notes: '' + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf + notes: Vulnerability to be fixed by vendor provided workaround. No user actions + necessary. Contact GE for details. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ghisler - product: Total Commander + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Baseline Security Center (BSC) 2.0 cves: cve-2021-4104: investigated: false @@ -642,41 +132,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ghisler.com/whatsnew.htm - notes: Third Party plugins might contain log4j. - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gigamon - product: Fabric Manager - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '<5.13.01.02' - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -688,14 +147,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.gigamon.com/gigamoncp/s/my-gigamon - notes: Updates available via the Gigamon Support Portal. This advisory available - to customers only and has not been reviewed by CISA. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf + notes: Vulnerability to be fixed by vendor provided workaround. No user actions + necessary. Contact GE for details references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: GitHub - product: GitHub + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Control Server cves: cve-2021-4104: investigated: false @@ -703,10 +162,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - GitHub.com and GitHub Enterprise Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -719,13 +177,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ - notes: '' + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf + notes: The Control Server is Affected via vCenter. There is a fix for vCenter. + Please see below. GE verifying the vCenter fix as proposed by the vendor. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: GitHub - product: GitHub Enterprise Server + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Tag Mapping Service cves: cve-2021-4104: investigated: false @@ -733,13 +192,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '3.0.22' - - '3.1.14' - - '3.2.6' - - '3.3.1' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -752,13 +207,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ - notes: '' + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: GitLab - product: All + last_updated: '2021-12-22T00:00:00' + - vendor: GE Healthcare + product: '' cves: cve-2021-4104: investigated: false @@ -766,11 +221,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -782,13 +236,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763/8 - notes: '' + - https://securityupdate.gehealthcare.com + notes: This advisory is not available at the time of this review, due to maintence + on the GE Healthcare website. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GitLab - product: DAST Analyzer + last_updated: '2021-12-22T00:00:00' + - vendor: Gearset + product: '' cves: cve-2021-4104: investigated: false @@ -796,11 +251,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -812,13 +266,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + - https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GitLab - product: Dependency Scanning + - vendor: Genesys + product: '' cves: cve-2021-4104: investigated: false @@ -826,10 +280,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -842,13 +295,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + - https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GitLab - product: Gemnasium-Maven + - vendor: GeoServer + product: '' cves: cve-2021-4104: investigated: false @@ -856,10 +309,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -872,13 +324,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + - http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GitLab - product: PMD OSS + - vendor: Gerrit code review + product: '' cves: cve-2021-4104: investigated: false @@ -886,10 +338,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -902,13 +353,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + - https://www.gerritcodereview.com/2021-12-13-log4j-statement.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GitLab - product: SAST + - vendor: GFI + product: '' cves: cve-2021-4104: investigated: false @@ -916,10 +367,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -932,13 +382,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GitLab - product: Spotbugs + - vendor: Ghidra + product: '' cves: cve-2021-4104: investigated: false @@ -946,10 +396,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -962,13 +411,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + - https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Globus - product: All + - vendor: Gigamon + product: Fabric Manager cves: cve-2021-4104: investigated: false @@ -976,8 +425,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <5.13.01.02 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -991,13 +441,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4 - notes: '' + - https://community.gigamon.com/gigamoncp/s/my-gigamon + notes: Updates available via the Gigamon Support Portal. This advisory available + to customers only and has not been reviewed by CISA. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GoAnywhere - product: Agents + last_updated: '2021-12-21T00:00:00' + - vendor: GitHub + product: GitHub cves: cve-2021-4104: investigated: false @@ -1008,7 +459,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '' + - GitHub.com and GitHub Enterprise Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -1021,13 +472,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' - - vendor: GoAnywhere - product: Gateway + last_updated: '2021-12-17T00:00:00' + - vendor: GitLab + product: '' cves: cve-2021-4104: investigated: false @@ -1035,10 +486,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 'Version 2.7.0 or later' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1051,13 +501,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + - https://forum.gitlab.com/t/cve-2021-4428/62763 notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' - - vendor: GoAnywhere - product: MFT + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Globus + product: '' cves: cve-2021-4104: investigated: false @@ -1065,10 +515,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 'Version 5.3.0 or later' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1081,13 +530,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + - https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4 notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GoAnywhere - product: MFT Agents + product: Gateway cves: cve-2021-4104: investigated: false @@ -1097,7 +546,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '1.4.2 or later' + - < 2.8.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1112,12 +561,12 @@ software: unaffected_versions: [] vendor_links: - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps - notes: Versions less than GoAnywhere Agent version 1.4.2 are not affected. + notes: '' references: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoAnywhere - product: Open PGP Studio + product: MFT cves: cve-2021-4104: investigated: false @@ -1126,9 +575,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - '' + affected_versions: + - < 6.8.6 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1147,7 +596,7 @@ software: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoAnywhere - product: Suveyor/400 + product: MFT Agents cves: cve-2021-4104: investigated: false @@ -1156,10 +605,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - < 1.6.5 fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1177,7 +626,7 @@ software: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoCD - product: All + product: '' cves: cve-2021-4104: investigated: false @@ -1217,8 +666,7 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] @@ -1245,11 +693,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1276,11 +723,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1309,11 +755,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1340,11 +785,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1371,11 +815,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1402,11 +845,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1436,11 +878,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1467,11 +908,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1498,11 +938,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1529,11 +968,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1560,11 +998,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1595,11 +1032,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1626,11 +1062,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1657,11 +1092,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1693,11 +1127,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1727,11 +1160,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1761,11 +1193,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1792,11 +1223,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1823,11 +1253,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1854,11 +1283,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1885,11 +1313,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1916,11 +1343,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1947,11 +1373,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1978,11 +1403,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2009,11 +1433,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2040,11 +1463,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2071,11 +1493,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2103,11 +1524,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2134,11 +1554,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2165,11 +1584,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2196,11 +1614,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2227,11 +1644,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2258,11 +1674,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2292,11 +1707,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2323,11 +1737,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2359,11 +1772,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2390,11 +1802,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2421,11 +1832,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2452,11 +1862,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2483,11 +1892,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2514,11 +1922,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2545,11 +1952,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2576,11 +1982,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2610,11 +2015,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2641,11 +2045,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2672,11 +2075,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2703,11 +2105,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2734,11 +2135,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2765,11 +2165,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2796,11 +2195,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2827,11 +2225,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2858,11 +2255,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2889,11 +2285,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2920,11 +2315,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2954,11 +2348,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2988,11 +2381,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3019,11 +2411,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3050,11 +2441,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3084,11 +2474,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3115,11 +2504,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3146,11 +2534,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3177,11 +2564,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3208,11 +2594,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3239,11 +2624,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3270,11 +2654,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3301,11 +2684,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3332,11 +2714,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3363,11 +2744,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3394,11 +2774,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3425,11 +2804,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3456,11 +2834,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3489,11 +2866,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3520,11 +2896,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3551,11 +2926,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3582,11 +2956,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3615,11 +2988,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3649,11 +3021,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3680,11 +3051,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3715,11 +3085,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3748,11 +3117,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3782,11 +3150,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3813,11 +3180,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3844,11 +3210,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3875,11 +3240,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3906,11 +3270,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3937,11 +3300,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3968,11 +3330,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4001,11 +3362,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4032,11 +3392,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4063,11 +3422,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4094,11 +3452,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4125,11 +3482,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4156,11 +3512,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4187,11 +3542,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4221,11 +3575,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4252,11 +3605,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4283,11 +3635,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4314,11 +3665,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4345,11 +3695,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4383,11 +3732,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4414,11 +3762,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4445,11 +3792,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4476,11 +3822,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4510,11 +3855,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4541,11 +3885,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4572,11 +3915,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4603,11 +3945,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4634,11 +3975,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4665,11 +4005,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4699,11 +4038,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4730,11 +4068,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4761,11 +4098,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4792,11 +4128,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4823,11 +4158,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4854,11 +4188,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4885,11 +4218,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4916,11 +4248,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4947,11 +4278,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4978,11 +4308,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5009,11 +4338,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5040,11 +4368,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5071,11 +4398,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5102,11 +4428,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5133,11 +4458,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5164,11 +4488,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5195,11 +4518,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5226,11 +4548,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5257,11 +4578,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5288,11 +4608,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5311,7 +4630,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Gradle - product: All + product: Gradle cves: cve-2021-4104: investigated: false @@ -5319,11 +4638,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5350,9 +4668,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - '< 2021.3.6' + affected_versions: + - < 2021.3.6 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -5380,9 +4698,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - '< 10.1' + affected_versions: + - < 10.1 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -5410,9 +4728,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - '< 1.6.2' + affected_versions: + - < 1.6.2 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -5431,7 +4749,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grafana - product: All + product: '' cves: cve-2021-4104: investigated: false @@ -5439,11 +4757,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5461,7 +4778,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grandstream - product: All + product: '' cves: cve-2021-4104: investigated: false @@ -5502,7 +4819,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '3.10.x' + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -5532,7 +4849,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '3.5.x' + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -5562,7 +4879,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.5.x' + - 1.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -5592,7 +4909,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.4.x' + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -5622,7 +4939,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '3.10.x' + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -5652,7 +4969,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '3.5.x' + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -5682,7 +4999,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.4.x' + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -5699,8 +5016,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravwell - product: All + - vendor: Gravitee.io + product: '' cves: cve-2021-4104: investigated: false @@ -5708,11 +5025,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5724,13 +5040,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products - notes: Gravwell products do not use Java. + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Graylog - product: All + - vendor: Gravwell + product: '' cves: cve-2021-4104: investigated: false @@ -5738,13 +5054,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '3.3.15' - - '4.0.14' - - '4.1.9' - - '4.2.3' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -5757,9 +5069,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.graylog.org/post/graylog-update-for-log4j - notes: The vulnerable Log4j library is used to record GrayLogs own log information. - Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. + - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -5773,9 +5084,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - 'All versions >= 1.2.0 and <= 4.2.2' + affected_versions: + - All versions >= 1.2.0 and <= 4.2.2 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -5794,7 +5105,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GreenShot - product: All + product: '' cves: cve-2021-4104: investigated: false @@ -5802,11 +5113,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5852,38 +5162,8 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: GuardedBox - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '3.1.2' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://twitter.com/GuardedBox/status/1469739834117799939 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - vendor: Guidewire - product: All + product: '' cves: cve-2021-4104: investigated: false From de8890bbafec820dfff0bf973d816b4284220bd5 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Wed, 2 Feb 2022 10:56:53 -0700 Subject: [PATCH 26/55] Update cisagov_A.yml Added AMD --- data/cisagov_A.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index f569214..c126c8c 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -475,6 +475,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Advanced Micro Devices (AMD) + product: All + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' - vendor: Advanced Systems Concepts (formally Jscape) product: Active MFT cves: From ffe2d26e7c563a543e26e1584726d16e1f43063b Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Wed, 2 Feb 2022 18:00:37 +0000 Subject: [PATCH 27/55] Update the software list --- SOFTWARE-LIST.md | 1 + data/cisagov.yml | 30 ++++++++++++++++++++++++++++++ data/cisagov_A.yml | 2 +- 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index c297288..5b77580 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -45,6 +45,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Adeptia | | | | Unknown | [link](https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Adobe ColdFusion | | | | Unknown | [link](https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ADP | | | | Unknown | [link](https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Advanced Micro Devices (AMD) | All | | | Not Affected | [link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Advanced Systems Concepts (formally Jscape) | Active MFT | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Advanced Systems Concepts (formally Jscape) | MFT | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Advanced Systems Concepts (formally Jscape) | MFT Gateway | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | diff --git a/data/cisagov.yml b/data/cisagov.yml index ae96426..d4ac0f4 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -656,6 +656,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Advanced Micro Devices (AMD) + product: All + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' - vendor: Advanced Systems Concepts (formally Jscape) product: Active MFT cves: diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index c126c8c..17499a2 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -488,7 +488,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] From 491e68cfeb1cc7241eae3c2bd905fcb4bf9d4e3a Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Wed, 2 Feb 2022 12:02:54 -0700 Subject: [PATCH 28/55] Update cisagov_F.yml Added Fuji Electric --- data/cisagov_F.yml | 242 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 242 insertions(+) diff --git a/data/cisagov_F.yml b/data/cisagov_F.yml index 8598911..c615dad 100644 --- a/data/cisagov_F.yml +++ b/data/cisagov_F.yml @@ -2033,6 +2033,248 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fuji Electric + product: MONITOUCH X1 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V9 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000S series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS2000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V8 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: V-SFT + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'Version 5' + - 'Version 6' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: TELLUS and V-Server + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'Version 3' + - 'Version 4' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' - vendor: Fujitsu product: '' cves: From 73c63db04c143399ee94da0a13860a3aaaadb5c5 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Wed, 2 Feb 2022 13:10:56 -0700 Subject: [PATCH 29/55] Update cisagov_C.yml updated and added Canon products --- data/cisagov_C.yml | 116 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 92 insertions(+), 24 deletions(-) diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index 696782e..d53c7de 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -121,7 +121,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: Alphenix (Angio Workstation) + product: VL Alphenix Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -129,8 +129,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'All' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -148,7 +149,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: CT Medical Imaging Products cves: @@ -158,10 +159,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -177,9 +179,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: Infinix-i (Angio Workstation) + product: VL Infinix-i Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -187,10 +189,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -206,7 +209,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: MR Medical Imaging Products cves: @@ -216,10 +219,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -235,7 +239,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: NM Medical Imaging Products cves: @@ -245,10 +249,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -264,7 +269,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: UL Medical Imaging Products cves: @@ -274,10 +279,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -293,7 +299,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: Vitrea Advanced 7.x cves: @@ -303,8 +309,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'All' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -322,7 +329,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: XR Medical Imaging Products cves: @@ -332,10 +339,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: Eye-Care Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -351,7 +389,37 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: Canon DR Products CXDI_NE) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: Such as Omnera, FlexPro, Soltus + references: + - '' + last_updated: '2022-02-02T00:00:00' - vendor: CapStorm product: Copystorm cves: From 38fd455e7c9aa393442b332c13ec592fdf04471f Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 15:42:33 -0500 Subject: [PATCH 30/55] Update Google Cloud products --- data/cisagov_G.yml | 645 +++++++++++++++++++++++++++------------------ 1 file changed, 387 insertions(+), 258 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 88012b6..af20044 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -693,10 +693,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -723,10 +724,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -755,10 +757,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -785,10 +788,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -815,10 +819,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -845,10 +850,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -878,10 +884,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -908,10 +915,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -938,10 +946,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -968,10 +977,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -998,10 +1008,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1032,10 +1043,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1062,10 +1074,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1092,10 +1105,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1127,10 +1141,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1160,10 +1175,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1193,10 +1209,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1223,10 +1240,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1253,10 +1271,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1283,10 +1302,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1313,10 +1333,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1343,10 +1364,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1373,10 +1395,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1403,10 +1426,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1433,10 +1457,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1463,10 +1488,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1493,10 +1519,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1524,10 +1551,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1554,10 +1582,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1584,10 +1613,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1614,10 +1644,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1644,10 +1675,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1674,10 +1706,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1707,10 +1740,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1737,10 +1771,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1772,10 +1807,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1802,10 +1838,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1832,10 +1869,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1862,10 +1900,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1892,10 +1931,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1922,10 +1962,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1952,10 +1993,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1982,10 +2024,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2015,10 +2058,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2045,10 +2089,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2075,10 +2120,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2105,10 +2151,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2135,10 +2182,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2165,10 +2213,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2195,10 +2244,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2225,10 +2275,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2255,10 +2306,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2285,10 +2337,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2315,10 +2368,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2348,10 +2402,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2381,10 +2436,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2411,10 +2467,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2441,10 +2498,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2474,10 +2532,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2504,10 +2563,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2534,10 +2594,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2564,10 +2625,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2594,10 +2656,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2624,10 +2687,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2654,10 +2718,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2684,10 +2749,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2714,10 +2780,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2744,10 +2811,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2774,10 +2842,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2804,10 +2873,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2834,10 +2904,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2866,10 +2937,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2896,10 +2968,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2926,10 +2999,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2956,10 +3030,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2988,10 +3063,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3021,10 +3097,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3051,10 +3128,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3085,10 +3163,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3117,10 +3196,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3150,10 +3230,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3180,10 +3261,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3210,10 +3292,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3240,10 +3323,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3270,10 +3354,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3300,10 +3385,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3330,10 +3416,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3362,10 +3449,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3392,10 +3480,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3422,10 +3511,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3452,10 +3542,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3482,10 +3573,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3512,10 +3604,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3542,10 +3635,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3575,10 +3669,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3605,10 +3700,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3635,10 +3731,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3665,10 +3762,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3695,10 +3793,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3732,10 +3831,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3762,10 +3862,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3792,10 +3893,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3822,10 +3924,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3855,10 +3958,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3885,10 +3989,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3915,10 +4020,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3945,10 +4051,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3975,10 +4082,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4005,10 +4113,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4038,10 +4147,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4068,10 +4178,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4098,10 +4209,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4128,10 +4240,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4158,10 +4271,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4188,10 +4302,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4218,10 +4333,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4248,10 +4364,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4278,10 +4395,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4308,10 +4426,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4338,10 +4457,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4368,10 +4488,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4398,10 +4519,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4428,10 +4550,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4458,10 +4581,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4488,10 +4612,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4518,10 +4643,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4548,10 +4674,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4578,10 +4705,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4608,10 +4736,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 5c201af2931d4f70d9381961892442dfcb38bf89 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Wed, 2 Feb 2022 20:51:53 +0000 Subject: [PATCH 31/55] Update the software list --- SOFTWARE-LIST.md | 258 +++++++++---------- data/cisagov.yml | 645 ++++++++++++++++++++++++++++------------------- 2 files changed, 516 insertions(+), 387 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 5b77580..9673268 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -1252,135 +1252,135 @@ NOTE: This file is automatically generated. To submit updates, please refer to | GoAnywhere | MFT Agents | < 1.6.5 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | | GoCD | | | | Unknown | [link](https://www.gocd.org/2021/12/14/log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Google | Chrome | | | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 | -| Google Cloud | Access Transparency | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Actifio | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) for the full statement and to obtain the hotfix (available to Actifio customers only). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AI Platform Data Labeling | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AI Platform Neural Architecture Search (NAS) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AI Platform Training and Prediction | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Config Management | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Connect | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Hub | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Identity Service | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos on VMWare | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds to their VMware products as they become available. We also recommend customers review their respective applications and workloads affected by the same vulnerabilities and apply appropriate patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Premium Software | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Service Mesh | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Apigee | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not used and therefore the VMs were not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. It is possible that customers may have introduced custom resources that are using vulnerable versions of Log4j. We strongly encourage customers who manage Apigee environments to identify components dependent on Log4j and update them to the latest version. Visit the Apigee Incident Report for more information. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Google Cloud | App Engine | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage App Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AppSheet | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At this time, we have identified no impact to core AppSheet functionality. Additionally, we have patched one Java-based auxiliary service in our platform. We will continue to monitor for affected services and patch or remediate as required. If you have any questions or require assistance, contact AppSheet Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Artifact Registry | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Assured Workloads | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Natural Language | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Tables | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Translation | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Video | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Vision | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | BigQuery | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | BigQuery Data Transfer Service | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | BigQuery Omni | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | BigQuery Omni, which runs on AWS and Azure infrastructure, does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We continue to work with AWS and Azure to assess the situation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Binary Authorization | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Certificate Manager | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Chronicle | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Asset Inventory | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Bigtable | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Cloud Build | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Build environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud CDN | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Composer | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible that customers may have imported or introduced other dependencies via DAGs, installed PyPI modules, plugins, or other services that are using vulnerable versions of Log4j 2. We strongly encourage customers, who manage Composer environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Google Cloud | Cloud Console App | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Data Loss Prevention | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Debugger | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Deployment Manager | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud DNS | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Endpoints | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud External Key Manager (EKM) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Functions | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Functions environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Hardware Security Module (HSM) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Interconnect | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Intrusion Detection System (IDS) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Key Management Service | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Load Balancing | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Logging | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Natural Language API | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Network Address Translation (NAT) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Profiler | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Router | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Run | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Run for Anthos | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run for Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Scheduler | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud SDK | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Shell | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Shell environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Source Repositories | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Spanner | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Cloud SQL | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Cloud Storage | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Tasks | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Trace | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Traffic Director | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Translation | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Vision | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Vision OCR On-Prem | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud VPN | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | CompilerWorks | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Compute Engine | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Compute Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes to Google Cloud VMware Engine as they become available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Contact Center AI (CCAI) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Contact Center AI Insights | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Container Registry | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Data Catalog | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers who introduced their own connectors to identify dependencies on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Data Fusion | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Data Fusion does not use Log4j 2, but uses Dataproc as one of the options to execute pipelines. Dataproc released new images on December 18, 2021 to address the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow instructions in a notification sent on December 18, 2021 with the subject line “Important information about Data Fusion.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Database Migration Service (DMS) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Dataflow | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. If you have changed dependencies or default behavior, it is strongly recommended you verify there is no dependency on vulnerable versions Log4j 2. Customers have been provided details and instructions in a notification sent on December 17, 2021 with the subject line “Update #1 to Important information about Dataflow.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Google Cloud | Dataproc | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Dataproc released new images on December 18, 2021 to address the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions in notifications sent on December 18, 2021 with the subject line “Important information about Dataproc” with Dataproc documentation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Dataproc Metastore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Dataproc Metastore has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent two notifications with instructions on December 17, 2021 with the subject line “Important information regarding Log4j 2 vulnerability in your gRPC-enabled Dataproc Metastore.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Datastore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Datastream | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Dialogflow Essentials (ES) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Document AI | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Event Threat Detection | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Eventarc | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Filestore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Log4j 2 is contained within the Filestore service; there is a technical control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Log4j 2 will be updated to the latest version as part of the scheduled rollout in January 2022. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Firebase | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Firestore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Game Servers | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Google Cloud Armor | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Google Cloud Armor Managed Protection Plus | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Google Cloud VMware Engine | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | We are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes as they become available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-11 | -| Google Cloud | Google Kubernetes Engine | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Google Kubernetes Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Google Kubernetes Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Healthcare Data Engine (HDE) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Human-in-the-Loop AI | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | IoT Core | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Key Access Justifications (KAJ) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Looker | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. Looker is currently working with third-party driver vendors to evaluate the impact of the Log4j vulnerability. As Looker does not enable logging for these drivers in Looker-hosted instances, no messages are logged. We conclude that the vulnerability is mitigated. We continue to actively work with the vendors to deploy a fix for these drivers. Looker customers who self-manage their Looker instances have received instructions through their technical contacts on how to take the necessary steps to address the vulnerability. Looker customers who have questions or require assistance, please visit Looker Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | -| Google Cloud | Media Translation API | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Memorystore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Migrate for Anthos | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Migrate for Compute Engine (M4CE) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | M4CE has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. A notification was sent to customers on December 17, 2021 with subject line “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 or below. If you are on M4CE v5.0 or above, no action is needed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Network Connectivity Center | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Network Intelligence Center | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Network Service Tiers | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Persistent Disk | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Pub/Sub | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Google Cloud | Pub/Sub Lite | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Pub/Sub Lite environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Google Cloud | reCAPTCHA Enterprise | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Recommendations AI | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Retail Search | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Risk Manager | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Secret Manager | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Security Command Center | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Service Directory | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Service Infrastructure | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Speaker ID | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Speech-to-Text | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Speech-to-Text On-Prem | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Storage Transfer Service | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Talent Solution | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Text-to-Speech | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Transcoder API | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Transfer Appliance | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Video Intelligence API | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Virtual Private Cloud | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Web Security Scanner | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Workflows | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Access Transparency | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Actifio | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) for the full statement and to obtain the hotfix (available to Actifio customers only). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AI Platform Data Labeling | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AI Platform Neural Architecture Search (NAS) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AI Platform Training and Prediction | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Config Management | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Connect | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Hub | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Identity Service | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos on VMWare | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds to their VMware products as they become available. We also recommend customers review their respective applications and workloads affected by the same vulnerabilities and apply appropriate patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Premium Software | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Service Mesh | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Apigee | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not used and therefore the VMs were not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. It is possible that customers may have introduced custom resources that are using vulnerable versions of Log4j. We strongly encourage customers who manage Apigee environments to identify components dependent on Log4j and update them to the latest version. Visit the Apigee Incident Report for more information. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Google Cloud | App Engine | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage App Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AppSheet | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At this time, we have identified no impact to core AppSheet functionality. Additionally, we have patched one Java-based auxiliary service in our platform. We will continue to monitor for affected services and patch or remediate as required. If you have any questions or require assistance, contact AppSheet Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Artifact Registry | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Assured Workloads | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Natural Language | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Tables | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Translation | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Video | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Vision | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | BigQuery | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | BigQuery Data Transfer Service | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | BigQuery Omni | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | BigQuery Omni, which runs on AWS and Azure infrastructure, does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We continue to work with AWS and Azure to assess the situation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Binary Authorization | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Certificate Manager | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Chronicle | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Asset Inventory | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Bigtable | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Cloud Build | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Build environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud CDN | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Composer | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible that customers may have imported or introduced other dependencies via DAGs, installed PyPI modules, plugins, or other services that are using vulnerable versions of Log4j 2. We strongly encourage customers, who manage Composer environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Google Cloud | Cloud Console App | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Data Loss Prevention | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Debugger | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Deployment Manager | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud DNS | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Endpoints | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud External Key Manager (EKM) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Functions | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Functions environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Hardware Security Module (HSM) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Interconnect | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Intrusion Detection System (IDS) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Key Management Service | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Load Balancing | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Logging | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Natural Language API | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Network Address Translation (NAT) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Profiler | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Router | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Run | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Run for Anthos | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run for Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Scheduler | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud SDK | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Shell | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Shell environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Source Repositories | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Spanner | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Cloud SQL | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Cloud Storage | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Tasks | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Trace | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Traffic Director | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Translation | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Vision | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Vision OCR On-Prem | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud VPN | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | CompilerWorks | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Compute Engine | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Compute Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes to Google Cloud VMware Engine as they become available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Contact Center AI (CCAI) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Contact Center AI Insights | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Container Registry | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Data Catalog | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers who introduced their own connectors to identify dependencies on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Data Fusion | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Data Fusion does not use Log4j 2, but uses Dataproc as one of the options to execute pipelines. Dataproc released new images on December 18, 2021 to address the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow instructions in a notification sent on December 18, 2021 with the subject line “Important information about Data Fusion.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Database Migration Service (DMS) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Dataflow | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. If you have changed dependencies or default behavior, it is strongly recommended you verify there is no dependency on vulnerable versions Log4j 2. Customers have been provided details and instructions in a notification sent on December 17, 2021 with the subject line “Update #1 to Important information about Dataflow.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Google Cloud | Dataproc | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Dataproc released new images on December 18, 2021 to address the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions in notifications sent on December 18, 2021 with the subject line “Important information about Dataproc” with Dataproc documentation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Dataproc Metastore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Dataproc Metastore has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent two notifications with instructions on December 17, 2021 with the subject line “Important information regarding Log4j 2 vulnerability in your gRPC-enabled Dataproc Metastore.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Datastore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Datastream | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Dialogflow Essentials (ES) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Document AI | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Event Threat Detection | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Eventarc | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Filestore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Log4j 2 is contained within the Filestore service; there is a technical control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Log4j 2 will be updated to the latest version as part of the scheduled rollout in January 2022. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Firebase | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Firestore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Game Servers | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Google Cloud Armor | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Google Cloud Armor Managed Protection Plus | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Google Cloud VMware Engine | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | We are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes as they become available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-11 | +| Google Cloud | Google Kubernetes Engine | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Google Kubernetes Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Google Kubernetes Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Healthcare Data Engine (HDE) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Human-in-the-Loop AI | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | IoT Core | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Key Access Justifications (KAJ) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Looker | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. Looker is currently working with third-party driver vendors to evaluate the impact of the Log4j vulnerability. As Looker does not enable logging for these drivers in Looker-hosted instances, no messages are logged. We conclude that the vulnerability is mitigated. We continue to actively work with the vendors to deploy a fix for these drivers. Looker customers who self-manage their Looker instances have received instructions through their technical contacts on how to take the necessary steps to address the vulnerability. Looker customers who have questions or require assistance, please visit Looker Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| Google Cloud | Media Translation API | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Memorystore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Migrate for Anthos | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Migrate for Compute Engine (M4CE) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | M4CE has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. A notification was sent to customers on December 17, 2021 with subject line “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 or below. If you are on M4CE v5.0 or above, no action is needed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Network Connectivity Center | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Network Intelligence Center | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Network Service Tiers | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Persistent Disk | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Pub/Sub | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Google Cloud | Pub/Sub Lite | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Pub/Sub Lite environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Google Cloud | reCAPTCHA Enterprise | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Recommendations AI | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Retail Search | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Risk Manager | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Secret Manager | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Security Command Center | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Service Directory | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Service Infrastructure | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Speaker ID | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Speech-to-Text | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Speech-to-Text On-Prem | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Storage Transfer Service | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Talent Solution | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Text-to-Speech | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Transcoder API | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Transfer Appliance | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Video Intelligence API | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Virtual Private Cloud | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Web Security Scanner | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Workflows | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Gradle | Gradle | | | Unknown | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gradle | Gradle Enterprise | < 2021.3.6 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gradle | Gradle Enterprise Build Cache Node | < 10.1 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index d4ac0f4..ed6ef37 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -36431,10 +36431,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36461,10 +36462,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36493,10 +36495,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36523,10 +36526,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36553,10 +36557,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36583,10 +36588,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36616,10 +36622,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36646,10 +36653,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36676,10 +36684,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36706,10 +36715,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36736,10 +36746,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36770,10 +36781,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36800,10 +36812,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36830,10 +36843,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36865,10 +36879,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36898,10 +36913,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36931,10 +36947,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36961,10 +36978,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36991,10 +37009,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37021,10 +37040,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37051,10 +37071,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37081,10 +37102,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37111,10 +37133,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37141,10 +37164,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37171,10 +37195,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37201,10 +37226,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37231,10 +37257,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37262,10 +37289,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37292,10 +37320,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37322,10 +37351,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37352,10 +37382,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37382,10 +37413,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37412,10 +37444,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37445,10 +37478,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37475,10 +37509,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37510,10 +37545,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37540,10 +37576,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37570,10 +37607,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37600,10 +37638,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37630,10 +37669,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37660,10 +37700,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37690,10 +37731,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37720,10 +37762,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37753,10 +37796,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37783,10 +37827,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37813,10 +37858,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37843,10 +37889,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37873,10 +37920,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37903,10 +37951,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37933,10 +37982,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37963,10 +38013,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37993,10 +38044,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38023,10 +38075,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38053,10 +38106,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38086,10 +38140,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38119,10 +38174,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38149,10 +38205,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38179,10 +38236,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38212,10 +38270,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38242,10 +38301,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38272,10 +38332,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38302,10 +38363,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38332,10 +38394,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38362,10 +38425,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38392,10 +38456,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38422,10 +38487,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38452,10 +38518,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38482,10 +38549,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38512,10 +38580,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38542,10 +38611,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38572,10 +38642,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38604,10 +38675,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38634,10 +38706,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38664,10 +38737,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38694,10 +38768,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38726,10 +38801,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38759,10 +38835,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38789,10 +38866,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38823,10 +38901,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38855,10 +38934,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38888,10 +38968,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38918,10 +38999,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38948,10 +39030,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38978,10 +39061,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39008,10 +39092,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39038,10 +39123,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39068,10 +39154,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39100,10 +39187,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39130,10 +39218,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39160,10 +39249,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39190,10 +39280,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39220,10 +39311,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39250,10 +39342,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39280,10 +39373,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39313,10 +39407,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39343,10 +39438,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39373,10 +39469,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39403,10 +39500,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39433,10 +39531,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39470,10 +39569,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39500,10 +39600,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39530,10 +39631,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39560,10 +39662,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39593,10 +39696,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39623,10 +39727,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39653,10 +39758,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39683,10 +39789,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39713,10 +39820,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39743,10 +39851,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39776,10 +39885,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39806,10 +39916,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39836,10 +39947,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39866,10 +39978,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39896,10 +40009,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39926,10 +40040,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39956,10 +40071,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39986,10 +40102,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40016,10 +40133,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40046,10 +40164,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40076,10 +40195,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40106,10 +40226,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40136,10 +40257,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40166,10 +40288,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40196,10 +40319,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40226,10 +40350,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40256,10 +40381,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40286,10 +40412,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40316,10 +40443,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40346,10 +40474,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From cbd05057c653178af9cad5d041f192fe2d9f73c2 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 15:57:13 -0500 Subject: [PATCH 32/55] Add GE Gas Products, Gradle, etc. --- data/cisagov_G.yml | 199 +++++++++++++++++++++++++++++++++++++-------- 1 file changed, 164 insertions(+), 35 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index af20044..16d476a 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: GE Digital - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35,7 +35,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Digital Grid - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -73,9 +73,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -88,8 +89,9 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: GE verifying workaround. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently + deploying the fixes in the production environment. references: - '' last_updated: '2021-12-22T00:00:00' @@ -102,8 +104,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -117,9 +120,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power is still validating the workaround provided by FoxGuard in Technical Information Notice – M1221-S01. references: - '' last_updated: '2021-12-22T00:00:00' @@ -132,10 +134,43 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). + The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not + been reviewed by CISA. + references: + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Control Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -147,14 +182,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter. references: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power - product: Control Server + product: MyFleet cves: cve-2021-4104: investigated: false @@ -162,10 +196,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: OPM Performance Intelligence + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -177,14 +242,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: The Control Server is Affected via vCenter. There is a fix for vCenter. - Please see below. GE verifying the vCenter fix as proposed by the vendor. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power - product: Tag Mapping Service + product: OPM Performance Planning cves: cve-2021-4104: investigated: false @@ -192,10 +256,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Tag Mapping Service + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -207,11 +302,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: vCenter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the update provided by Vmware. + The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not + been reviewed by CISA. + references: + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)' + last_updated: '2021-12-22T00:00:00' - vendor: GE Healthcare product: '' cves: @@ -4759,7 +4886,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Gradle - product: Gradle + product: All cves: cve-2021-4104: investigated: false @@ -4767,10 +4894,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4797,9 +4925,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2021.3.6 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 2021.3.6' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4827,9 +4955,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 10.1 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 10.1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4857,9 +4985,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 1.6.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 1.6.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4878,7 +5006,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grafana - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4886,10 +5014,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 0a5a312adeb4bad42c714d96b4b00482fbc0abf8 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Wed, 2 Feb 2022 21:03:19 +0000 Subject: [PATCH 33/55] Update the software list --- SOFTWARE-LIST.md | 28 ++++--- data/cisagov.yml | 197 +++++++++++++++++++++++++++++++++++++-------- data/cisagov_G.yml | 30 ++++--- 3 files changed, 198 insertions(+), 57 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 9673268..722631d 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -1229,13 +1229,17 @@ NOTE: This file is automatically generated. To submit updates, please refer to | FTAPI | | | | Unknown | [link](https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/#) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Fujitsu | | | | Unknown | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | FusionAuth | FusionAuth | | | Not Affected | [link](https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GE Digital | | | | Unknown | [link](https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Digital Grid | | | | Unknown | [link](https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Asset Performance Management (APM) | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | GE verifying workaround. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Baseline Security Center (BSC) | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | Vulnerability to be fixed by vendor provided workaround. No user actions necessary. Contact GE for details. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Baseline Security Center (BSC) 2.0 | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | Vulnerability to be fixed by vendor provided workaround. No user actions necessary. Contact GE for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Control Server | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | The Control Server is Affected via vCenter. There is a fix for vCenter. Please see below. GE verifying the vCenter fix as proposed by the vendor. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Tag Mapping Service | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Digital | All | | | Unknown | [link](https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Digital Grid | All | | | Unknown | [link](https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Asset Performance Management (APM) | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently deploying the fixes in the production environment. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Baseline Security Center (BSC) | | | Affected | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power is still validating the workaround provided by FoxGuard in Technical Information Notice – M1221-S01. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Baseline Security Center (BSC) 2.0 | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. | [Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Control Server | | | Affected | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | MyFleet | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | OPM Performance Intelligence | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | OPM Performance Planning | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Tag Mapping Service | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | vCenter | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power has tested and validated the update provided by Vmware. The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. | [Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | GE Healthcare | | | | Unknown | [link](https://securityupdate.gehealthcare.com) | This advisory is not available at the time of this review, due to maintence on the GE Healthcare website. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Gearset | | | | Unknown | [link](https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Genesys | | | | Unknown | [link](https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1381,11 +1385,11 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Google Cloud | Virtual Private Cloud | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Google Cloud | Web Security Scanner | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Google Cloud | Workflows | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Gradle | Gradle | | | Unknown | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gradle | Gradle Enterprise | < 2021.3.6 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gradle | Gradle Enterprise Build Cache Node | < 10.1 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gradle | Gradle Enterprise Test Distribution Agent | < 1.6.2 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Grafana | | | | Unknown | [link](https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gradle | All | | | Not Affected | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gradle | Gradle Enterprise | | < 2021.3.6 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gradle | Gradle Enterprise Build Cache Node | | < 10.1 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gradle | Gradle Enterprise Test Distribution Agent | | < 1.6.2 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Grafana | All | | | Not Affected | [link](https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Grandstream | | | | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index ed6ef37..64d9eb8 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -35743,7 +35743,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GE Digital - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35773,7 +35773,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Digital Grid - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35811,9 +35811,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -35826,8 +35827,10 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: GE verifying workaround. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed + in development environment and the team is currently deploying the fixes in + the production environment. references: - '' last_updated: '2021-12-22T00:00:00' @@ -35840,8 +35843,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -35855,9 +35859,9 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power is still validating the workaround provided by FoxGuard in + Technical Information Notice – M1221-S01. references: - '' last_updated: '2021-12-22T00:00:00' @@ -35870,10 +35874,44 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the component of the BSC 2.0 that + is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded + from link in reference section. This update is available to customer only and + has not been reviewed by CISA. + references: + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Control Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -35885,14 +35923,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Please see vCenter. Control Server is not directly impacted. It is impacted + through vCenter. references: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power - product: Control Server + product: MyFleet cves: cve-2021-4104: investigated: false @@ -35900,10 +35938,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: OPM Performance Intelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -35915,14 +35984,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: The Control Server is Affected via vCenter. There is a fix for vCenter. - Please see below. GE verifying the vCenter fix as proposed by the vendor. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power - product: Tag Mapping Service + product: OPM Performance Planning cves: cve-2021-4104: investigated: false @@ -35930,10 +35998,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Tag Mapping Service + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -35945,11 +36044,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: vCenter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the update provided by Vmware. The + update and instructions can be downloaded from link in reference section. This + update is available to customer only and has not been reviewed by CISA. + references: + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)' + last_updated: '2021-12-22T00:00:00' - vendor: GE Healthcare product: '' cves: @@ -40497,7 +40628,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Gradle - product: Gradle + product: All cves: cve-2021-4104: investigated: false @@ -40505,10 +40636,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40535,9 +40667,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - < 2021.3.6 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -40565,9 +40697,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - < 10.1 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -40595,9 +40727,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - < 1.6.2 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -40616,7 +40748,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grafana - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -40624,10 +40756,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 16d476a..2921f6c 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -90,8 +90,9 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently - deploying the fixes in the production environment. + notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed + in development environment and the team is currently deploying the fixes in + the production environment. references: - '' last_updated: '2021-12-22T00:00:00' @@ -121,7 +122,8 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power is still validating the workaround provided by FoxGuard in Technical Information Notice – M1221-S01. + notes: GE Gas Power is still validating the workaround provided by FoxGuard in + Technical Information Notice – M1221-S01. references: - '' last_updated: '2021-12-22T00:00:00' @@ -151,9 +153,10 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). - The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not - been reviewed by CISA. + notes: GE Gas Power has tested and validated the component of the BSC 2.0 that + is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded + from link in reference section. This update is available to customer only and + has not been reviewed by CISA. references: - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)' last_updated: '2021-12-22T00:00:00' @@ -183,7 +186,8 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter. + notes: Please see vCenter. Control Server is not directly impacted. It is impacted + through vCenter. references: - '' last_updated: '2021-12-22T00:00:00' @@ -333,9 +337,9 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power has tested and validated the update provided by Vmware. - The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not - been reviewed by CISA. + notes: GE Gas Power has tested and validated the update provided by Vmware. The + update and instructions can be downloaded from link in reference section. This + update is available to customer only and has not been reviewed by CISA. references: - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)' last_updated: '2021-12-22T00:00:00' @@ -4927,7 +4931,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 2021.3.6' + - < 2021.3.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -4957,7 +4961,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 10.1' + - < 10.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -4987,7 +4991,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 1.6.2' + - < 1.6.2 unaffected_versions: [] cve-2021-45046: investigated: false From 584a6904f7446aadaa3e4899b9298d48a3aa78e9 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 16:11:36 -0500 Subject: [PATCH 34/55] Add GitHub, Gitlab, GoAnywhere products --- data/cisagov_G.yml | 502 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 461 insertions(+), 41 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 2921f6c..8c42f23 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -90,9 +90,8 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed - in development environment and the team is currently deploying the fixes in - the production environment. + notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently + deploying the fixes in the production environment. references: - '' last_updated: '2021-12-22T00:00:00' @@ -122,8 +121,7 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power is still validating the workaround provided by FoxGuard in - Technical Information Notice – M1221-S01. + notes: GE Gas Power is still validating the workaroun provided by FoxGuard in Technical Information Notice – M1221-S01. references: - '' last_updated: '2021-12-22T00:00:00' @@ -153,12 +151,11 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power has tested and validated the component of the BSC 2.0 that - is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded - from link in reference section. This update is available to customer only and - has not been reviewed by CISA. + notes: GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). + The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not + been reviewed by CISA. references: - - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)' + - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power product: Control Server @@ -186,8 +183,7 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: Please see vCenter. Control Server is not directly impacted. It is impacted - through vCenter. + notes: Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter. references: - '' last_updated: '2021-12-22T00:00:00' @@ -337,14 +333,14 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power has tested and validated the update provided by Vmware. The - update and instructions can be downloaded from link in reference section. This - update is available to customer only and has not been reviewed by CISA. + notes: GE Gas Power has tested and validated the update provided by Vmware. + The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not + been reviewed by CISA. references: - - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)' + - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417' last_updated: '2021-12-22T00:00:00' - vendor: GE Healthcare - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -374,7 +370,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Gearset - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -403,7 +399,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Genesys - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -432,7 +428,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GeoServer - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -460,8 +456,68 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gerrit code review - product: '' + - vendor: GeoSolutions + product: GeoNetwork + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: GeoSolutions + product: GeoServer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: Gerrit Code Review + product: All cves: cve-2021-4104: investigated: false @@ -489,8 +545,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GFI - product: '' + - vendor: GFI Software + product: All cves: cve-2021-4104: investigated: false @@ -518,8 +574,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GFI Software + product: Kerio Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ghidra - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -547,6 +633,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ghisler + product: Total Commander + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ghisler.com/whatsnew.htm + notes: Third Party plugins might contain log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gigamon product: Fabric Manager cves: @@ -557,9 +673,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <5.13.01.02 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '<5.13.01.02' unaffected_versions: [] cve-2021-45046: investigated: false @@ -608,8 +724,71 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' + - vendor: GitHub + product: GitHub Enterprise Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '3.0.22' + - '3.1.14' + - '3.2.6' + - '3.3.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' - vendor: GitLab - product: '' + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: DAST Analyzer cves: cve-2021-4104: investigated: false @@ -617,10 +796,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Dependency Scanning + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -632,13 +842,133 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763 + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Gemnasium-Maven + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: PMD OSS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: SAST + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Spotbugs + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Globus - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -667,7 +997,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GoAnywhere - product: Gateway + product: Agents cves: cve-2021-4104: investigated: false @@ -676,10 +1006,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2.8.4 + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'Version 2.7.0 or later' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -706,9 +1066,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 6.8.6 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'Version 5.3.0 or later' unaffected_versions: [] cve-2021-45046: investigated: false @@ -737,9 +1097,69 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 1.6.5 + - '1.4.2 or later' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: Versions less than GoAnywhere Agent version 1.4.2 are not affected. + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Open PGP Studio + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Suveyor/400 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4931,7 +5351,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 2021.3.6 + - '< 2021.3.6' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4961,7 +5381,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 10.1 + - '< 10.1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4991,7 +5411,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 1.6.2 + - '< 1.6.2' unaffected_versions: [] cve-2021-45046: investigated: false From c081c60b4cd777802ecdb7120c67e9bfba293116 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 16:16:08 -0500 Subject: [PATCH 35/55] Update GE Gas --- data/cisagov_G.yml | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 8c42f23..cb02622 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -90,8 +90,9 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently - deploying the fixes in the production environment. + notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed + in development environment and the team is currently deploying the fixes in + the production environment. references: - '' last_updated: '2021-12-22T00:00:00' @@ -121,7 +122,8 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power is still validating the workaroun provided by FoxGuard in Technical Information Notice – M1221-S01. + notes: GE Gas Power is still validating the workaround provided by FoxGuard in + Technical Information Notice – M1221-S01. references: - '' last_updated: '2021-12-22T00:00:00' @@ -151,11 +153,12 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). - The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not - been reviewed by CISA. + notes: GE Gas Power has tested and validated the component of the BSC 2.0 that + is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded + from link in reference section. This update is available to customer only and + has not been reviewed by CISA. references: - - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420' + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power product: Control Server @@ -183,7 +186,8 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter. + notes: Please see vCenter. Control Server is not directly impacted. It is impacted + through vCenter. references: - '' last_updated: '2021-12-22T00:00:00' @@ -333,14 +337,14 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power has tested and validated the update provided by Vmware. - The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not - been reviewed by CISA. + notes: GE Gas Power has tested and validated the update provided by Vmware. The + update and instructions can be downloaded from link in reference section. This + update is available to customer only and has not been reviewed by CISA. references: - - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417' + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)' last_updated: '2021-12-22T00:00:00' - vendor: GE Healthcare - product: All + product: '' cves: cve-2021-4104: investigated: false From 0fa9e57f9131c1a74c2520664b99860f3b92f8b8 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 16:19:21 -0500 Subject: [PATCH 36/55] Add Graylog --- data/cisagov_G.yml | 96 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 67 insertions(+), 29 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index cb02622..79ff7b5 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -1181,7 +1181,7 @@ software: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoCD - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1221,7 +1221,8 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: true affected_versions: [] @@ -5464,7 +5465,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grandstream - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5505,7 +5506,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - '3.10.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5535,7 +5536,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - '3.5.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5565,7 +5566,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.5.x + - '1.5.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5595,7 +5596,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.4.x + - '1.4.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5625,7 +5626,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - '3.10.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5655,7 +5656,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - '3.5.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5685,7 +5686,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.4.x + - '1.4.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5702,8 +5703,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee.io - product: '' + - vendor: Gravwell + product: All cves: cve-2021-4104: investigated: false @@ -5711,10 +5712,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5726,13 +5728,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products + notes: Gravwell products do not use Java. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravwell - product: '' + - vendor: Graylog + product: All cves: cve-2021-4104: investigated: false @@ -5740,9 +5742,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '3.3.15' + - '4.0.14' + - '4.1.9' + - '4.2.3' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5755,8 +5761,9 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products - notes: '' + - https://www.graylog.org/post/graylog-update-for-log4j + notes: The vulnerable Log4j library is used to record GrayLogs own log information. + Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -5770,9 +5777,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All versions >= 1.2.0 and <= 4.2.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'All versions >= 1.2.0 and <= 4.2.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5791,7 +5798,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GreenShot - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5799,10 +5806,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5848,8 +5856,38 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: GuardedBox + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '3.1.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/GuardedBox/status/1469739834117799939 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Guidewire - product: '' + product: All cves: cve-2021-4104: investigated: false From 43574fc6014f47edcf0b5411fc79b0c85cccd483 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Wed, 2 Feb 2022 21:24:16 +0000 Subject: [PATCH 37/55] Update the software list --- SOFTWARE-LIST.md | 53 +++-- data/cisagov.yml | 544 +++++++++++++++++++++++++++++++++++++++++---- data/cisagov_G.yml | 56 ++--- 3 files changed, 565 insertions(+), 88 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 722631d..4a4947c 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -1241,20 +1241,34 @@ NOTE: This file is automatically generated. To submit updates, please refer to | GE Gas Power | Tag Mapping Service | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | GE Gas Power | vCenter | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power has tested and validated the update provided by Vmware. The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. | [Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | GE Healthcare | | | | Unknown | [link](https://securityupdate.gehealthcare.com) | This advisory is not available at the time of this review, due to maintence on the GE Healthcare website. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Gearset | | | | Unknown | [link](https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Genesys | | | | Unknown | [link](https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GeoServer | | | | Unknown | [link](http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gerrit code review | | | | Unknown | [link](https://www.gerritcodereview.com/2021-12-13-log4j-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GFI | | | | Unknown | [link](https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Ghidra | | | | Unknown | [link](https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gigamon | Fabric Manager | <5.13.01.02 | | Affected | [link](https://community.gigamon.com/gigamoncp/s/my-gigamon) | Updates available via the Gigamon Support Portal. This advisory available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Gearset | All | | | Unknown | [link](https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Genesys | All | | | Unknown | [link](https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GeoServer | All | | | Unknown | [link](http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GeoSolutions | GeoNetwork | | A, l, l | Fixed | [link](https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| GeoSolutions | GeoServer | | | Not Affected | [link](https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Gerrit Code Review | All | | | Unknown | [link](https://www.gerritcodereview.com/2021-12-13-log4j-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GFI Software | All | | | Unknown | [link](https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GFI Software | Kerio Connect | | | Fixed | [link](https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ghidra | All | | | Unknown | [link](https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ghisler | Total Commander | | | Not Affected | [link](https://www.ghisler.com/whatsnew.htm) | Third Party plugins might contain log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gigamon | Fabric Manager | | <5.13.01.02 | Fixed | [link](https://community.gigamon.com/gigamoncp/s/my-gigamon) | Updates available via the Gigamon Support Portal. This advisory available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | GitHub | GitHub | | GitHub.com and GitHub Enterprise Cloud | Fixed | [link](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| GitLab | | | | Unknown | [link](https://forum.gitlab.com/t/cve-2021-4428/62763) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Globus | | | | Unknown | [link](https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GoAnywhere | Gateway | < 2.8.4 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | -| GoAnywhere | MFT | < 6.8.6 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | -| GoAnywhere | MFT Agents | < 1.6.5 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | -| GoCD | | | | Unknown | [link](https://www.gocd.org/2021/12/14/log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitHub | GitHub Enterprise Server | | 3.0.22, 3.1.14, 3.2.6, 3.3.1 | Fixed | [link](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| GitLab | All | | | Not Affected | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | DAST Analyzer | | | Not Affected | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | Dependency Scanning | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | Gemnasium-Maven | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | PMD OSS | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | SAST | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | Spotbugs | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Globus | All | | | Unknown | [link](https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GoAnywhere | Agents | | | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | Gateway | | Version 2.7.0 or later | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | MFT | | Version 5.3.0 or later | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | MFT Agents | 1.4.2 or later | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | Versions less than GoAnywhere Agent version 1.4.2 are not affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | Open PGP Studio | | | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | Suveyor/400 | | | Not Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoCD | All | | | Unknown | [link](https://www.gocd.org/2021/12/14/log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Google | Chrome | | | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 | | Google Cloud | Access Transparency | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Google Cloud | Actifio | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) for the full statement and to obtain the hotfix (available to Actifio customers only). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | @@ -1390,7 +1404,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Gradle | Gradle Enterprise Build Cache Node | | < 10.1 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gradle | Gradle Enterprise Test Distribution Agent | | < 1.6.2 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Grafana | All | | | Not Affected | [link](https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Grandstream | | | | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Grandstream | All | | | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Alert Engine | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1398,12 +1412,13 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Gravitee | API Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | API Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Cockpit | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gravitee.io | | | | Unknown | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gravwell | | | | Unknown | [link](https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Graylog | Graylog Server | All versions >= 1.2.0 and <= 4.2.2 | | Affected | [link](https://www.graylog.org/post/graylog-update-for-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GreenShot | | | | Unknown | [link](https://greenshot.atlassian.net/browse/BUG-2871) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gravwell | All | | | Not Affected | [link](https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products) | Gravwell products do not use Java. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Graylog | All | | 3.3.15, 4.0.14, 4.1.9, 4.2.3 | Fixed | [link](https://www.graylog.org/post/graylog-update-for-log4j) | The vulnerable Log4j library is used to record GrayLogs own log information. Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Graylog | Graylog Server | | All versions >= 1.2.0 and <= 4.2.2 | Fixed | [link](https://www.graylog.org/post/graylog-update-for-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GreenShot | All | | | Not Affected | [link](https://greenshot.atlassian.net/browse/BUG-2871) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | GSA | Cloud.gov | | | Unknown | [link](https://cloud.gov/2021/12/14/log4j-buildpack-updates/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Guidewire | | | | Unknown | [link](https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GuardedBox | All | | 3.1.2 | Fixed | [link](https://twitter.com/GuardedBox/status/1469739834117799939) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Guidewire | All | | | Unknown | [link](https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | HAProxy | | | | Unknown | [link](https://www.haproxy.com/blog/december-2021-log4shell-mitigation/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | HarmanPro AMX | | | | Unknown | [link](https://help.harmanpro.com/apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | HashiCorp | Boundary | | | Unknown | [link](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 64d9eb8..07c89c9 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -36112,7 +36112,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Gearset - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -36141,7 +36141,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Genesys - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -36170,7 +36170,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GeoServer - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -36198,8 +36198,67 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gerrit code review - product: '' + - vendor: GeoSolutions + product: GeoNetwork + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: GeoSolutions + product: GeoServer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: Gerrit Code Review + product: All cves: cve-2021-4104: investigated: false @@ -36227,8 +36286,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GFI - product: '' + - vendor: GFI Software + product: All cves: cve-2021-4104: investigated: false @@ -36256,8 +36315,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GFI Software + product: Kerio Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ghidra - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -36285,6 +36374,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ghisler + product: Total Commander + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ghisler.com/whatsnew.htm + notes: Third Party plugins might contain log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gigamon product: Fabric Manager cves: @@ -36295,9 +36414,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - <5.13.01.02 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -36346,8 +36465,41 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' + - vendor: GitHub + product: GitHub Enterprise Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 3.0.22 + - 3.1.14 + - 3.2.6 + - 3.3.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' - vendor: GitLab - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -36355,10 +36507,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: DAST Analyzer + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36370,13 +36553,163 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763 + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Dependency Scanning + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Gemnasium-Maven + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: PMD OSS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: SAST + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Spotbugs + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Globus - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -36405,7 +36738,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GoAnywhere - product: Gateway + product: Agents cves: cve-2021-4104: investigated: false @@ -36414,10 +36747,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2.8.4 + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Version 2.7.0 or later + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -36444,9 +36807,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 6.8.6 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Version 5.3.0 or later unaffected_versions: [] cve-2021-45046: investigated: false @@ -36475,9 +36838,69 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 1.6.5 + - 1.4.2 or later + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: Versions less than GoAnywhere Agent version 1.4.2 are not affected. + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Open PGP Studio + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Suveyor/400 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36495,7 +36918,7 @@ software: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoCD - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -36535,7 +36958,8 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: true affected_versions: [] @@ -40778,7 +41202,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grandstream - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -41016,8 +41440,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee.io - product: '' + - vendor: Gravwell + product: All cves: cve-2021-4104: investigated: false @@ -41025,10 +41449,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41040,13 +41465,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products + notes: Gravwell products do not use Java. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravwell - product: '' + - vendor: Graylog + product: All cves: cve-2021-4104: investigated: false @@ -41054,9 +41479,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.3.15 + - 4.0.14 + - 4.1.9 + - 4.2.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -41069,8 +41498,10 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products - notes: '' + - https://www.graylog.org/post/graylog-update-for-log4j + notes: The vulnerable Log4j library is used to record GrayLogs own log information. + Vulnerability is not triggered when GrayLog stores exploitation vector from + an outer system. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -41084,9 +41515,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - All versions >= 1.2.0 and <= 4.2.2 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -41105,7 +41536,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GreenShot - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -41113,10 +41544,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41162,8 +41594,38 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: GuardedBox + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 3.1.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/GuardedBox/status/1469739834117799939 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Guidewire - product: '' + product: All cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 79ff7b5..65b7c07 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -471,8 +471,7 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - 'All' + fixed_versions: All unaffected_versions: [] cve-2021-45046: investigated: false @@ -503,7 +502,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -679,7 +678,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '<5.13.01.02' + - <5.13.01.02 unaffected_versions: [] cve-2021-45046: investigated: false @@ -740,10 +739,10 @@ software: investigated: true affected_versions: [] fixed_versions: - - '3.0.22' - - '3.1.14' - - '3.2.6' - - '3.3.1' + - 3.0.22 + - 3.1.14 + - 3.2.6 + - 3.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1042,7 +1041,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'Version 2.7.0 or later' + - Version 2.7.0 or later unaffected_versions: [] cve-2021-45046: investigated: false @@ -1072,7 +1071,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'Version 5.3.0 or later' + - Version 5.3.0 or later unaffected_versions: [] cve-2021-45046: investigated: false @@ -1101,7 +1100,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '1.4.2 or later' + - 1.4.2 or later fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -5356,7 +5355,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 2021.3.6' + - < 2021.3.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5386,7 +5385,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 10.1' + - < 10.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5416,7 +5415,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 1.6.2' + - < 1.6.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5506,7 +5505,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '3.10.x' + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -5536,7 +5535,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '3.5.x' + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -5566,7 +5565,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.5.x' + - 1.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -5596,7 +5595,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.4.x' + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -5626,7 +5625,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '3.10.x' + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -5656,7 +5655,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '3.5.x' + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -5686,7 +5685,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.4.x' + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -5745,10 +5744,10 @@ software: investigated: true affected_versions: [] fixed_versions: - - '3.3.15' - - '4.0.14' - - '4.1.9' - - '4.2.3' + - 3.3.15 + - 4.0.14 + - 4.1.9 + - 4.2.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5763,7 +5762,8 @@ software: vendor_links: - https://www.graylog.org/post/graylog-update-for-log4j notes: The vulnerable Log4j library is used to record GrayLogs own log information. - Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. + Vulnerability is not triggered when GrayLog stores exploitation vector from + an outer system. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -5779,7 +5779,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All versions >= 1.2.0 and <= 4.2.2' + - All versions >= 1.2.0 and <= 4.2.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5868,7 +5868,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '3.1.2' + - 3.1.2 unaffected_versions: [] cve-2021-45046: investigated: false From bc19dddbe746c7dfeca0a6bdbfd39666a89a5b8e Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Wed, 2 Feb 2022 21:29:40 +0000 Subject: [PATCH 38/55] Update the software list --- SOFTWARE-LIST.md | 26 +++- data/cisagov.yml | 358 ++++++++++++++++++++++++++++++++++++++++++--- data/cisagov_C.yml | 42 +++--- data/cisagov_F.yml | 36 ++--- 4 files changed, 391 insertions(+), 71 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 4a4947c..28cf89c 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -415,14 +415,16 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Campbell Scientific | All | | | Unknown | [link](https://s.campbellsci.com/documents/us/miscellaneous/log4j2-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | | Camunda | | | | Unknown | [link](https://forum.camunda.org/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228/31910) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Canary Labs | All | | | Unknown | [link](https://helpcenter.canarylabs.com/t/83hjjk0/log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | Alphenix (Angio Workstation) | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | CT Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | Infinix-i (Angio Workstation) | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | MR Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | NM Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | UL Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | Vitrea Advanced 7.x | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | XR Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Canon | Canon DR Products CXDI_NE) | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | Such as Omnera, FlexPro, Soltus | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | CT Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | Eye-Care Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | MR Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | NM Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | UL Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | Vitrea Advanced 7.x | All | | Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | VL Alphenix Angio Workstation (AWS) | All | | Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | VL Infinix-i Angio Workstation (AWS) | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | XR Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | CapStorm | Copystorm | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | CarbonBlack | | | | Unknown | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Carestream | | | | Unknown | [link](https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | @@ -1227,6 +1229,14 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Fortinet | FortiWeb Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Fortinet | ShieldX | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | FTAPI | | | | Unknown | [link](https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/#) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fuji Electric | MONITOUCH TS1000 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH TS1000S series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH TS2000 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH V8 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH V9 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH X1 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | TELLUS and V-Server | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | V-SFT | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Fujitsu | | | | Unknown | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | FusionAuth | FusionAuth | | | Not Affected | [link](https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | GE Digital | All | | | Unknown | [link](https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 07c89c9..d09289d 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -11696,7 +11696,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: Alphenix (Angio Workstation) + product: Canon DR Products CXDI_NE) cves: cve-2021-4104: investigated: false @@ -11704,10 +11704,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11720,10 +11721,10 @@ software: unaffected_versions: [] vendor_links: - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability - notes: '' + notes: Such as Omnera, FlexPro, Soltus references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: CT Medical Imaging Products cves: @@ -11733,10 +11734,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11752,9 +11754,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: Infinix-i (Angio Workstation) + product: Eye-Care Products cves: cve-2021-4104: investigated: false @@ -11762,10 +11764,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11781,7 +11784,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: MR Medical Imaging Products cves: @@ -11791,10 +11794,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11810,7 +11814,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: NM Medical Imaging Products cves: @@ -11820,10 +11824,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11839,7 +11844,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: UL Medical Imaging Products cves: @@ -11849,10 +11854,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11868,7 +11874,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: Vitrea Advanced 7.x cves: @@ -11878,10 +11884,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: VL Alphenix Angio Workstation (AWS) + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -11897,9 +11934,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: XR Medical Imaging Products + product: VL Infinix-i Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -11907,10 +11944,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: XR Medical Imaging Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11926,7 +11994,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: CapStorm product: Copystorm cves: @@ -35683,6 +35751,248 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000S series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS2000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V8 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V9 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH X1 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: TELLUS and V-Server + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 3 + - Version 4 + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: V-SFT + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 5 + - Version 6 + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' - vendor: Fujitsu product: '' cves: diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index d53c7de..ab59ef7 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -121,7 +121,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: VL Alphenix Angio Workstation (AWS) + product: Canon DR Products CXDI_NE) cves: cve-2021-4104: investigated: false @@ -130,10 +130,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 'All' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -146,7 +146,7 @@ software: unaffected_versions: [] vendor_links: - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability - notes: '' + notes: Such as Omnera, FlexPro, Soltus references: - '' last_updated: '2022-02-02T00:00:00' @@ -163,7 +163,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -181,7 +181,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: VL Infinix-i Angio Workstation (AWS) + product: Eye-Care Products cves: cve-2021-4104: investigated: false @@ -193,7 +193,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -223,7 +223,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -253,7 +253,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -283,7 +283,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -311,7 +311,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'All' + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -331,7 +331,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: XR Medical Imaging Products + product: VL Alphenix Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -340,10 +340,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All fixed_versions: [] - unaffected_versions: - - 'All' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -361,7 +361,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: Eye-Care Products + product: VL Infinix-i Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -373,7 +373,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -391,7 +391,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: Canon DR Products CXDI_NE) + product: XR Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -403,7 +403,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -416,7 +416,7 @@ software: unaffected_versions: [] vendor_links: - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability - notes: Such as Omnera, FlexPro, Soltus + notes: '' references: - '' last_updated: '2022-02-02T00:00:00' diff --git a/data/cisagov_F.yml b/data/cisagov_F.yml index c615dad..adcaaab 100644 --- a/data/cisagov_F.yml +++ b/data/cisagov_F.yml @@ -2034,7 +2034,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fuji Electric - product: MONITOUCH X1 series + product: MONITOUCH TS1000 series cves: cve-2021-4104: investigated: '' @@ -2046,7 +2046,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2064,7 +2064,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: MONITOUCH V9 series + product: MONITOUCH TS1000S series cves: cve-2021-4104: investigated: '' @@ -2076,7 +2076,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2094,7 +2094,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: MONITOUCH TS1000S series + product: MONITOUCH TS2000 series cves: cve-2021-4104: investigated: '' @@ -2106,7 +2106,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2124,7 +2124,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: MONITOUCH TS2000 series + product: MONITOUCH V8 series cves: cve-2021-4104: investigated: '' @@ -2136,7 +2136,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2154,7 +2154,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: MONITOUCH V8 series + product: MONITOUCH V9 series cves: cve-2021-4104: investigated: '' @@ -2166,7 +2166,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2184,7 +2184,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: MONITOUCH TS1000 series + product: MONITOUCH X1 series cves: cve-2021-4104: investigated: '' @@ -2196,7 +2196,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2214,7 +2214,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: V-SFT + product: TELLUS and V-Server cves: cve-2021-4104: investigated: '' @@ -2226,8 +2226,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'Version 5' - - 'Version 6' + - Version 3 + - Version 4 cve-2021-45046: investigated: '' affected_versions: [] @@ -2245,7 +2245,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: TELLUS and V-Server + product: V-SFT cves: cve-2021-4104: investigated: '' @@ -2257,8 +2257,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'Version 3' - - 'Version 4' + - Version 5 + - Version 6 cve-2021-45046: investigated: '' affected_versions: [] From 793cfeedd90f6b91111df980341fd5e6040b6273 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Wed, 2 Feb 2022 16:01:50 -0700 Subject: [PATCH 39/55] Update cisagov_E.yml Updated Ewon vendor. --- data/cisagov_E.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/data/cisagov_E.yml b/data/cisagov_E.yml index 1578987..501063c 100644 --- a/data/cisagov_E.yml +++ b/data/cisagov_E.yml @@ -4524,7 +4524,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ewon - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4532,10 +4532,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -4551,7 +4552,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-02-02T07:18:50+00:00' - vendor: Exabeam product: '' cves: From 222274ced398e92f8421e0f2a6e644165d67f979 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 08:27:59 -0500 Subject: [PATCH 40/55] Add Kaltura products --- data/cisagov_K.yml | 64 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 62 insertions(+), 2 deletions(-) diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index 7149f4a..4b5130c 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: K15t - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -34,7 +34,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: K6 - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -62,6 +62,66 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn SaaS in the classic Learn experience + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'v3900.28.x' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn Self- and Managed-Hosting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'v3900.26.x' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' - vendor: Karakun product: '' cves: From 3cf60bf127ab75cdcc1ee6fec9374d3b80cdbaba Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 08:35:55 -0500 Subject: [PATCH 41/55] Add Kaseya products --- data/cisagov_K.yml | 367 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 364 insertions(+), 3 deletions(-) diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index 4b5130c..4d5522a 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -123,7 +123,7 @@ software: - '' last_updated: '2021-12-23T07:18:50+00:00' - vendor: Karakun - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -152,7 +152,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kaseya - product: '' + product: AuthAnvil cves: cve-2021-4104: investigated: false @@ -160,10 +160,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: BMS + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -179,7 +210,337 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: ID Agent DarkWeb ID and BullPhish ID + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: IT Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: MyGlue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Network Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Passly + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: RocketCyber + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spannign Salesforce Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spanning O365 Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Unitrends + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Vorex + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Kaseya VSA SaaS and VSA On-Premises + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: Keeper Security product: '' cves: From dc7229903d5e14905b606aff7a7309891e676d4f Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 08:38:52 -0500 Subject: [PATCH 42/55] Fix product error Kaseya --- data/cisagov_K.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index 4d5522a..215985d 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -512,7 +512,7 @@ software: - '' last_updated: '2021-12-15T07:18:50+00:00' - vendor: Kaseya - product: Kaseya VSA SaaS and VSA On-Premises + product: VSA SaaS and VSA On-Premises cves: cve-2021-4104: investigated: false From 3af4b6a0d9cefc3b1d4235c5c08b8c1989685c7f Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 08:44:17 -0500 Subject: [PATCH 43/55] Add KeePass, Update Keeper, Kemp --- data/cisagov_K.yml | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index 215985d..a46712e 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -541,8 +541,8 @@ software: references: - '' last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Keeper Security - product: '' + - vendor: KeePass + product: All cves: cve-2021-4104: investigated: false @@ -550,10 +550,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -565,13 +566,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/ + - https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP - product: '' + - vendor: Keeper + product: All cves: cve-2021-4104: investigated: false @@ -579,9 +580,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -594,13 +596,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit + - https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP 2 - product: '' + - vendor: Kemp + product: All cves: cve-2021-4104: investigated: false @@ -623,10 +625,10 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228- + - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit notes: '' references: - - '' + - '[Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-)' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kofax product: '' From bbac69cb1e0b466246033994978a421e767f5917 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 08:54:30 -0500 Subject: [PATCH 44/55] Add Keycloak, Kofax products --- data/cisagov_K.yml | 132 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 127 insertions(+), 5 deletions(-) diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index a46712e..10d1aec 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -630,8 +630,38 @@ software: references: - '[Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-)' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keycloak + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/keycloak/keycloak/discussions/9078 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kofax - product: '' + product: Capture cves: cve-2021-4104: investigated: false @@ -639,10 +669,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Communication Manager + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '5.3 - 5.5' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -654,13 +715,74 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228) + - https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Robot File System (RFS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=10.7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Robotic Process Automation (RPA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '11.1' + - '11.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Konica Minolta - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -689,7 +811,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kronos UKG - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -718,7 +840,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kyberna - product: '' + product: All cves: cve-2021-4104: investigated: false From d25a999e3400f16e3cde4a06a64c5a7b5c018db5 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Thu, 3 Feb 2022 13:59:27 +0000 Subject: [PATCH 45/55] Update the software list --- SOFTWARE-LIST.md | 40 ++- data/cisagov.yml | 599 +++++++++++++++++++++++++++++++++++++++++++-- data/cisagov_K.yml | 12 +- 3 files changed, 607 insertions(+), 44 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 28cf89c..f62ff18 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2004,17 +2004,35 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Jump Desktop | | | | Unknown | [link](https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Juniper Networks | | | | Unknown | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Justice Systems | | | | Unknown | [link](https://www.justicesystems.com/services/support/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| K15t | | | | Unknown | [link](https://help.k15t.com/k15t-apps-and-log4shell-193401141.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| K6 | | | | Unknown | [link](https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Karakun | | | | Unknown | [link](https://board.karakun.com/viewtopic.php?f=21&t=8351) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kaseya | | | | Unknown | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Keeper Security | | | | Unknown | [link](https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| KEMP | | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| KEMP 2 | | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kofax | | | | Unknown | [link](https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228)) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Konica Minolta | | | | Unknown | [link](https://www.konicaminolta.de/de-de/support/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kronos UKG | | | | Unknown | [link](https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kyberna | | | | Unknown | [link](https://www.kyberna.com/detail/log4j-sicherheitsluecke) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| K15t | All | | | Unknown | [link](https://help.k15t.com/k15t-apps-and-log4shell-193401141.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| K6 | All | | | Unknown | [link](https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kaltura | Blackboard Learn SaaS in the classic Learn experience | | v3900.28.x | Fixed | [link](https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Kaltura | Blackboard Learn Self- and Managed-Hosting | | v3900.26.x | Fixed | [link](https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Karakun | All | | | Unknown | [link](https://board.karakun.com/viewtopic.php?f=21&t=8351) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kaseya | AuthAnvil | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | BMS | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | ID Agent DarkWeb ID and BullPhish ID | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | IT Glue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | MyGlue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Network Glue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Passly | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | RocketCyber | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Spannign Salesforce Backup | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Spanning O365 Backup | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Unitrends | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Vorex | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | VSA SaaS and VSA On-Premises | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| KeePass | All | | | Not Affected | [link](https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Keeper | All | | | Fixed | [link](https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kemp | All | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit) | | [Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Keycloak | All | | | Not Affected | [link](https://github.com/keycloak/keycloak/discussions/9078) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Capture | | | Not Affected | [link](https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Communication Manager | | 5.3 - 5.5 | Fixed | [link](https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Robot File System (RFS) | | >=10.7 | Fixed | [link](https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Robotic Process Automation (RPA) | | 11.1, 11.2 | Fixed | [link](https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Konica Minolta | All | | | Unknown | [link](https://www.konicaminolta.de/de-de/support/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kronos UKG | All | | | Unknown | [link](https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kyberna | All | | | Unknown | [link](https://www.kyberna.com/detail/log4j-sicherheitsluecke) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | L-Soft | | | | Unknown | [link](http://www.lsoft.com/news/log4jinfo.asp) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | L3Harris Geospatial | | | | Unknown | [link](https://www.l3harrisgeospatial.com/Support/Self-Help-Tools/Help-Articles/Help-Articles-Detail/ArtMID/10220/ArticleID/24141/Impact-of-Log4j-Java-Security-Vulnerability-CVE-2021-44228-on-L3Harris-Geospatial-software) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Lancom Systems | | | | Unknown | [link](https://www.lancom-systems.com/service-support/instant-help/general-security-information/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index d09289d..c586742 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -58852,7 +58852,334 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: K15t - product: '' + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.k15t.com/k15t-apps-and-log4shell-193401141.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: K6 + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn SaaS in the classic Learn experience + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v3900.28.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn Self- and Managed-Hosting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v3900.26.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' + - vendor: Karakun + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://board.karakun.com/viewtopic.php?f=21&t=8351 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kaseya + product: AuthAnvil + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: BMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: ID Agent DarkWeb ID and BullPhish ID + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: IT Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: MyGlue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Network Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Passly cves: cve-2021-4104: investigated: false @@ -58860,10 +59187,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58875,13 +59203,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.k15t.com/k15t-apps-and-log4shell-193401141.html + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: K6 - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: RocketCyber cves: cve-2021-4104: investigated: false @@ -58889,10 +59217,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spannign Salesforce Backup + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58904,13 +59263,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/ + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Karakun - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spanning O365 Backup cves: cve-2021-4104: investigated: false @@ -58918,10 +59277,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Unitrends + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58933,13 +59323,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://board.karakun.com/viewtopic.php?f=21&t=8351 + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: Kaseya - product: '' + product: Vorex cves: cve-2021-4104: investigated: false @@ -58947,10 +59337,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: VSA SaaS and VSA On-Premises + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58966,9 +59387,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Keeper Security - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: KeePass + product: All cves: cve-2021-4104: investigated: false @@ -58976,10 +59397,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keeper + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -58996,8 +59448,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP - product: '' + - vendor: Kemp + product: All cves: cve-2021-4104: investigated: false @@ -59022,11 +59474,41 @@ software: vendor_links: - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit notes: '' + references: + - '[Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-)' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keycloak + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/keycloak/keycloak/discussions/9078 + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP 2 - product: '' + - vendor: Kofax + product: Capture cves: cve-2021-4104: investigated: false @@ -59034,10 +59516,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Communication Manager + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.3 - 5.5 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59049,13 +59562,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228- + - https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kofax - product: '' + product: Robot File System (RFS) cves: cve-2021-4104: investigated: false @@ -59063,10 +59576,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=10.7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Robotic Process Automation (RPA) + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '11.1' + - '11.2' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59078,13 +59623,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228) + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Konica Minolta - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -59113,7 +59658,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kronos UKG - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -59142,7 +59687,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kyberna - product: '' + product: All cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index 10d1aec..2f4d413 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -74,7 +74,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v3900.28.x' + - v3900.28.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -104,7 +104,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v3900.26.x' + - v3900.26.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -554,7 +554,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -643,7 +643,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -673,7 +673,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -702,7 +702,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '5.3 - 5.5' + - 5.3 - 5.5 unaffected_versions: [] cve-2021-45046: investigated: false From f8c0448f3be39214575817e5d16be858a49a0294 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Thu, 3 Feb 2022 14:05:00 +0000 Subject: [PATCH 46/55] Update the software list --- SOFTWARE-LIST.md | 2 +- data/cisagov.yml | 9 +++++---- data/cisagov_E.yml | 2 +- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index f62ff18..4e13419 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -1152,7 +1152,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | ESRI | Portal for ArcGIS | | All | Fixed | [link](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/) | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Estos | | | | Unknown | [link](https://support.estos.de/de/sicherheitshinweise/estos-von-kritischer-schwachstelle-in-log4j-cve-2021-44228-nicht-betroffen) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Evolveum Midpoint | | | | Unknown | [link](https://evolveum.com/midpoint-not-vulnerable-to-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Ewon | | | | Unknown | [link](https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ewon | All | | | Not Affected | [link](https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Exabeam | | | | Unknown | [link](https://community.exabeam.com/s/discussions?t=1639379479381) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Exact | | | | Unknown | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Exivity | | | | Unknown | [link](https://docs.exivity.com/getting-started/releases/announcements#announcement-regarding-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index c586742..b0e0a6d 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -33487,7 +33487,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ewon - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -33495,10 +33495,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -33514,7 +33515,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-02-02T07:18:50+00:00' - vendor: Exabeam product: '' cves: diff --git a/data/cisagov_E.yml b/data/cisagov_E.yml index 501063c..687ac2d 100644 --- a/data/cisagov_E.yml +++ b/data/cisagov_E.yml @@ -4536,7 +4536,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] From 4efa317cb99ffea80b68380f1ef72c2b9fd0d310 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 10:35:31 -0500 Subject: [PATCH 47/55] Add Qlik products --- data/cisagov_Q.yml | 934 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 931 insertions(+), 3 deletions(-) diff --git a/data/cisagov_Q.yml b/data/cisagov_Q.yml index 7062f16..6b70c17 100644 --- a/data/cisagov_Q.yml +++ b/data/cisagov_Q.yml @@ -4,8 +4,38 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: + - vendor: Qconference + product: FaceTalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://qconferencing.com/status-vulnerability-log4j-en-qconferencing/ + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' - vendor: QF-Test - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -34,7 +64,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Qlik - product: '' + product: AIS, including ARC cves: cve-2021-4104: investigated: false @@ -42,10 +72,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Attunity Visibility + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -61,7 +122,874 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: AutoML + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Blendr + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DW + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '6.6.1' + - '7.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4.10.0' + - '4.10.1' + - '4.10.2' + - '4.11.0' + - '4.11.1' + - '4.12.0' + - '4.12.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2021.2' + - '2021.5' + - '2021.8' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Lakes + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6.6' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869987 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Wharehouses + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6.6' + - '6.6.1' + - '7.0' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869990 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Plus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '5.26.5' + - '5.27.5 - 5.28.2' + - '5.29.4 - 5.30.1' + - '5.31.1' + - '5.31.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4.19.1 - 4.27.3' + - '4.23.4' + - '4.32.3' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nodegraph + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nprinting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: ODBC Connector Package + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: QEM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Alerting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'May 2021 release and after' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Data Transfer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Enterprise Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869994 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Forts + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik RepliWeb and ARC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Business + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise SaaS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik View + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Web Connectors + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Replicate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: REST Connectors + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Salesforce and SAP Connectors + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: Connectos are not affected. + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: QMATIC product: Appointment Booking cves: From 951c85f25b868c30822602bfdd73d6aaf0e4ddd4 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 10:44:06 -0500 Subject: [PATCH 48/55] Add QNAP products --- data/cisagov_Q.yml | 109 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 100 insertions(+), 9 deletions(-) diff --git a/data/cisagov_Q.yml b/data/cisagov_Q.yml index 6b70c17..bfe3c24 100644 --- a/data/cisagov_Q.yml +++ b/data/cisagov_Q.yml @@ -1000,9 +1000,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.4+ - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '2.4+' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1030,9 +1030,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Cloud/Managed Service - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1060,9 +1060,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Cloud - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1111,7 +1111,67 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: QNAP - product: '' + product: QES Operating System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: Qsirch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QTS Operating System cves: cve-2021-4104: investigated: false @@ -1119,10 +1179,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QuTS Hero Operating System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1140,7 +1231,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: QOPPA - product: '' + product: All cves: cve-2021-4104: investigated: false From 6da80d105a969d55b9607093eebb7e549836d893 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 10:58:54 -0500 Subject: [PATCH 49/55] Add Quest products --- data/cisagov_Q.yml | 98 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 94 insertions(+), 4 deletions(-) diff --git a/data/cisagov_Q.yml b/data/cisagov_Q.yml index bfe3c24..b915cea 100644 --- a/data/cisagov_Q.yml +++ b/data/cisagov_Q.yml @@ -1259,8 +1259,37 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QOS.ch + product: SLF4J Simple Logging Facade for Java + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.slf4j.org/log4shell.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: QSC Q-SYS - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1289,7 +1318,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: QT - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1317,8 +1346,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Quest Global - product: '' + - vendor: Quest + product: Foglight cves: cve-2021-4104: investigated: false @@ -1326,10 +1355,71 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '5.9' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Foglight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Quest KACE SMA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 4cd0024017779a629303133aad3bb1974c70a865 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Thu, 3 Feb 2022 16:05:36 +0000 Subject: [PATCH 50/55] Update the software list --- SOFTWARE-LIST.md | 56 ++- data/cisagov.yml | 1145 +++++++++++++++++++++++++++++++++++++++++++- data/cisagov_Q.yml | 62 +-- 3 files changed, 1204 insertions(+), 59 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 4e13419..85ae05c 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2446,17 +2446,53 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Pure Storage | PortWorx | 2.8.0+ | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Pure Storage | Pure1 | | N/A | Fixed | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Pyramid Analytics | | | | Unknown | [link](https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QF-Test | | | | Unknown | [link](https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Qlik | | | | Unknown | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QMATIC | Appointment Booking | 2.4+ | | Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | Update to v. 2.8.2 which contains log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| QMATIC | Appointment Booking | Cloud/Managed Service | | Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-15 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| QMATIC | Insights | Cloud | | Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Qconference | FaceTalk | | | Fixed | [link](https://qconferencing.com/status-vulnerability-log4j-en-qconferencing/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| QF-Test | All | | | Unknown | [link](https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Qlik | AIS, including ARC | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Attunity Visibility | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | AutoML | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Blendr | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | C4DL | | 6.6 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | C4DW | | 6.6, 6.6.1, 7.0 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Catalog | | 4.10.0, 4.10.1, 4.10.2, 4.11.0, 4.11.1, 4.12.0, 4.12.1 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Compose | | 2021.2, 2021.5, 2021.8 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Compose for Data Lakes | | | Not Affected | [link](https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869987) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Compose for Data Wharehouses | | | Not Affected | [link](https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | GeoAnalytics Plus | | 5.26.5, 5.27.5 - 5.28.2, 5.29.4 - 5.30.1, 5.31.1, 5.31.2 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | GeoAnalytics Server | | 4.19.1 - 4.27.3, 4.23.4, 4.32.3 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Nodegraph | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Nprinting | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | ODBC Connector Package | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | QEM | | 6.6, 7.0, 2021.5, 2021.11 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Alerting | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Catalog | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Data Transfer | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Enterprise Manager | | 6.6, 7.0, 2021.5, 2021.11 | Fixed | [link](https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869994) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Forts | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik RepliWeb and ARC | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Sense Business | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Sense Enterprise | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Sense Enterprise SaaS | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik View | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Web Connectors | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Replicate | | 6.6, 7.0, 2021.5, 2021.11 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | REST Connectors | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Salesforce and SAP Connectors | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | Connectos are not affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| QMATIC | Appointment Booking | | 2.4+ | Fixed | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | Update to v. 2.8.2 which contains log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| QMATIC | Appointment Booking | | Cloud/Managed Service | Fixed | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-15 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| QMATIC | Insights | | Cloud | Fixed | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | QMATIC | Orchestra Central | | | Not Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| QNAP | | | | Unknown | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QOPPA | | | | Unknown | [link](https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QSC Q-SYS | | | | Unknown | [link](https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QT | | | | Unknown | [link](https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Quest Global | | | | Unknown | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QNAP | QES Operating System | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QNAP | Qsirch | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QNAP | QTS Operating System | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QNAP | QuTS Hero Operating System | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QOPPA | All | | | Unknown | [link](https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QOS.ch | SLF4J Simple Logging Facade for Java | | | Unknown | [link](https://www.slf4j.org/log4shell.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QSC Q-SYS | All | | | Unknown | [link](https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QT | All | | | Unknown | [link](https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Quest | Foglight | | | Unknown | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Quest | Foglight | | 6.0 | Fixed | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Quest | Quest KACE SMA | | | Not Affected | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | R | R | | | Not Affected | [link](https://www.r-project.org/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | R2ediviewer | | | | Unknown | [link](https://r2ediviewer.de/DE/reload.html?Change-log_17858584.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Radware | | | | Unknown | [link](https://support.radware.com/app/answers/answer_view/a_id/1029752) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index b0e0a6d..70b0033 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -71853,8 +71853,871 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Qconference + product: FaceTalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://qconferencing.com/status-vulnerability-log4j-en-qconferencing/ + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' - vendor: QF-Test - product: '' + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Qlik + product: AIS, including ARC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Attunity Visibility + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: AutoML + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Blendr + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DW + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - 6.6.1 + - '7.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.10.0 + - 4.10.1 + - 4.10.2 + - 4.11.0 + - 4.11.1 + - 4.12.0 + - 4.12.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2021.2' + - '2021.5' + - '2021.8' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Lakes + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6.6' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869987 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Wharehouses + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6.6' + - 6.6.1 + - '7.0' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869990 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Plus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.26.5 + - 5.27.5 - 5.28.2 + - 5.29.4 - 5.30.1 + - 5.31.1 + - 5.31.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.19.1 - 4.27.3 + - 4.23.4 + - 4.32.3 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nodegraph + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nprinting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: ODBC Connector Package + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: QEM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Alerting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - May 2021 release and after + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Data Transfer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Enterprise Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869994 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Forts + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik RepliWeb and ARC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Business + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise SaaS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik View + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Web Connectors cves: cve-2021-4104: investigated: false @@ -71862,10 +72725,44 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Replicate + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -71877,13 +72774,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: Qlik - product: '' + product: REST Connectors cves: cve-2021-4104: investigated: false @@ -71891,10 +72788,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Salesforce and SAP Connectors + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71907,10 +72835,10 @@ software: unaffected_versions: [] vendor_links: - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 - notes: '' + notes: Connectos are not affected. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: QMATIC product: Appointment Booking cves: @@ -71921,9 +72849,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 2.4+ - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -71951,9 +72879,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Cloud/Managed Service - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -71981,9 +72909,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Cloud - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -72032,7 +72960,67 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: QNAP - product: '' + product: QES Operating System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: Qsirch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QTS Operating System cves: cve-2021-4104: investigated: false @@ -72040,10 +73028,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QuTS Hero Operating System + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -72061,7 +73080,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: QOPPA - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -72089,8 +73108,37 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QOS.ch + product: SLF4J Simple Logging Facade for Java + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.slf4j.org/log4shell.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: QSC Q-SYS - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -72119,7 +73167,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: QT - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -72147,8 +73195,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Quest Global - product: '' + - vendor: Quest + product: Foglight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '5.9' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Foglight cves: cve-2021-4104: investigated: false @@ -72156,10 +73234,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Quest KACE SMA + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] diff --git a/data/cisagov_Q.yml b/data/cisagov_Q.yml index b915cea..5f2d36c 100644 --- a/data/cisagov_Q.yml +++ b/data/cisagov_Q.yml @@ -76,7 +76,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -106,7 +106,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -136,7 +136,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -166,7 +166,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -226,7 +226,7 @@ software: affected_versions: [] fixed_versions: - '6.6' - - '6.6.1' + - 6.6.1 - '7.0' unaffected_versions: [] cve-2021-45046: @@ -257,13 +257,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - '4.10.0' - - '4.10.1' - - '4.10.2' - - '4.11.0' - - '4.11.1' - - '4.12.0' - - '4.12.1' + - 4.10.0 + - 4.10.1 + - 4.10.2 + - 4.11.0 + - 4.11.1 + - 4.12.0 + - 4.12.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -357,7 +357,7 @@ software: fixed_versions: [] unaffected_versions: - '6.6' - - '6.6.1' + - 6.6.1 - '7.0' cve-2021-45046: investigated: false @@ -387,11 +387,11 @@ software: investigated: true affected_versions: [] fixed_versions: - - '5.26.5' - - '5.27.5 - 5.28.2' - - '5.29.4 - 5.30.1' - - '5.31.1' - - '5.31.2' + - 5.26.5 + - 5.27.5 - 5.28.2 + - 5.29.4 - 5.30.1 + - 5.31.1 + - 5.31.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -421,9 +421,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - '4.19.1 - 4.27.3' - - '4.23.4' - - '4.32.3' + - 4.19.1 - 4.27.3 + - 4.23.4 + - 4.32.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -484,7 +484,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -577,7 +577,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -607,7 +607,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'May 2021 release and after' + - May 2021 release and after cve-2021-45046: investigated: false affected_versions: [] @@ -730,7 +730,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -790,7 +790,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -850,7 +850,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -880,7 +880,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -943,7 +943,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -973,7 +973,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1002,7 +1002,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2.4+' + - 2.4+ unaffected_versions: [] cve-2021-45046: investigated: false From 2a970b297bdf29c1070228f1b6a2b92cd5b42280 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 11:14:09 -0500 Subject: [PATCH 51/55] Add Wallix --- data/cisagov_W.yml | 39 ++++++++++++++++++++++++++++++++++----- 1 file changed, 34 insertions(+), 5 deletions(-) diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index b2629d1..ca579ee 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -14,9 +14,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.2.x < 4.8.1.3 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '4.2.x < 4.8.1.3' unaffected_versions: [] cve-2021-45046: investigated: false @@ -35,7 +35,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Wallarm - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -63,8 +63,37 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wallix + product: Access Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.wallix.com/fr/support/alerts/ + notes: Customer Portal for patch found in advisory. This patch is available to customer only and has not been reviewed by CISA. + references: + - '' - vendor: Wasp Barcode technologies - product: '' + product: All cves: cve-2021-4104: investigated: false From 75fa37d51505ce0f29316eb1f6f88b75ba8347e2 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 11:23:00 -0500 Subject: [PATCH 52/55] Add WatchGuard products --- data/cisagov_W.yml | 215 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 213 insertions(+), 2 deletions(-) diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index ca579ee..efbf4b3 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -121,8 +121,128 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Watcher + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/felix_hrn/status/1470387338001977344 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: AuthPoint + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'Cloud' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Dimension + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: EDPR and Panda AD360 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WatchGuard - product: Secplicity + product: Firebox cves: cve-2021-4104: investigated: false @@ -130,10 +250,101 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: System Manager, Dimension, and Panda AD360 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Threat Detection and Response + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Wi-Fi Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -145,7 +356,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/ + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' From 54a0b7d46baa6ae7783509ed7ec4616683f8e9ad Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 11:47:22 -0500 Subject: [PATCH 53/55] Update Wildfly, Wireshark, WitFoo, Wowza --- data/cisagov_W.yml | 83 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 62 insertions(+), 21 deletions(-) diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index efbf4b3..b6b9e8b 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -400,9 +400,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.2 and prior - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '2.2 and prior' unaffected_versions: [] cve-2021-45046: investigated: false @@ -430,9 +430,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 1.30 and prior - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -450,6 +450,42 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: WildFly + product: All + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '< 22' + - '> 26.0.0.Final' + - '>= 22' + - '<= 26.0.0.Beta1' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/ + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' - vendor: Wind River product: LTS17 cves: @@ -724,7 +760,7 @@ software: - '' last_updated: '2022-01-21T00:00:00' - vendor: WireShark - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -732,10 +768,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -747,13 +784,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://gitlab.com/wireshark/wireshark/-/issues/17783 + - https://www.wireshark.org/news/20211215.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: Wistia - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -782,7 +819,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: WitFoo - product: '' + product: Precinct cves: cve-2021-4104: investigated: false @@ -792,7 +829,8 @@ software: cve-2021-44228: investigated: false affected_versions: [] - fixed_versions: [] + fixed_versions: + - '6.x' unaffected_versions: [] cve-2021-45046: investigated: false @@ -806,12 +844,12 @@ software: unaffected_versions: [] vendor_links: - https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ - notes: '' + notes: WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See advisory. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: WordPress - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -819,10 +857,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -840,7 +879,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Worksphere - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -869,7 +908,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Wowza - product: '' + product: Streaming Engine cves: cve-2021-4104: investigated: false @@ -877,9 +916,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '4.7.8' + - '4.8.x' unaffected_versions: [] cve-2021-45046: investigated: false From 3919bebc36a6d038385f02855f98b21dafa7fa60 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 12:03:15 -0500 Subject: [PATCH 54/55] Add WSO2 products --- data/cisagov_W.yml | 490 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 485 insertions(+), 5 deletions(-) diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index b6b9e8b..b53f64c 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -939,7 +939,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: WSO2 - product: WSO2 Enterprise Integrator + product: API Manager cves: cve-2021-4104: investigated: false @@ -948,10 +948,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.1.0 and above + affected_versions: [] + fixed_versions: + - '>= 3.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: API Manager Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 2.6.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -964,8 +994,458 @@ software: unaffected_versions: [] vendor_links: - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 6.1.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 6.6.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.9.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.7.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server as Key Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.9.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 3.2.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.1.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Dashboard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 4.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Monitoring Dashboard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking AM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 2.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking BI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.3.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking KM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 2.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator Tooling + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Processor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 4.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' ... From 391e4b4ec5fb54ae61a56c4d5de275f5b702d119 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Thu, 3 Feb 2022 17:10:07 +0000 Subject: [PATCH 55/55] Update the software list --- SOFTWARE-LIST.md | 50 ++- data/cisagov.yml | 849 ++++++++++++++++++++++++++++++++++++++++++--- data/cisagov_W.yml | 22 +- 3 files changed, 855 insertions(+), 66 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 85ae05c..93ed32f 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -3104,13 +3104,21 @@ NOTE: This file is automatically generated. To submit updates, please refer to | VMware | VMware Workspace ONE Access Connector (VMware Identity Manager Connector) | 21.x, 20.10.x, 19.03.0.1 | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | VTScada | All | | | Not Affected | [link](https://www.vtscada.com/vtscada-unaffected-by-log4j/) | Java is not utilized within VTScada software, and thus our users are unaffected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | | Vyaire | | | | Unknown | [link](https://www.vyaire.com/sites/us/files/2021-12/2021-12-15-product-security-bulletin-for-log4shell-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| WAGO | WAGO Smart Script | 4.2.x < 4.8.1.3 | | Affected | [link](https://www.wago.com/de/automatisierungstechnik/psirt#log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Wallarm | | | | Unknown | [link](https://lab.wallarm.com/cve-2021-44228-mitigation-update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Wasp Barcode technologies | | | | Unknown | [link](https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WatchGuard | Secplicity | | | Unknown | [link](https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WAGO | WAGO Smart Script | | 4.2.x < 4.8.1.3 | Fixed | [link](https://www.wago.com/de/automatisierungstechnik/psirt#log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Wallarm | All | | | Unknown | [link](https://lab.wallarm.com/cve-2021-44228-mitigation-update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Wasp Barcode technologies | All | | | Unknown | [link](https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Watcher | All | | | Not Affected | [link](https://twitter.com/felix_hrn/status/1470387338001977344) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | AuthPoint | | Cloud | Fixed | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | Dimension | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | EDPR and Panda AD360 | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | Firebox | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | System Manager, Dimension, and Panda AD360 | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | Threat Detection and Response | | Cloud | Fixed | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | Wi-Fi Cloud | | Cloud | Fixed | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Western Digital | | | | Unknown | [link](https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WIBU Systems | CodeMeter Cloud Lite | 2.2 and prior | | Affected | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| WIBU Systems | CodeMeter Keyring for TIA Portal | 1.30 and prior | | Affected | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | Only the Password Manager is affected | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| WIBU Systems | CodeMeter Cloud Lite | | 2.2 and prior | Fixed | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| WIBU Systems | CodeMeter Keyring for TIA Portal | | 1.30 and prior | Fixed | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | Only the Password Manager is affected | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| WildFly | All | | | Not Affected | [link](https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | Wind River | LTS17 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | Wind River | LTS18 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | Wind River | LTS19 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | @@ -3119,13 +3127,29 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Wind River | WRL-7 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | Wind River | WRL-8 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | Wind River | WRL-9 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | -| WireShark | | | | Unknown | [link](https://gitlab.com/wireshark/wireshark/-/issues/17783) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Wistia | | | | Unknown | [link](https://status.wistia.com/incidents/jtg0dfl5l224) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WitFoo | | | | Unknown | [link](https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WordPress | | | | Unknown | [link](https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Worksphere | | | | Unknown | [link](https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Wowza | | | | Unknown | [link](https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WSO2 | WSO2 Enterprise Integrator | 6.1.0 and above | | Affected | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WireShark | All | | | Not Affected | [link](https://www.wireshark.org/news/20211215.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Wistia | All | | | Unknown | [link](https://status.wistia.com/incidents/jtg0dfl5l224) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WitFoo | Precinct | | 6.x | Fixed | [link](https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/) | WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WordPress | All | | | Not Affected | [link](https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Worksphere | All | | | Unknown | [link](https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Wowza | Streaming Engine | | 4.7.8, 4.8.x | Fixed | [link](https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WSO2 | API Manager | | >= 3.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | API Manager Analytics | | >= 2.6.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Enterprise Integrator | | >= 6.1.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Enterprise Integrator Analytics | | >= 6.6.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Identity Server | | >= 5.9.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Identity Server Analytics | | >= 5.7.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Identity Server as Key Manager | | >= 5.9.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Micro Gateway | | >= 3.2.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Micro Integrator | | >= 1.1.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Micro Integrator Dashboard | | >= 4.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Micro Integrator Monitoring Dashboard | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Open Banking AM | | >= 2.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Open Banking BI | | >= 1.3.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Open Banking KM | | >= 2.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Stream Integrator | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Stream Integrator Tooling | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Stream Processor | | >= 4.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | XCP-ng | | | | Unknown | [link](https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | XenForo | | | | Unknown | [link](https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Xerox | | | | Unknown | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2021/12/Xerox-Special-Bulletin-XRX21-021-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.6.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 70b0033..e2d8bd9 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -91557,9 +91557,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 4.2.x < 4.8.1.3 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -91578,7 +91578,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Wallarm - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -91606,8 +91606,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wallix + product: Access Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.wallix.com/fr/support/alerts/ + notes: Customer Portal for patch found in advisory. This patch is available to + customer only and has not been reviewed by CISA. + references: + - '' - vendor: Wasp Barcode technologies - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -91635,8 +91665,188 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Watcher + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/felix_hrn/status/1470387338001977344 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: AuthPoint + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Dimension + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: EDPR and Panda AD360 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Firebox + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: System Manager, Dimension, and Panda AD360 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WatchGuard - product: Secplicity + product: Threat Detection and Response cves: cve-2021-4104: investigated: false @@ -91644,10 +91854,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Wi-Fi Cloud + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -91659,7 +91900,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/ + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' @@ -91703,9 +91944,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 2.2 and prior - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -91733,9 +91974,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 1.30 and prior - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -91753,8 +91994,8 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Wind River - product: LTS17 + - vendor: WildFly + product: All cves: cve-2021-4104: investigated: true @@ -91767,7 +92008,10 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - < 22 + - '> 26.0.0.Final' + - '>= 22' + - <= 26.0.0.Beta1 cve-2021-45046: investigated: true affected_versions: [] @@ -91781,13 +92025,13 @@ software: unaffected_versions: - All vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + - https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/ notes: '' references: - '' last_updated: '2022-01-21T00:00:00' - vendor: Wind River - product: LTS18 + product: LTS17 cves: cve-2021-4104: investigated: true @@ -91820,7 +92064,7 @@ software: - '' last_updated: '2022-01-21T00:00:00' - vendor: Wind River - product: LTS19 + product: LTS18 cves: cve-2021-4104: investigated: true @@ -91853,7 +92097,7 @@ software: - '' last_updated: '2022-01-21T00:00:00' - vendor: Wind River - product: LTS21 + product: LTS19 cves: cve-2021-4104: investigated: true @@ -91884,9 +92128,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-01-21T00:00:00' - vendor: Wind River - product: WRL-6 + product: LTS21 cves: cve-2021-4104: investigated: true @@ -91914,9 +92158,42 @@ software: - All vendor_links: - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 - and JMSAppender components, however, JMSAppender is deactivated in the release - package and not affected by CVE-2021-4104 customers are advised to NOT manually + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wind River + product: WRL-6 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. references: - '' @@ -92027,7 +92304,7 @@ software: - '' last_updated: '2022-01-21T00:00:00' - vendor: WireShark - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -92035,10 +92312,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -92050,13 +92328,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://gitlab.com/wireshark/wireshark/-/issues/17783 + - https://www.wireshark.org/news/20211215.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: Wistia - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -92085,7 +92363,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: WitFoo - product: '' + product: Precinct cves: cve-2021-4104: investigated: false @@ -92095,7 +92373,8 @@ software: cve-2021-44228: investigated: false affected_versions: [] - fixed_versions: [] + fixed_versions: + - 6.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -92109,12 +92388,13 @@ software: unaffected_versions: [] vendor_links: - https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ - notes: '' + notes: WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See + advisory. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: WordPress - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -92122,10 +92402,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -92143,7 +92424,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Worksphere - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -92172,7 +92453,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Wowza - product: '' + product: Streaming Engine cves: cve-2021-4104: investigated: false @@ -92180,9 +92461,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.7.8 + - 4.8.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -92201,7 +92484,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: WSO2 - product: WSO2 Enterprise Integrator + product: API Manager cves: cve-2021-4104: investigated: false @@ -92210,10 +92493,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.1.0 and above + affected_versions: [] + fixed_versions: + - '>= 3.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: API Manager Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 2.6.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -92226,10 +92539,460 @@ software: unaffected_versions: [] vendor_links: - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 6.1.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 6.6.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.9.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.7.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server as Key Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.9.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 3.2.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.1.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Dashboard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 4.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Monitoring Dashboard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking AM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 2.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking BI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.3.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking KM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 2.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator Tooling + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Processor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 4.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' - vendor: XCP-ng product: '' cves: diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index b53f64c..74a2c36 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -16,7 +16,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '4.2.x < 4.8.1.3' + - 4.2.x < 4.8.1.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -89,7 +89,8 @@ software: unaffected_versions: [] vendor_links: - https://www.wallix.com/fr/support/alerts/ - notes: Customer Portal for patch found in advisory. This patch is available to customer only and has not been reviewed by CISA. + notes: Customer Portal for patch found in advisory. This patch is available to + customer only and has not been reviewed by CISA. references: - '' - vendor: Wasp Barcode technologies @@ -163,7 +164,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'Cloud' + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -402,7 +403,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2.2 and prior' + - 2.2 and prior unaffected_versions: [] cve-2021-45046: investigated: false @@ -464,10 +465,10 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '< 22' + - < 22 - '> 26.0.0.Final' - '>= 22' - - '<= 26.0.0.Beta1' + - <= 26.0.0.Beta1 cve-2021-45046: investigated: true affected_versions: [] @@ -830,7 +831,7 @@ software: investigated: false affected_versions: [] fixed_versions: - - '6.x' + - 6.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -844,7 +845,8 @@ software: unaffected_versions: [] vendor_links: - https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ - notes: WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See advisory. + notes: WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See + advisory. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -919,8 +921,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '4.7.8' - - '4.8.x' + - 4.7.8 + - 4.8.x unaffected_versions: [] cve-2021-45046: investigated: false