r3pek
/
log4j-affected-db
mirror of https://github.com/cisagov/log4j-affected-db
1
0
Fork 0
Code Releases Activity

Merge branch 'develop' into patch-3

Browse Source
pull/441/head
Lcerkov 2 years ago committed by GitHub
parent 50a3b88ade 466421846d
commit 996caa1d0b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 517 additions and 75 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      SOFTWARE-LIST.md
  2. 41
      data/cisagov.yml
  3. 30
      data/cisagov_A.yml
  4. 136
      data/cisagov_I.yml
  5. 42
      data/cisagov_N.yml
  6. 310
      data/cisagov_S.yml
  7. 30
      data/cisagov_V.yml

3
SOFTWARE-LIST.md
Unescape View File

@ -2043,7 +2043,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| N-able | | | | Unknown | [link](https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Nagios | | | | Unknown | [link](https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| NAKIVO | | | | Unknown | [link](https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| National Instruments | OptimalPlus | | | Unknown | [link](https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html) | (Limited to deployments running Veritas, Cloudera, or Logstash) Contact Technical Support | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 |
| National Instruments | OptimalPlus | -, L, i, m, i, t, e, d, , t, o, , d, e, p, l, o, y, m, e, n, t, s, , r, u, n, n, i, n, g, , V, e, r, t, i, c, a, ,, , C, l, o, u, d, e, r, a, ,, , o, r, , L, o, g, s, t, a, s, h | | Affected | [link](https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html) | (Limited to deployments running Vertica, Cloudera, or Logstash) Contact Technical Support | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 |
| Neo4j | Neo4j Graph Database | Version >4.2, <4..2.12 | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 |
| Netapp | Multiple NetApp products | | | Unknown | [link](https://security.netapp.com/advisory/ntap-20211210-0007/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Netcup | | | | Unknown | [link](https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
@ -2054,7 +2054,6 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| NextCloud | | | | Unknown | [link](https://help.nextcloud.com/t/apache-log4j-does-not-affect-nextcloud/129244) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Nextflow | Nextflow | | | Not Affected | [link](https://www.nextflow.io/docs/latest/index.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Nexus Group | | | | Unknown | [link](https://doc.nexusgroup.com/pages/viewpage.action?pageId=83133294) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| NI (National Instruments) | | | | Unknown | [link](https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Nice Software (AWS) EnginFRAME | | | | Unknown | [link](https://download.enginframe.com/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| NinjaRMM | | | | Unknown | [link](https://ninjarmm.zendesk.com/hc/en-us/articles/4416226194189-12-10-21-Security-Declaration-NinjaOne-not-affected-by-CVE-2021-44228-log4j-) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Nomachine | | | | Unknown | [link](https://forums.nomachine.com/topic/apache-log4j-notification) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |

41
data/cisagov.yml
Unescape View File

@ -59699,28 +59699,28 @@ software:
product: OptimalPlus
cves:
cve-2021-4104:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
investigated: true
affected_versions: -Limited to deployments running Vertica, Cloudera, or Logstash
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html
notes: (Limited to deployments running Veritas, Cloudera, or Logstash) Contact
notes: (Limited to deployments running Vertica, Cloudera, or Logstash) Contact
Technical Support
references:
- ''
@ -60021,35 +60021,6 @@ software:
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: NI (National Instruments)
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: Nice Software (AWS) EnginFRAME
product: ''
cves:

30
data/cisagov_A.yml
Unescape View File

@ -3705,6 +3705,36 @@ software:
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Atvise
product: All
cves:
cve-2021-4104:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen
notes: The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise® solutions.
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: AudioCodes
product: ''
cves:

136
data/cisagov_I.yml
Unescape View File

@ -6975,7 +6975,38 @@ software:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: Ivanti
product: ''
product: Avalanche
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 6.2.2
- 6.3.0 to 6.3.3
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US
notes: ''
references:
- ''
last_updated: '2022-01-18T00:00:00'
- vendor: Ivanti
product: Ivanti File Director
cves:
cve-2021-4104:
investigated: false
@ -6983,24 +7014,123 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 2019.1.*
- 2020.1.*
- 2020.3.*
- 2021.1.*
- 4.4.*
fixed_versions:
- 2021.3 HF2
- 2021.1 HF1
- 2020.3 HF2
unaffected_versions: []
cve-2021-45046:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US
notes: ''
references:
- ''
last_updated: '2022-01-18T00:00:00'
- vendor: Ivanti
product: MobileIron Core
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- All
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US
notes: See Advisory details for mitigation instructions for MobileIron Core.
references:
- ''
last_updated: '2022-01-18T00:00:00'
- vendor: Ivanti
product: MobileIron Sentry (Core/Cloud)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 9.13
- 9.14
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US
notes: See Advisory details for mitigation instructions for MobileIron Sentry.
references:
- ''
last_updated: '2022-01-18T00:00:00'
- vendor: Ivanti
product: MobileIron Core Connector
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- All
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US
notes: ''
notes: See Advisory details for mitigation instructions for MobileIron Core Connector.
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-18T00:00:00'
...

42
data/cisagov_N.yml
Unescape View File

@ -95,28 +95,29 @@ software:
product: OptimalPlus
cves:
cve-2021-4104:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
investigated: true
affected_versions:
-Limited to deployments running Vertica, Cloudera, or Logstash
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html
notes: (Limited to deployments running Veritas, Cloudera, or Logstash) Contact
notes: (Limited to deployments running Vertica, Cloudera, or Logstash) Contact
Technical Support
references:
- ''
@ -417,35 +418,6 @@ software:
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: NI (National Instruments)
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: Nice Software (AWS) EnginFRAME
product: ''
cves:

310
data/cisagov_S.yml
Unescape View File

@ -755,6 +755,316 @@ software:
references:
- ''
last_updated: '2021-12-15T00:00:00'
- vendor: Samsung Electronics America
product: Knox Reseller Portal
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- Cloud
unaffected_versions: []
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions:
- Cloud
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox Manage
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- Cloud
unaffected_versions: []
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions:
- Cloud
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox Admin Portal
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox Mobile Enrollment
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox Configure
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox Asset Intelligence
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox E-FOTA One
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox Managed Services Provider (MSP)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox Guard
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox License Management
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Sangoma
product: ''
cves:

30
data/cisagov_V.yml
Unescape View File

@ -2571,6 +2571,36 @@ software:
references:
- ''
last_updated: '2021-12-12T00:00:00'
- vendor: VTScada
product: All
cves:
cve-2021-4104:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.vtscada.com/vtscada-unaffected-by-log4j/
notes: Java is not utilized within VTScada software, and thus our users are unaffected.
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Vyaire
product: ''
cves:

Write Preview
Loading…
Cancel
Save