From 7e47aa042993f9d08bb03b3d7b9f9de95a084331 Mon Sep 17 00:00:00 2001 From: kyle-ni <97638392+kyle-ni@users.noreply.github.com> Date: Wed, 12 Jan 2022 17:38:52 -0600 Subject: [PATCH 01/12] Update cisagov_N.yml - Updated status of NI Products - fixed typo in 'notes' - removed duplicate entry --- data/cisagov_N.yml | 39 +++++---------------------------------- 1 file changed, 5 insertions(+), 34 deletions(-) diff --git a/data/cisagov_N.yml b/data/cisagov_N.yml index 89aad2e..bd3a085 100644 --- a/data/cisagov_N.yml +++ b/data/cisagov_N.yml @@ -95,28 +95,28 @@ software: product: OptimalPlus cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html - notes: (Limited to deployments running Veritas, Cloudera, or Logstash) Contact + notes: (Limited to deployments running Vertica, Cloudera, or Logstash) Contact Technical Support references: - '' @@ -417,35 +417,6 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: NI (National Instruments) - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:54+00:00' - vendor: Nice Software (AWS) EnginFRAME product: '' cves: From a506e9ce192345f43542c38eec2b6b894fd06113 Mon Sep 17 00:00:00 2001 From: kyle-ni <97638392+kyle-ni@users.noreply.github.com> Date: Fri, 14 Jan 2022 11:05:51 -0600 Subject: [PATCH 02/12] Update data/cisagov_N.yml Co-authored-by: Lcerkov <96153185+Lcerkov@users.noreply.github.com> --- data/cisagov_N.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/data/cisagov_N.yml b/data/cisagov_N.yml index bd3a085..64cf7f5 100644 --- a/data/cisagov_N.yml +++ b/data/cisagov_N.yml @@ -96,7 +96,8 @@ software: cves: cve-2021-4104: investigated: true - affected_versions: [] + affected_versions: + -Limited to deployments running Vertica, Cloudera, or Logstash fixed_versions: [] unaffected_versions: [] cve-2021-44228: From ca1df74416c5f55d239cd5fe2a76196592e44a8a Mon Sep 17 00:00:00 2001 From: kyle-ni <97638392+kyle-ni@users.noreply.github.com> Date: Fri, 14 Jan 2022 11:06:16 -0600 Subject: [PATCH 03/12] Update data/cisagov_N.yml Co-authored-by: Lcerkov <96153185+Lcerkov@users.noreply.github.com> --- data/cisagov_N.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/data/cisagov_N.yml b/data/cisagov_N.yml index 64cf7f5..2118493 100644 --- a/data/cisagov_N.yml +++ b/data/cisagov_N.yml @@ -102,7 +102,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + -Limited to deployments running Vertica, Cloudera, or Logstash fixed_versions: [] unaffected_versions: [] cve-2021-45046: From f059c80fec7bb3a675e0437bcd2a29b35ee9d359 Mon Sep 17 00:00:00 2001 From: kyle-ni <97638392+kyle-ni@users.noreply.github.com> Date: Fri, 14 Jan 2022 11:06:32 -0600 Subject: [PATCH 04/12] Update data/cisagov_N.yml Co-authored-by: Lcerkov <96153185+Lcerkov@users.noreply.github.com> --- data/cisagov_N.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/data/cisagov_N.yml b/data/cisagov_N.yml index 2118493..4b8a4b1 100644 --- a/data/cisagov_N.yml +++ b/data/cisagov_N.yml @@ -108,7 +108,8 @@ software: unaffected_versions: [] cve-2021-45046: investigated: true - affected_versions: [] + affected_versions: + -Limited to deployments running Vertica, Cloudera, or Logstash fixed_versions: [] unaffected_versions: [] cve-2021-45105: From f2d55183123de38175488b38922447f2717432da Mon Sep 17 00:00:00 2001 From: kyle-ni <97638392+kyle-ni@users.noreply.github.com> Date: Fri, 14 Jan 2022 11:06:43 -0600 Subject: [PATCH 05/12] Update data/cisagov_N.yml Co-authored-by: Lcerkov <96153185+Lcerkov@users.noreply.github.com> --- data/cisagov_N.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/data/cisagov_N.yml b/data/cisagov_N.yml index 4b8a4b1..7f6f34a 100644 --- a/data/cisagov_N.yml +++ b/data/cisagov_N.yml @@ -114,7 +114,8 @@ software: unaffected_versions: [] cve-2021-45105: investigated: true - affected_versions: [] + affected_versions: + -Limited to deployments running Vertica, Cloudera, or Logstash fixed_versions: [] unaffected_versions: [] vendor_links: From c05750e2f6d64632ffdb9a7bf27648b8c924ef07 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Mon, 17 Jan 2022 11:45:55 -0700 Subject: [PATCH 06/12] Update cisagov_S.yml Added Samsung Electronics America --- data/cisagov_S.yml | 310 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 310 insertions(+) diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 1599d02..ca79e4d 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -755,6 +755,316 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' + - vendor: Samsung Electronics America + product: Knox Reseller Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Manage + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Admin Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Mobile Enrollment + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Configure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Asset Intelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox E-FOTA One + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Managed Services Provider (MSP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Guard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox License Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' - vendor: Sangoma product: '' cves: From f226ef21ca7abbfb2ba1897754a4c9709cb3948c Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Mon, 17 Jan 2022 14:13:47 -0700 Subject: [PATCH 07/12] Update cisagov_S.yml found whitespace at the end and removed --- data/cisagov_S.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index ca79e4d..be7667e 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -1064,7 +1064,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' + last_updated: '2022-01-17T00:00:00' - vendor: Sangoma product: '' cves: From c6fcca9b9414d91aa9aa5461a8f91851dbabcf39 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Mon, 17 Jan 2022 15:29:30 -0700 Subject: [PATCH 08/12] Update cisagov_V.yml Add VTSada vendor --- data/cisagov_V.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/data/cisagov_V.yml b/data/cisagov_V.yml index 3a62fe6..bee878a 100644 --- a/data/cisagov_V.yml +++ b/data/cisagov_V.yml @@ -2571,6 +2571,36 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' + - vendor: VTScada + product: All + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.vtscada.com/vtscada-unaffected-by-log4j/ + notes: Java is not utilized within VTScada software, and thus our users are unaffected. + references: + - '' + last_updated: '2022-01-17T00:00:00' - vendor: Vyaire product: '' cves: From 6ec7fdfb59eb32e3fb89be91d45cad14a2f657af Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Mon, 17 Jan 2022 15:47:13 -0700 Subject: [PATCH 09/12] Update cisagov_A.yml Added Atvise vendor --- data/cisagov_A.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 7a6ce38..12c2697 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -3705,6 +3705,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atvise + product: All + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen + notes: The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atviseĀ® solutions. + references: + - '' + last_updated: '2022-01-17T00:00:00' - vendor: AudioCodes product: '' cves: From db9eae4b81add8be9a7089f2424f3b4ad6f0495e Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Mon, 17 Jan 2022 16:29:01 -0700 Subject: [PATCH 10/12] Update cisagov_I.yml Added Avanti products, removed the one generic entry for Avanti. Added the affected products, will be adding the nonaffected products, which is going to be a long list. --- data/cisagov_I.yml | 142 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 136 insertions(+), 6 deletions(-) diff --git a/data/cisagov_I.yml b/data/cisagov_I.yml index 5a3cfcd..1298cc9 100644 --- a/data/cisagov_I.yml +++ b/data/cisagov_I.yml @@ -6975,7 +6975,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: Ivanti - product: '' + product: Avalanche cves: cve-2021-4104: investigated: false @@ -6983,17 +6983,19 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.2.2 + - 6.3.0 to 6.3.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -7002,5 +7004,133 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti File Director + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2019.1.* + - 2020.1.* + - 2020.3.* + - 2021.1.* + - 4.4.* + fixed_versions: + - 2021.3 HF2 + - 2021.1 HF1 + - 2020.3 HF2 + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Core. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Sentry (Core/Cloud) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 9.13 + - 9.14 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Sentry. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Core Connector. + references: + - '' + last_updated: '2022-01-18T00:00:00' ... From d9e1373aa050fd700260243c65b44a3be2482d35 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Tue, 18 Jan 2022 09:37:01 -0500 Subject: [PATCH 11/12] Update cisagov_N.yml Updating affected versions for accuracy --- data/cisagov_N.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/data/cisagov_N.yml b/data/cisagov_N.yml index 7f6f34a..6bf4b5e 100644 --- a/data/cisagov_N.yml +++ b/data/cisagov_N.yml @@ -96,8 +96,7 @@ software: cves: cve-2021-4104: investigated: true - affected_versions: - -Limited to deployments running Vertica, Cloudera, or Logstash + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: @@ -108,14 +107,12 @@ software: unaffected_versions: [] cve-2021-45046: investigated: true - affected_versions: - -Limited to deployments running Vertica, Cloudera, or Logstash + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: true - affected_versions: - -Limited to deployments running Vertica, Cloudera, or Logstash + affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: From 0a9f1d72016d6305d8876f54efb76bb96761a324 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 18 Jan 2022 14:40:23 +0000 Subject: [PATCH 12/12] Update the software list --- SOFTWARE-LIST.md | 3 +-- data/cisagov.yml | 41 ++++++----------------------------------- 2 files changed, 7 insertions(+), 37 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 659761c..7d3fe6e 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2043,7 +2043,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | N-able | | | | Unknown | [link](https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Nagios | | | | Unknown | [link](https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | NAKIVO | | | | Unknown | [link](https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| National Instruments | OptimalPlus | | | Unknown | [link](https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html) | (Limited to deployments running Veritas, Cloudera, or Logstash) Contact Technical Support | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | +| National Instruments | OptimalPlus | -, L, i, m, i, t, e, d, , t, o, , d, e, p, l, o, y, m, e, n, t, s, , r, u, n, n, i, n, g, , V, e, r, t, i, c, a, ,, , C, l, o, u, d, e, r, a, ,, , o, r, , L, o, g, s, t, a, s, h | | Affected | [link](https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html) | (Limited to deployments running Vertica, Cloudera, or Logstash) Contact Technical Support | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | | Neo4j | Neo4j Graph Database | Version >4.2, <4..2.12 | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | | Netapp | Multiple NetApp products | | | Unknown | [link](https://security.netapp.com/advisory/ntap-20211210-0007/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Netcup | | | | Unknown | [link](https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -2054,7 +2054,6 @@ NOTE: This file is automatically generated. To submit updates, please refer to | NextCloud | | | | Unknown | [link](https://help.nextcloud.com/t/apache-log4j-does-not-affect-nextcloud/129244) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Nextflow | Nextflow | | | Not Affected | [link](https://www.nextflow.io/docs/latest/index.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Nexus Group | | | | Unknown | [link](https://doc.nexusgroup.com/pages/viewpage.action?pageId=83133294) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| NI (National Instruments) | | | | Unknown | [link](https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Nice Software (AWS) EnginFRAME | | | | Unknown | [link](https://download.enginframe.com/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | NinjaRMM | | | | Unknown | [link](https://ninjarmm.zendesk.com/hc/en-us/articles/4416226194189-12-10-21-Security-Declaration-NinjaOne-not-affected-by-CVE-2021-44228-log4j-) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Nomachine | | | | Unknown | [link](https://forums.nomachine.com/topic/apache-log4j-notification) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 6111ad1..e0f2a6d 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -59699,28 +59699,28 @@ software: product: OptimalPlus cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: -Limited to deployments running Vertica, Cloudera, or Logstash fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html - notes: (Limited to deployments running Veritas, Cloudera, or Logstash) Contact + notes: (Limited to deployments running Vertica, Cloudera, or Logstash) Contact Technical Support references: - '' @@ -60021,35 +60021,6 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: NI (National Instruments) - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:54+00:00' - vendor: Nice Software (AWS) EnginFRAME product: '' cves: