r3pek/log4j-affected-db
1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-22 00:20:47 +00:00
Code Releases Activity

Merge branch 'develop' into patch-3

Browse source
This commit is contained in:
Lcerkov 2022-01-18 10:47:42 -05:00 committed by GitHub
commit 996caa1d0b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 520 additions and 78 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
SOFTWARE-LIST.md
View file

@ -2043,7 +2043,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| N-able | | | | Unknown | [link](https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Nagios | | | | Unknown | [link](https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| NAKIVO | | | | Unknown | [link](https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| National Instruments | OptimalPlus | | | Unknown | [link](https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html) | (Limited to deployments running Veritas, Cloudera, or Logstash) Contact Technical Support | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 |
| National Instruments | OptimalPlus | -, L, i, m, i, t, e, d, , t, o, , d, e, p, l, o, y, m, e, n, t, s, , r, u, n, n, i, n, g, , V, e, r, t, i, c, a, ,, , C, l, o, u, d, e, r, a, ,, , o, r, , L, o, g, s, t, a, s, h | | Affected | [link](https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html) | (Limited to deployments running Vertica, Cloudera, or Logstash) Contact Technical Support | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 |
| Neo4j | Neo4j Graph Database | Version >4.2, <4..2.12 | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 |
| Netapp | Multiple NetApp products | | | Unknown | [link](https://security.netapp.com/advisory/ntap-20211210-0007/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Netcup | | | | Unknown | [link](https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
@ -2054,7 +2054,6 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| NextCloud | | | | Unknown | [link](https://help.nextcloud.com/t/apache-log4j-does-not-affect-nextcloud/129244) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Nextflow | Nextflow | | | Not Affected | [link](https://www.nextflow.io/docs/latest/index.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Nexus Group | | | | Unknown | [link](https://doc.nexusgroup.com/pages/viewpage.action?pageId=83133294) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| NI (National Instruments) | | | | Unknown | [link](https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Nice Software (AWS) EnginFRAME | | | | Unknown | [link](https://download.enginframe.com/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| NinjaRMM | | | | Unknown | [link](https://ninjarmm.zendesk.com/hc/en-us/articles/4416226194189-12-10-21-Security-Declaration-NinjaOne-not-affected-by-CVE-2021-44228-log4j-) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Nomachine | | | | Unknown | [link](https://forums.nomachine.com/topic/apache-log4j-notification) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |

41
data/cisagov.yml
View file

@ -59699,28 +59699,28 @@ software:
product: OptimalPlus
cves:
cve-2021-4104:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
investigated: true
affected_versions: -Limited to deployments running Vertica, Cloudera, or Logstash
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html
notes: (Limited to deployments running Veritas, Cloudera, or Logstash) Contact
notes: (Limited to deployments running Vertica, Cloudera, or Logstash) Contact
Technical Support
references:
- ''
@ -60021,35 +60021,6 @@ software:
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: NI (National Instruments)
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: Nice Software (AWS) EnginFRAME
product: ''
cves:

30
data/cisagov_A.yml
View file

@ -3705,6 +3705,36 @@ software:
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Atvise
product: All
cves:
cve-2021-4104:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen
notes: The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise® solutions.
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: AudioCodes
product: ''
cves:

142
data/cisagov_I.yml
View file

@ -6975,7 +6975,7 @@ software:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: Ivanti
product: ''
product: Avalanche
cves:
cve-2021-4104:
investigated: false
@ -6983,17 +6983,19 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
investigated: true
affected_versions:
- 6.2.2
- 6.3.0 to 6.3.3
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
@ -7002,5 +7004,133 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-18T00:00:00'
- vendor: Ivanti
product: Ivanti File Director
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 2019.1.*
- 2020.1.*
- 2020.3.*
- 2021.1.*
- 4.4.*
fixed_versions:
- 2021.3 HF2
- 2021.1 HF1
- 2020.3 HF2
unaffected_versions: []
cve-2021-45046:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US
notes: ''
references:
- ''
last_updated: '2022-01-18T00:00:00'
- vendor: Ivanti
product: MobileIron Core
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- All
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US
notes: See Advisory details for mitigation instructions for MobileIron Core.
references:
- ''
last_updated: '2022-01-18T00:00:00'
- vendor: Ivanti
product: MobileIron Sentry (Core/Cloud)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 9.13
- 9.14
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US
notes: See Advisory details for mitigation instructions for MobileIron Sentry.
references:
- ''
last_updated: '2022-01-18T00:00:00'
- vendor: Ivanti
product: MobileIron Core Connector
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- All
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US
notes: See Advisory details for mitigation instructions for MobileIron Core Connector.
references:
- ''
last_updated: '2022-01-18T00:00:00'
...

42
data/cisagov_N.yml
View file

@ -95,28 +95,29 @@ software:
product: OptimalPlus
cves:
cve-2021-4104:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
investigated: true
affected_versions:
-Limited to deployments running Vertica, Cloudera, or Logstash
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html
notes: (Limited to deployments running Veritas, Cloudera, or Logstash) Contact
notes: (Limited to deployments running Vertica, Cloudera, or Logstash) Contact
Technical Support
references:
- ''
@ -417,35 +418,6 @@ software:
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: NI (National Instruments)
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: Nice Software (AWS) EnginFRAME
product: ''
cves:

310
data/cisagov_S.yml
View file

@ -755,6 +755,316 @@ software:
references:
- ''
last_updated: '2021-12-15T00:00:00'
- vendor: Samsung Electronics America
product: Knox Reseller Portal
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- Cloud
unaffected_versions: []
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions:
- Cloud
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox Manage
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- Cloud
unaffected_versions: []
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions:
- Cloud
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox Admin Portal
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox Mobile Enrollment
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox Configure
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox Asset Intelligence
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox E-FOTA One
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox Managed Services Provider (MSP)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox Guard
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox License Management
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Sangoma
product: ''
cves:

30
data/cisagov_V.yml
View file

@ -2571,6 +2571,36 @@ software:
references:
- ''
last_updated: '2021-12-12T00:00:00'
- vendor: VTScada
product: All
cves:
cve-2021-4104:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.vtscada.com/vtscada-unaffected-by-log4j/
notes: Java is not utilized within VTScada software, and thus our users are unaffected.
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Vyaire
product: ''
cves: