r3pek
/
log4j-affected-db
mirror of https://github.com/cisagov/log4j-affected-db
1
0
Fork 0
Code Releases Activity

Merge branch 'develop' into develop

Browse Source
pull/486/head
justmurphy 2 years ago committed by GitHub
parent 69a0b2e987 43574fc601
commit 8c3ce4b744
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 565 additions and 88 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 53
      SOFTWARE-LIST.md
  2. 544
      data/cisagov.yml
  3. 56
      data/cisagov_G.yml

53
SOFTWARE-LIST.md
Unescape View File

@ -1241,20 +1241,34 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| GE Gas Power | Tag Mapping Service | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| GE Gas Power | vCenter | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power has tested and validated the update provided by Vmware. The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. | [Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| GE Healthcare | | | | Unknown | [link](https://securityupdate.gehealthcare.com) | This advisory is not available at the time of this review, due to maintence on the GE Healthcare website. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| Gearset | | | | Unknown | [link](https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Genesys | | | | Unknown | [link](https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| GeoServer | | | | Unknown | [link](http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gerrit code review | | | | Unknown | [link](https://www.gerritcodereview.com/2021-12-13-log4j-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| GFI | | | | Unknown | [link](https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Ghidra | | | | Unknown | [link](https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gigamon | Fabric Manager | <5.13.01.02 | | Affected | [link](https://community.gigamon.com/gigamoncp/s/my-gigamon) | Updates available via the Gigamon Support Portal. This advisory available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Gearset | All | | | Unknown | [link](https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Genesys | All | | | Unknown | [link](https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| GeoServer | All | | | Unknown | [link](http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| GeoSolutions | GeoNetwork | | A, l, l | Fixed | [link](https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| GeoSolutions | GeoServer | | | Not Affected | [link](https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| Gerrit Code Review | All | | | Unknown | [link](https://www.gerritcodereview.com/2021-12-13-log4j-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| GFI Software | All | | | Unknown | [link](https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| GFI Software | Kerio Connect | | | Fixed | [link](https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Ghidra | All | | | Unknown | [link](https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Ghisler | Total Commander | | | Not Affected | [link](https://www.ghisler.com/whatsnew.htm) | Third Party plugins might contain log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gigamon | Fabric Manager | | <5.13.01.02 | Fixed | [link](https://community.gigamon.com/gigamoncp/s/my-gigamon) | Updates available via the Gigamon Support Portal. This advisory available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| GitHub | GitHub | | GitHub.com and GitHub Enterprise Cloud | Fixed | [link](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| GitLab | | | | Unknown | [link](https://forum.gitlab.com/t/cve-2021-4428/62763) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Globus | | | | Unknown | [link](https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| GoAnywhere | Gateway | < 2.8.4 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 |
| GoAnywhere | MFT | < 6.8.6 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 |
| GoAnywhere | MFT Agents | < 1.6.5 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 |
| GoCD | | | | Unknown | [link](https://www.gocd.org/2021/12/14/log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| GitHub | GitHub Enterprise Server | | 3.0.22, 3.1.14, 3.2.6, 3.3.1 | Fixed | [link](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| GitLab | All | | | Not Affected | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| GitLab | DAST Analyzer | | | Not Affected | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| GitLab | Dependency Scanning | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| GitLab | Gemnasium-Maven | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| GitLab | PMD OSS | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| GitLab | SAST | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| GitLab | Spotbugs | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Globus | All | | | Unknown | [link](https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| GoAnywhere | Agents | | | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 |
| GoAnywhere | Gateway | | Version 2.7.0 or later | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 |
| GoAnywhere | MFT | | Version 5.3.0 or later | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 |
| GoAnywhere | MFT Agents | 1.4.2 or later | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | Versions less than GoAnywhere Agent version 1.4.2 are not affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 |
| GoAnywhere | Open PGP Studio | | | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 |
| GoAnywhere | Suveyor/400 | | | Not Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 |
| GoCD | All | | | Unknown | [link](https://www.gocd.org/2021/12/14/log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Google | Chrome | | | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 |
| Google Cloud | Access Transparency | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Google Cloud | Actifio | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) for the full statement and to obtain the hotfix (available to Actifio customers only). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
@ -1390,7 +1404,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| Gradle | Gradle Enterprise Build Cache Node | | < 10.1 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gradle | Gradle Enterprise Test Distribution Agent | | < 1.6.2 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Grafana | All | | | Not Affected | [link](https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Grandstream | | | | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Grandstream | All | | | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gravitee | Alert Engine | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
@ -1398,12 +1412,13 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| Gravitee | API Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gravitee | API Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gravitee | Cockpit | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gravitee.io | | | | Unknown | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gravwell | | | | Unknown | [link](https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Graylog | Graylog Server | All versions >= 1.2.0 and <= 4.2.2 | | Affected | [link](https://www.graylog.org/post/graylog-update-for-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| GreenShot | | | | Unknown | [link](https://greenshot.atlassian.net/browse/BUG-2871) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Gravwell | All | | | Not Affected | [link](https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products) | Gravwell products do not use Java. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Graylog | All | | 3.3.15, 4.0.14, 4.1.9, 4.2.3 | Fixed | [link](https://www.graylog.org/post/graylog-update-for-log4j) | The vulnerable Log4j library is used to record GrayLogs own log information. Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Graylog | Graylog Server | | All versions >= 1.2.0 and <= 4.2.2 | Fixed | [link](https://www.graylog.org/post/graylog-update-for-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| GreenShot | All | | | Not Affected | [link](https://greenshot.atlassian.net/browse/BUG-2871) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| GSA | Cloud.gov | | | Unknown | [link](https://cloud.gov/2021/12/14/log4j-buildpack-updates/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Guidewire | | | | Unknown | [link](https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| GuardedBox | All | | 3.1.2 | Fixed | [link](https://twitter.com/GuardedBox/status/1469739834117799939) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Guidewire | All | | | Unknown | [link](https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| HAProxy | | | | Unknown | [link](https://www.haproxy.com/blog/december-2021-log4shell-mitigation/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| HarmanPro AMX | | | | Unknown | [link](https://help.harmanpro.com/apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| HashiCorp | Boundary | | | Unknown | [link](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |

544
data/cisagov.yml
Unescape View File

@ -36112,7 +36112,7 @@ software:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Gearset
product: ''
product: All
cves:
cve-2021-4104:
investigated: false
@ -36141,7 +36141,7 @@ software:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Genesys
product: ''
product: All
cves:
cve-2021-4104:
investigated: false
@ -36170,7 +36170,7 @@ software:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GeoServer
product: ''
product: All
cves:
cve-2021-4104:
investigated: false
@ -36198,8 +36198,67 @@ software:
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gerrit code review
product: ''
- vendor: GeoSolutions
product: GeoNetwork
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: All
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html
notes: ''
references:
- ''
last_updated: '2021-12-16T07:18:50+00:00'
- vendor: GeoSolutions
product: GeoServer
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html
notes: ''
references:
- ''
last_updated: '2021-12-16T07:18:50+00:00'
- vendor: Gerrit Code Review
product: All
cves:
cve-2021-4104:
investigated: false
@ -36227,8 +36286,8 @@ software:
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GFI
product: ''
- vendor: GFI Software
product: All
cves:
cve-2021-4104:
investigated: false
@ -36256,8 +36315,38 @@ software:
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GFI Software
product: Kerio Connect
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Ghidra
product: ''
product: All
cves:
cve-2021-4104:
investigated: false
@ -36285,6 +36374,36 @@ software:
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Ghisler
product: Total Commander
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ghisler.com/whatsnew.htm
notes: Third Party plugins might contain log4j.
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gigamon
product: Fabric Manager
cves:
@ -36295,9 +36414,9 @@ software:
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
affected_versions: []
fixed_versions:
- <5.13.01.02
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -36346,8 +36465,41 @@ software:
references:
- ''
last_updated: '2021-12-17T00:00:00'
- vendor: GitHub
product: GitHub Enterprise Server
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- 3.0.22
- 3.1.14
- 3.2.6
- 3.3.1
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/
notes: ''
references:
- ''
last_updated: '2021-12-17T00:00:00'
- vendor: GitLab
product: ''
product: All
cves:
cve-2021-4104:
investigated: false
@ -36355,10 +36507,41 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763/8
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GitLab
product: DAST Analyzer
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
@ -36370,13 +36553,163 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763
- https://forum.gitlab.com/t/cve-2021-4428/62763/8
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GitLab
product: Dependency Scanning
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763/8
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GitLab
product: Gemnasium-Maven
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763/8
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GitLab
product: PMD OSS
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763/8
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GitLab
product: SAST
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763/8
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GitLab
product: Spotbugs
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763/8
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Globus
product: ''
product: All
cves:
cve-2021-4104:
investigated: false
@ -36405,7 +36738,7 @@ software:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GoAnywhere
product: Gateway
product: Agents
cves:
cve-2021-4104:
investigated: false
@ -36414,10 +36747,40 @@ software:
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- < 2.8.4
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps
notes: ''
references:
- ''
last_updated: '2021-12-18T00:00:00'
- vendor: GoAnywhere
product: Gateway
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- Version 2.7.0 or later
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
@ -36444,9 +36807,9 @@ software:
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- < 6.8.6
fixed_versions: []
affected_versions: []
fixed_versions:
- Version 5.3.0 or later
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -36475,9 +36838,69 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
- < 1.6.5
- 1.4.2 or later
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps
notes: Versions less than GoAnywhere Agent version 1.4.2 are not affected.
references:
- ''
last_updated: '2021-12-18T00:00:00'
- vendor: GoAnywhere
product: Open PGP Studio
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps
notes: ''
references:
- ''
last_updated: '2021-12-18T00:00:00'
- vendor: GoAnywhere
product: Suveyor/400
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
@ -36495,7 +36918,7 @@ software:
- ''
last_updated: '2021-12-18T00:00:00'
- vendor: GoCD
product: ''
product: All
cves:
cve-2021-4104:
investigated: false
@ -36535,7 +36958,8 @@ software:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: true
affected_versions: []
@ -40778,7 +41202,7 @@ software:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Grandstream
product: ''
product: All
cves:
cve-2021-4104:
investigated: false
@ -41016,8 +41440,8 @@ software:
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gravitee.io
product: ''
- vendor: Gravwell
product: All
cves:
cve-2021-4104:
investigated: false
@ -41025,10 +41449,11 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
@ -41040,13 +41465,13 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability
notes: ''
- https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products
notes: Gravwell products do not use Java.
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gravwell
product: ''
- vendor: Graylog
product: All
cves:
cve-2021-4104:
investigated: false
@ -41054,9 +41479,13 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
fixed_versions:
- 3.3.15
- 4.0.14
- 4.1.9
- 4.2.3
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -41069,8 +41498,10 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products
notes: ''
- https://www.graylog.org/post/graylog-update-for-log4j
notes: The vulnerable Log4j library is used to record GrayLogs own log information.
Vulnerability is not triggered when GrayLog stores exploitation vector from
an outer system.
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
@ -41084,9 +41515,9 @@ software:
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
affected_versions: []
fixed_versions:
- All versions >= 1.2.0 and <= 4.2.2
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -41105,7 +41536,7 @@ software:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GreenShot
product: ''
product: All
cves:
cve-2021-4104:
investigated: false
@ -41113,10 +41544,11 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
@ -41162,8 +41594,38 @@ software:
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: GuardedBox
product: All
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- 3.1.2
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://twitter.com/GuardedBox/status/1469739834117799939
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Guidewire
product: ''
product: All
cves:
cve-2021-4104:
investigated: false

56
data/cisagov_G.yml
Unescape View File

@ -471,8 +471,7 @@ software:
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
'All'
fixed_versions: All
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -503,7 +502,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 'All'
- All
cve-2021-45046:
investigated: false
affected_versions: []
@ -679,7 +678,7 @@ software:
investigated: true
affected_versions: []
fixed_versions:
- '<5.13.01.02'
- <5.13.01.02
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -740,10 +739,10 @@ software:
investigated: true
affected_versions: []
fixed_versions:
- '3.0.22'
- '3.1.14'
- '3.2.6'
- '3.3.1'
- 3.0.22
- 3.1.14
- 3.2.6
- 3.3.1
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -1042,7 +1041,7 @@ software:
investigated: true
affected_versions: []
fixed_versions:
- 'Version 2.7.0 or later'
- Version 2.7.0 or later
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -1072,7 +1071,7 @@ software:
investigated: true
affected_versions: []
fixed_versions:
- 'Version 5.3.0 or later'
- Version 5.3.0 or later
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -1101,7 +1100,7 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
- '1.4.2 or later'
- 1.4.2 or later
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -5356,7 +5355,7 @@ software:
investigated: true
affected_versions: []
fixed_versions:
- '< 2021.3.6'
- < 2021.3.6
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -5386,7 +5385,7 @@ software:
investigated: true
affected_versions: []
fixed_versions:
- '< 10.1'
- < 10.1
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -5416,7 +5415,7 @@ software:
investigated: true
affected_versions: []
fixed_versions:
- '< 1.6.2'
- < 1.6.2
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -5506,7 +5505,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- '3.10.x'
- 3.10.x
cve-2021-45046:
investigated: false
affected_versions: []
@ -5536,7 +5535,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- '3.5.x'
- 3.5.x
cve-2021-45046:
investigated: false
affected_versions: []
@ -5566,7 +5565,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- '1.5.x'
- 1.5.x
cve-2021-45046:
investigated: false
affected_versions: []
@ -5596,7 +5595,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- '1.4.x'
- 1.4.x
cve-2021-45046:
investigated: false
affected_versions: []
@ -5626,7 +5625,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- '3.10.x'
- 3.10.x
cve-2021-45046:
investigated: false
affected_versions: []
@ -5656,7 +5655,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- '3.5.x'
- 3.5.x
cve-2021-45046:
investigated: false
affected_versions: []
@ -5686,7 +5685,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- '1.4.x'
- 1.4.x
cve-2021-45046:
investigated: false
affected_versions: []
@ -5745,10 +5744,10 @@ software:
investigated: true
affected_versions: []
fixed_versions:
- '3.3.15'
- '4.0.14'
- '4.1.9'
- '4.2.3'
- 3.3.15
- 4.0.14
- 4.1.9
- 4.2.3
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -5763,7 +5762,8 @@ software:
vendor_links:
- https://www.graylog.org/post/graylog-update-for-log4j
notes: The vulnerable Log4j library is used to record GrayLogs own log information.
Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system.
Vulnerability is not triggered when GrayLog stores exploitation vector from
an outer system.
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
@ -5779,7 +5779,7 @@ software:
investigated: true
affected_versions: []
fixed_versions:
- 'All versions >= 1.2.0 and <= 4.2.2'
- All versions >= 1.2.0 and <= 4.2.2
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -5868,7 +5868,7 @@ software:
investigated: true
affected_versions: []
fixed_versions:
- '3.1.2'
- 3.1.2
unaffected_versions: []
cve-2021-45046:
investigated: false

Write Preview
Loading…
Cancel
Save