From ff27c298f75014bf5994ce472311232e749e69ae Mon Sep 17 00:00:00 2001 From: Ebennetteng <60264726+Ebennetteng@users.noreply.github.com> Date: Mon, 31 Jan 2022 17:04:42 +0000 Subject: [PATCH 1/5] updated vendor --- SOFTWARE-LIST.md | 1 + 1 file changed, 1 insertion(+) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 2151d17..651f889 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2011,6 +2011,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | LOGalyze | SIEM & log analyzer tool | v4.x | | Affected | [link](https://sourceforge.net/software/product/LOGalyze/) | local-log4j-vuln-scanner result: indicator for vulnerable component found in /logalyze/lib/log4j-1.2.17.jar (org/apache/log4j/net/SocketNode.class): log4j 1.2.17 | [Forks (github.com)](https://github.com/search?q=logalyzer&s=updated&type=Repositories) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | LogiAnalytics | | | | Unknown | [link](https://devnet.logianalytics.com/hc/en-us/articles/4415781801751-Statement-on-Log4j-Vulnerability-CVE-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | LogicMonitor | LogicMonitor Platform | | | Unknown | [link](https://www.logicmonitor.com/support/log4shell-security-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Logit.io | Logit.io Platform | | | Not Affected | [link](https://logit.io/blog/post/logit-io-log4shell-security-update) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | LogMeIn | | | | Unknown | [link](https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | LogRhythm | | | | Unknown | [link](https://community.logrhythm.com/t5/Product-Security/LogRhythm-Response-to-the-Apache-Log4J-Vulnerability-Log4Shell/td-p/494068) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Looker | Looker | 21.0, 21.6, 21.12, 21.16, 21.18, 21.20 | | Affected | [link](https://docs.google.com/document/d/e/2PACX-1vQGN1AYNMHxsRQ9AZNu1bKyTGRUSK_9xkQBge-nu4p8PYvBKIYHhc3914KTfVtDFIXtDhc3k6SZnR2M/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | From eaa56a552967be16e4f68b4f8939d2b7a0ab5105 Mon Sep 17 00:00:00 2001 From: Ebennetteng <60264726+Ebennetteng@users.noreply.github.com> Date: Mon, 7 Feb 2022 09:46:00 +0000 Subject: [PATCH 2/5] add --- data/cisagov_L.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/data/cisagov_L.yml b/data/cisagov_L.yml index a1ffc81..9ddfc7c 100644 --- a/data/cisagov_L.yml +++ b/data/cisagov_L.yml @@ -2825,6 +2825,35 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Logit.io + product: '' + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://logit.io/blog/post/logit-io-log4shell-security-update + notes: '' + references: + - '' + last_updated: '2022-02-07T07:10:00+00:00' - vendor: LogRhythm product: '' cves: From 36f2f9352097644a93f12ea14a97347cb9ae5234 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 7 Feb 2022 12:33:08 -0500 Subject: [PATCH 3/5] remove entry to markdown --- SOFTWARE-LIST.md | 1 - 1 file changed, 1 deletion(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 2a2a8d0..ce6b25f 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2235,7 +2235,6 @@ NOTE: This file is automatically generated. To submit updates, please refer to | LOGalyze | SIEM & log analyzer tool | v4.x | | Affected | [link](https://sourceforge.net/software/product/LOGalyze/) | local-log4j-vuln-scanner result: indicator for vulnerable component found in /logalyze/lib/log4j-1.2.17.jar (org/apache/log4j/net/SocketNode.class): log4j 1.2.17 | [Forks (github.com)](https://github.com/search?q=logalyzer&s=updated&type=Repositories) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | LogiAnalytics | | | | Unknown | [link](https://devnet.logianalytics.com/hc/en-us/articles/4415781801751-Statement-on-Log4j-Vulnerability-CVE-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | LogicMonitor | LogicMonitor Platform | | | Unknown | [link](https://www.logicmonitor.com/support/log4shell-security-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Logit.io | Logit.io Platform | | | Not Affected | [link](https://logit.io/blog/post/logit-io-log4shell-security-update) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | LogMeIn | | | | Unknown | [link](https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | LogRhythm | | | | Unknown | [link](https://community.logrhythm.com/t5/Product-Security/LogRhythm-Response-to-the-Apache-Log4J-Vulnerability-Log4Shell/td-p/494068) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Looker | Looker | 21.0, 21.6, 21.12, 21.16, 21.18, 21.20 | | Affected | [link](https://docs.google.com/document/d/e/2PACX-1vQGN1AYNMHxsRQ9AZNu1bKyTGRUSK_9xkQBge-nu4p8PYvBKIYHhc3914KTfVtDFIXtDhc3k6SZnR2M/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | From c097be1e5f300f76bee1dca2d54110f5f45efdd1 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 7 Feb 2022 12:34:02 -0500 Subject: [PATCH 4/5] Update Logit.io product name --- data/cisagov_L.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/data/cisagov_L.yml b/data/cisagov_L.yml index 9ddfc7c..ed1c621 100644 --- a/data/cisagov_L.yml +++ b/data/cisagov_L.yml @@ -2826,7 +2826,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Logit.io - product: '' + product: Logit.io Platform cves: cve-2021-4104: investigated: true @@ -2837,7 +2837,8 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: true affected_versions: [] From 2d5443f4b731a1b3c2b1fc05346b32afeee6d17e Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Mon, 7 Feb 2022 17:43:35 +0000 Subject: [PATCH 5/5] Update the software list --- SOFTWARE-LIST.md | 1 + data/cisagov.yml | 30 ++++++++++++++++++++++++++++++ data/cisagov_L.yml | 38 +++++++++++++++++++------------------- 3 files changed, 50 insertions(+), 19 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index ce6b25f..34819f2 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2235,6 +2235,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | LOGalyze | SIEM & log analyzer tool | v4.x | | Affected | [link](https://sourceforge.net/software/product/LOGalyze/) | local-log4j-vuln-scanner result: indicator for vulnerable component found in /logalyze/lib/log4j-1.2.17.jar (org/apache/log4j/net/SocketNode.class): log4j 1.2.17 | [Forks (github.com)](https://github.com/search?q=logalyzer&s=updated&type=Repositories) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | LogiAnalytics | | | | Unknown | [link](https://devnet.logianalytics.com/hc/en-us/articles/4415781801751-Statement-on-Log4j-Vulnerability-CVE-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | LogicMonitor | LogicMonitor Platform | | | Unknown | [link](https://www.logicmonitor.com/support/log4shell-security-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Logit.io | Logit.io Platform | | | Not Affected | [link](https://logit.io/blog/post/logit-io-log4shell-security-update) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-07 | | LogMeIn | | | | Unknown | [link](https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | LogRhythm | | | | Unknown | [link](https://community.logrhythm.com/t5/Product-Security/LogRhythm-Response-to-the-Apache-Log4J-Vulnerability-Log4Shell/td-p/494068) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Looker | Looker | 21.0, 21.6, 21.12, 21.16, 21.18, 21.20 | | Affected | [link](https://docs.google.com/document/d/e/2PACX-1vQGN1AYNMHxsRQ9AZNu1bKyTGRUSK_9xkQBge-nu4p8PYvBKIYHhc3914KTfVtDFIXtDhc3k6SZnR2M/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 2f07023..78674ba 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -65900,6 +65900,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Logit.io + product: Logit.io Platform + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://logit.io/blog/post/logit-io-log4shell-security-update + notes: '' + references: + - '' + last_updated: '2022-02-07T07:10:00+00:00' - vendor: LogMeIn product: '' cves: diff --git a/data/cisagov_L.yml b/data/cisagov_L.yml index ed1c621..36b25ab 100644 --- a/data/cisagov_L.yml +++ b/data/cisagov_L.yml @@ -2796,65 +2796,65 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LogMeIn - product: '' + - vendor: Logit.io + product: Logit.io Platform cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327 + - https://logit.io/blog/post/logit-io-log4shell-security-update notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Logit.io - product: Logit.io Platform + last_updated: '2022-02-07T07:10:00+00:00' + - vendor: LogMeIn + product: '' cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://logit.io/blog/post/logit-io-log4shell-security-update + - https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327 notes: '' references: - '' - last_updated: '2022-02-07T07:10:00+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LogRhythm product: '' cves: