Merge branch 'develop' into develop

SOFTWARE-LIST.md

@@ -1241,20 +1241,34 @@ NOTE: This file is automatically generated. To submit updates, please refer to
 | GE Gas Power | Tag Mapping Service |  |  | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
 | GE Gas Power | vCenter |  |  | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power has tested and validated the update provided by Vmware. The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. | [Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
 | GE Healthcare |  |  |  | Unknown | [link](https://securityupdate.gehealthcare.com) | This advisory is not available at the time of this review, due to maintence on the GE Healthcare website. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
-| Gearset |  |  |  | Unknown | [link](https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| Gearset | All |  |  | Unknown | [link](https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
-| Genesys |  |  |  | Unknown | [link](https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| Genesys | All |  |  | Unknown | [link](https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
-| GeoServer |  |  |  | Unknown | [link](http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| GeoServer | All |  |  | Unknown | [link](http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
-| Gerrit code review |  |  |  | Unknown | [link](https://www.gerritcodereview.com/2021-12-13-log4j-statement.html) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| GeoSolutions | GeoNetwork |  | A, l, l | Fixed | [link](https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
-| GFI |  |  |  | Unknown | [link](https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| GeoSolutions | GeoServer |  |  | Not Affected | [link](https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
-| Ghidra |  |  |  | Unknown | [link](https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| Gerrit Code Review | All |  |  | Unknown | [link](https://www.gerritcodereview.com/2021-12-13-log4j-statement.html) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
-| Gigamon | Fabric Manager | <5.13.01.02 |  | Affected | [link](https://community.gigamon.com/gigamoncp/s/my-gigamon) | Updates available via the Gigamon Support Portal. This advisory available to customers only and has not been reviewed by CISA. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
+| GFI Software | All |  |  | Unknown | [link](https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| GFI Software | Kerio Connect |  |  | Fixed | [link](https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| Ghidra | All |  |  | Unknown | [link](https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| Ghisler | Total Commander |  |  | Not Affected | [link](https://www.ghisler.com/whatsnew.htm) | Third Party plugins might contain log4j. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| Gigamon | Fabric Manager |  | <5.13.01.02 | Fixed | [link](https://community.gigamon.com/gigamoncp/s/my-gigamon) | Updates available via the Gigamon Support Portal. This advisory available to customers only and has not been reviewed by CISA. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
 | GitHub | GitHub |  | GitHub.com and GitHub Enterprise Cloud | Fixed | [link](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
-| GitLab |  |  |  | Unknown | [link](https://forum.gitlab.com/t/cve-2021-4428/62763) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| GitHub | GitHub Enterprise Server |  | 3.0.22, 3.1.14, 3.2.6, 3.3.1 | Fixed | [link](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
-| Globus |  |  |  | Unknown | [link](https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| GitLab | All |  |  | Not Affected | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
-| GoAnywhere | Gateway | < 2.8.4 |  | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 |
+| GitLab | DAST Analyzer |  |  | Not Affected | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
-| GoAnywhere | MFT | < 6.8.6 |  | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 |
+| GitLab | Dependency Scanning |  |  | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
-| GoAnywhere | MFT Agents | < 1.6.5 |  | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 |
+| GitLab | Gemnasium-Maven |  |  | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
-| GoCD |  |  |  | Unknown | [link](https://www.gocd.org/2021/12/14/log4j-vulnerability.html) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| GitLab | PMD OSS |  |  | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| GitLab | SAST |  |  | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| GitLab | Spotbugs |  |  | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| Globus | All |  |  | Unknown | [link](https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| GoAnywhere | Agents |  |  | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 |
+| GoAnywhere | Gateway |  | Version 2.7.0 or later | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 |
+| GoAnywhere | MFT |  | Version 5.3.0 or later | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 |
+| GoAnywhere | MFT Agents | 1.4.2 or later |  | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | Versions less than GoAnywhere Agent version 1.4.2 are not affected. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 |
+| GoAnywhere | Open PGP Studio |  |  | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 |
+| GoAnywhere | Suveyor/400 |  |  | Not Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 |
+| GoCD | All |  |  | Unknown | [link](https://www.gocd.org/2021/12/14/log4j-vulnerability.html) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Google | Chrome |  |  | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 |
 | Google Cloud | Access Transparency |  |  | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
 | Google Cloud | Actifio |  |  | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) for the full statement and to obtain the hotfix (available to Actifio customers only). |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
@@ -1390,7 +1404,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
 | Gradle | Gradle Enterprise Build Cache Node |  | < 10.1 | Fixed | [link](https://security.gradle.com/advisory/2021-11) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Gradle | Gradle Enterprise Test Distribution Agent |  | < 1.6.2 | Fixed | [link](https://security.gradle.com/advisory/2021-11) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Grafana | All |  |  | Not Affected | [link](https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
-| Grandstream |  |  |  | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| Grandstream | All |  |  | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Gravitee | Access Management |  |  | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Gravitee | Access Management |  |  | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Gravitee | Alert Engine |  |  | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
@@ -1398,12 +1412,13 @@ NOTE: This file is automatically generated. To submit updates, please refer to
 | Gravitee | API Management |  |  | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Gravitee | API Management |  |  | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Gravitee | Cockpit |  |  | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
-| Gravitee.io |  |  |  | Unknown | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| Gravwell | All |  |  | Not Affected | [link](https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products) | Gravwell products do not use Java. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
-| Gravwell |  |  |  | Unknown | [link](https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| Graylog | All |  | 3.3.15, 4.0.14, 4.1.9, 4.2.3 | Fixed | [link](https://www.graylog.org/post/graylog-update-for-log4j) | The vulnerable Log4j library is used to record GrayLogs own log information. Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
-| Graylog | Graylog Server | All versions >= 1.2.0 and <= 4.2.2 |  | Affected | [link](https://www.graylog.org/post/graylog-update-for-log4j) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| Graylog | Graylog Server |  | All versions >= 1.2.0 and <= 4.2.2 | Fixed | [link](https://www.graylog.org/post/graylog-update-for-log4j) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
-| GreenShot |  |  |  | Unknown | [link](https://greenshot.atlassian.net/browse/BUG-2871) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| GreenShot | All |  |  | Not Affected | [link](https://greenshot.atlassian.net/browse/BUG-2871) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | GSA | Cloud.gov |  |  | Unknown | [link](https://cloud.gov/2021/12/14/log4j-buildpack-updates/) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
-| Guidewire |  |  |  | Unknown | [link](https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| GuardedBox | All |  | 3.1.2 | Fixed | [link](https://twitter.com/GuardedBox/status/1469739834117799939) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| Guidewire | All |  |  | Unknown | [link](https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | HAProxy |  |  |  | Unknown | [link](https://www.haproxy.com/blog/december-2021-log4shell-mitigation/) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | HarmanPro AMX |  |  |  | Unknown | [link](https://help.harmanpro.com/apache-log4j-vulnerability) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | HashiCorp | Boundary |  |  | Unknown | [link](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |

data/cisagov.yml

@@ -36112,7 +36112,7 @@ software:
       - ''
     last_updated: '2021-12-22T00:00:00'
   - vendor: Gearset
-    product: ''
+    product: All
     cves:
       cve-2021-4104:
         investigated: false
@@ -36141,7 +36141,7 @@ software:
       - ''
     last_updated: '2022-01-12T07:18:50+00:00'
   - vendor: Genesys
-    product: ''
+    product: All
     cves:
       cve-2021-4104:
         investigated: false
@@ -36170,7 +36170,7 @@ software:
       - ''
     last_updated: '2022-01-12T07:18:50+00:00'
   - vendor: GeoServer
-    product: ''
+    product: All
     cves:
       cve-2021-4104:
         investigated: false
@@ -36198,8 +36198,67 @@ software:
     references:
       - ''
     last_updated: '2022-01-12T07:18:50+00:00'
-  - vendor: Gerrit code review
+  - vendor: GeoSolutions
-    product: ''
+    product: GeoNetwork
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions: All
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html
+    notes: ''
+    references:
+      - ''
+    last_updated: '2021-12-16T07:18:50+00:00'
+  - vendor: GeoSolutions
+    product: GeoServer
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions:
+          - All
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html
+    notes: ''
+    references:
+      - ''
+    last_updated: '2021-12-16T07:18:50+00:00'
+  - vendor: Gerrit Code Review
+    product: All
     cves:
       cve-2021-4104:
         investigated: false
@@ -36227,8 +36286,8 @@ software:
     references:
       - ''
     last_updated: '2022-01-12T07:18:50+00:00'
-  - vendor: GFI
+  - vendor: GFI Software
-    product: ''
+    product: All
     cves:
       cve-2021-4104:
         investigated: false
@@ -36256,8 +36315,38 @@ software:
     references:
       - ''
     last_updated: '2022-01-12T07:18:50+00:00'
+  - vendor: GFI Software
+    product: Kerio Connect
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions:
+          - ''
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/
+    notes: ''
+    references:
+      - ''
+    last_updated: '2022-01-12T07:18:50+00:00'
   - vendor: Ghidra
-    product: ''
+    product: All
     cves:
       cve-2021-4104:
         investigated: false
@@ -36285,6 +36374,36 @@ software:
     references:
       - ''
     last_updated: '2022-01-12T07:18:50+00:00'
+  - vendor: Ghisler
+    product: Total Commander
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions:
+          - ''
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://www.ghisler.com/whatsnew.htm
+    notes: Third Party plugins might contain log4j.
+    references:
+      - ''
+    last_updated: '2022-01-12T07:18:50+00:00'
   - vendor: Gigamon
     product: Fabric Manager
     cves:
@@ -36295,9 +36414,9 @@ software:
         unaffected_versions: []
       cve-2021-44228:
         investigated: true
-        affected_versions:
+        affected_versions: []
+        fixed_versions:
           - <5.13.01.02
-        fixed_versions: []
         unaffected_versions: []
       cve-2021-45046:
         investigated: false
@@ -36346,8 +36465,8 @@ software:
     references:
       - ''
     last_updated: '2021-12-17T00:00:00'
-  - vendor: GitLab
+  - vendor: GitHub
-    product: ''
+    product: GitHub Enterprise Server
     cves:
       cve-2021-4104:
         investigated: false
@@ -36355,9 +36474,13 @@ software:
         fixed_versions: []
         unaffected_versions: []
       cve-2021-44228:
-        investigated: false
+        investigated: true
         affected_versions: []
-        fixed_versions: []
+        fixed_versions:
+          - 3.0.22
+          - 3.1.14
+          - 3.2.6
+          - 3.3.1
         unaffected_versions: []
       cve-2021-45046:
         investigated: false
@@ -36370,13 +36493,223 @@ software:
         fixed_versions: []
         unaffected_versions: []
     vendor_links:
-      - https://forum.gitlab.com/t/cve-2021-4428/62763
+      - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/
+    notes: ''
+    references:
+      - ''
+    last_updated: '2021-12-17T00:00:00'
+  - vendor: GitLab
+    product: All
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions:
+          - ''
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://forum.gitlab.com/t/cve-2021-4428/62763/8
+    notes: ''
+    references:
+      - ''
+    last_updated: '2022-01-12T07:18:50+00:00'
+  - vendor: GitLab
+    product: DAST Analyzer
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions:
+          - ''
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://forum.gitlab.com/t/cve-2021-4428/62763/8
+    notes: ''
+    references:
+      - ''
+    last_updated: '2022-01-12T07:18:50+00:00'
+  - vendor: GitLab
+    product: Dependency Scanning
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions:
+          - ''
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://forum.gitlab.com/t/cve-2021-4428/62763/8
+    notes: ''
+    references:
+      - ''
+    last_updated: '2022-01-12T07:18:50+00:00'
+  - vendor: GitLab
+    product: Gemnasium-Maven
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions:
+          - ''
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://forum.gitlab.com/t/cve-2021-4428/62763/8
+    notes: ''
+    references:
+      - ''
+    last_updated: '2022-01-12T07:18:50+00:00'
+  - vendor: GitLab
+    product: PMD OSS
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions:
+          - ''
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://forum.gitlab.com/t/cve-2021-4428/62763/8
+    notes: ''
+    references:
+      - ''
+    last_updated: '2022-01-12T07:18:50+00:00'
+  - vendor: GitLab
+    product: SAST
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions:
+          - ''
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://forum.gitlab.com/t/cve-2021-4428/62763/8
+    notes: ''
+    references:
+      - ''
+    last_updated: '2022-01-12T07:18:50+00:00'
+  - vendor: GitLab
+    product: Spotbugs
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions:
+          - ''
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://forum.gitlab.com/t/cve-2021-4428/62763/8
     notes: ''
     references:
       - ''
     last_updated: '2022-01-12T07:18:50+00:00'
   - vendor: Globus
-    product: ''
+    product: All
     cves:
       cve-2021-4104:
         investigated: false
@@ -36404,6 +36737,36 @@ software:
     references:
       - ''
     last_updated: '2022-01-12T07:18:50+00:00'
+  - vendor: GoAnywhere
+    product: Agents
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions:
+          - ''
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps
+    notes: ''
+    references:
+      - ''
+    last_updated: '2021-12-18T00:00:00'
   - vendor: GoAnywhere
     product: Gateway
     cves:
@@ -36414,9 +36777,9 @@ software:
         unaffected_versions: []
       cve-2021-44228:
         investigated: true
-        affected_versions:
+        affected_versions: []
-          - < 2.8.4
+        fixed_versions:
-        fixed_versions: []
+          - Version 2.7.0 or later
         unaffected_versions: []
       cve-2021-45046:
         investigated: false
@@ -36444,9 +36807,9 @@ software:
         unaffected_versions: []
       cve-2021-44228:
         investigated: true
-        affected_versions:
+        affected_versions: []
-          - < 6.8.6
+        fixed_versions:
-        fixed_versions: []
+          - Version 5.3.0 or later
         unaffected_versions: []
       cve-2021-45046:
         investigated: false
@@ -36475,7 +36838,7 @@ software:
       cve-2021-44228:
         investigated: true
         affected_versions:
-          - < 1.6.5
+          - 1.4.2 or later
         fixed_versions: []
         unaffected_versions: []
       cve-2021-45046:
@@ -36490,12 +36853,72 @@ software:
         unaffected_versions: []
     vendor_links:
       - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps
+    notes: Versions less than GoAnywhere Agent version 1.4.2 are not affected.
+    references:
+      - ''
+    last_updated: '2021-12-18T00:00:00'
+  - vendor: GoAnywhere
+    product: Open PGP Studio
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions:
+          - ''
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps
+    notes: ''
+    references:
+      - ''
+    last_updated: '2021-12-18T00:00:00'
+  - vendor: GoAnywhere
+    product: Suveyor/400
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions:
+          - ''
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps
     notes: ''
     references:
       - ''
     last_updated: '2021-12-18T00:00:00'
   - vendor: GoCD
-    product: ''
+    product: All
     cves:
       cve-2021-4104:
         investigated: false
@@ -36535,7 +36958,8 @@ software:
         investigated: true
         affected_versions: []
         fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
+          - ''
       cve-2021-45046:
         investigated: true
         affected_versions: []
@@ -40778,7 +41202,7 @@ software:
       - ''
     last_updated: '2022-01-12T07:18:50+00:00'
   - vendor: Grandstream
-    product: ''
+    product: All
     cves:
       cve-2021-4104:
         investigated: false
@@ -41016,37 +41440,8 @@ software:
     references:
       - ''
     last_updated: '2022-01-12T07:18:50+00:00'
-  - vendor: Gravitee.io
-    product: ''
-    cves:
-      cve-2021-4104:
-        investigated: false
-        affected_versions: []
-        fixed_versions: []
-        unaffected_versions: []
-      cve-2021-44228:
-        investigated: false
-        affected_versions: []
-        fixed_versions: []
-        unaffected_versions: []
-      cve-2021-45046:
-        investigated: false
-        affected_versions: []
-        fixed_versions: []
-        unaffected_versions: []
-      cve-2021-45105:
-        investigated: false
-        affected_versions: []
-        fixed_versions: []
-        unaffected_versions: []
-    vendor_links:
-      - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability
-    notes: ''
-    references:
-      - ''
-    last_updated: '2022-01-12T07:18:50+00:00'
   - vendor: Gravwell
-    product: ''
+    product: All
     cves:
       cve-2021-4104:
         investigated: false
@@ -41054,10 +41449,11 @@ software:
         fixed_versions: []
         unaffected_versions: []
       cve-2021-44228:
-        investigated: false
+        investigated: true
         affected_versions: []
         fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
+          - ''
       cve-2021-45046:
         investigated: false
         affected_versions: []
@@ -41070,7 +41466,42 @@ software:
         unaffected_versions: []
     vendor_links:
       - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products
-    notes: ''
+    notes: Gravwell products do not use Java.
+    references:
+      - ''
+    last_updated: '2022-01-12T07:18:50+00:00'
+  - vendor: Graylog
+    product: All
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions:
+          - 3.3.15
+          - 4.0.14
+          - 4.1.9
+          - 4.2.3
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://www.graylog.org/post/graylog-update-for-log4j
+    notes: The vulnerable Log4j library is used to record GrayLogs own log information.
+      Vulnerability is not triggered when GrayLog stores exploitation vector from
+      an outer system.
     references:
       - ''
     last_updated: '2022-01-12T07:18:50+00:00'
@@ -41084,9 +41515,9 @@ software:
         unaffected_versions: []
       cve-2021-44228:
         investigated: true
-        affected_versions:
+        affected_versions: []
+        fixed_versions:
           - All versions >= 1.2.0 and <= 4.2.2
-        fixed_versions: []
         unaffected_versions: []
       cve-2021-45046:
         investigated: false
@@ -41105,7 +41536,7 @@ software:
       - ''
     last_updated: '2022-01-12T07:18:50+00:00'
   - vendor: GreenShot
-    product: ''
+    product: All
     cves:
       cve-2021-4104:
         investigated: false
@@ -41113,10 +41544,11 @@ software:
         fixed_versions: []
         unaffected_versions: []
       cve-2021-44228:
-        investigated: false
+        investigated: true
         affected_versions: []
         fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
+          - ''
       cve-2021-45046:
         investigated: false
         affected_versions: []
@@ -41162,8 +41594,38 @@ software:
     references:
       - ''
     last_updated: '2021-12-21T00:00:00'
+  - vendor: GuardedBox
+    product: All
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions:
+          - 3.1.2
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://twitter.com/GuardedBox/status/1469739834117799939
+    notes: ''
+    references:
+      - ''
+    last_updated: '2022-01-12T07:18:50+00:00'
   - vendor: Guidewire
-    product: ''
+    product: All
     cves:
       cve-2021-4104:
         investigated: false

data/cisagov_G.yml

@@ -471,8 +471,7 @@ software:
       cve-2021-44228:
         investigated: true
         affected_versions: []
-        fixed_versions:
+        fixed_versions: All
-          'All'
         unaffected_versions: []
       cve-2021-45046:
         investigated: false
@@ -503,7 +502,7 @@ software:
         affected_versions: []
         fixed_versions: []
         unaffected_versions:
-          - 'All'
+          - All
       cve-2021-45046:
         investigated: false
         affected_versions: []
@@ -679,7 +678,7 @@ software:
         investigated: true
         affected_versions: []
         fixed_versions:
-          - '<5.13.01.02'
+          - <5.13.01.02
         unaffected_versions: []
       cve-2021-45046:
         investigated: false
@@ -740,10 +739,10 @@ software:
         investigated: true
         affected_versions: []
         fixed_versions:
-          - '3.0.22'
+          - 3.0.22
-          - '3.1.14'
+          - 3.1.14
-          - '3.2.6'
+          - 3.2.6
-          - '3.3.1'
+          - 3.3.1
         unaffected_versions: []
       cve-2021-45046:
         investigated: false
@@ -1042,7 +1041,7 @@ software:
         investigated: true
         affected_versions: []
         fixed_versions:
-          - 'Version 2.7.0 or later'
+          - Version 2.7.0 or later
         unaffected_versions: []
       cve-2021-45046:
         investigated: false
@@ -1072,7 +1071,7 @@ software:
         investigated: true
         affected_versions: []
         fixed_versions:
-          - 'Version 5.3.0 or later'
+          - Version 5.3.0 or later
         unaffected_versions: []
       cve-2021-45046:
         investigated: false
@@ -1101,7 +1100,7 @@ software:
       cve-2021-44228:
         investigated: true
         affected_versions:
-          - '1.4.2 or later'
+          - 1.4.2 or later
         fixed_versions: []
         unaffected_versions: []
       cve-2021-45046:
@@ -5356,7 +5355,7 @@ software:
         investigated: true
         affected_versions: []
         fixed_versions:
-          - '< 2021.3.6'
+          - < 2021.3.6
         unaffected_versions: []
       cve-2021-45046:
         investigated: false
@@ -5386,7 +5385,7 @@ software:
         investigated: true
         affected_versions: []
         fixed_versions:
-          - '< 10.1'
+          - < 10.1
         unaffected_versions: []
       cve-2021-45046:
         investigated: false
@@ -5416,7 +5415,7 @@ software:
         investigated: true
         affected_versions: []
         fixed_versions:
-          - '< 1.6.2'
+          - < 1.6.2
         unaffected_versions: []
       cve-2021-45046:
         investigated: false
@@ -5506,7 +5505,7 @@ software:
         affected_versions: []
         fixed_versions: []
         unaffected_versions:
-          - '3.10.x'
+          - 3.10.x
       cve-2021-45046:
         investigated: false
         affected_versions: []
@@ -5536,7 +5535,7 @@ software:
         affected_versions: []
         fixed_versions: []
         unaffected_versions:
-          - '3.5.x'
+          - 3.5.x
       cve-2021-45046:
         investigated: false
         affected_versions: []
@@ -5566,7 +5565,7 @@ software:
         affected_versions: []
         fixed_versions: []
         unaffected_versions:
-          - '1.5.x'
+          - 1.5.x
       cve-2021-45046:
         investigated: false
         affected_versions: []
@@ -5596,7 +5595,7 @@ software:
         affected_versions: []
         fixed_versions: []
         unaffected_versions:
-          - '1.4.x'
+          - 1.4.x
       cve-2021-45046:
         investigated: false
         affected_versions: []
@@ -5626,7 +5625,7 @@ software:
         affected_versions: []
         fixed_versions: []
         unaffected_versions:
-          - '3.10.x'
+          - 3.10.x
       cve-2021-45046:
         investigated: false
         affected_versions: []
@@ -5656,7 +5655,7 @@ software:
         affected_versions: []
         fixed_versions: []
         unaffected_versions:
-          - '3.5.x'
+          - 3.5.x
       cve-2021-45046:
         investigated: false
         affected_versions: []
@@ -5686,7 +5685,7 @@ software:
         affected_versions: []
         fixed_versions: []
         unaffected_versions:
-          - '1.4.x'
+          - 1.4.x
       cve-2021-45046:
         investigated: false
         affected_versions: []
@@ -5745,10 +5744,10 @@ software:
         investigated: true
         affected_versions: []
         fixed_versions:
-          - '3.3.15'
+          - 3.3.15
-          - '4.0.14'
+          - 4.0.14
-          - '4.1.9'
+          - 4.1.9
-          - '4.2.3'
+          - 4.2.3
         unaffected_versions: []
       cve-2021-45046:
         investigated: false
@@ -5763,7 +5762,8 @@ software:
     vendor_links:
       - https://www.graylog.org/post/graylog-update-for-log4j
     notes: The vulnerable Log4j library is used to record GrayLogs own log information.
-      Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system.
+      Vulnerability is not triggered when GrayLog stores exploitation vector from
+      an outer system.
     references:
       - ''
     last_updated: '2022-01-12T07:18:50+00:00'
@@ -5779,7 +5779,7 @@ software:
         investigated: true
         affected_versions: []
         fixed_versions:
-          - 'All versions >= 1.2.0 and <= 4.2.2'
+          - All versions >= 1.2.0 and <= 4.2.2
         unaffected_versions: []
       cve-2021-45046:
         investigated: false
@@ -5868,7 +5868,7 @@ software:
         investigated: true
         affected_versions: []
         fixed_versions:
-          - '3.1.2'
+          - 3.1.2
         unaffected_versions: []
       cve-2021-45046:
         investigated: false