Merge pull request #125 from flintg/add-beyondtrust

Add BeyondTrust products affected, not affected, and fixed, per KB0016542
2024-11-23 09:00:48 +00:00 · 2021-12-16 17:20:02 -05:00 · 2021-12-16 17:20:02 -05:00 · a184095d8f
commit a184095d8f
parent 843401e5e7 56b7a3a4fb
1 changed files with 3 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -71,6 +71,9 @@ This list was initially populated using information from the following sources:
 | Atlassian | Crowd Server & Data Center | All | Affected | Yes | [FAQ for CVE-2021-44228  Atlassian Support  Atlassian Documentation](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html) | So far, we do not believe our on-premises products are vulnerable to exploitation in their default configuration. However, if a you have modified the default logging configuration (log4j.properties) to enable the JMS Appender functionality, remote code execution may be possible | | |
 | Atlassian | Fisheye | All | Affected | Yes | [FAQ for CVE-2021-44228  Atlassian Support  Atlassian Documentation](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html) | So far, we do not believe our on-premises products are vulnerable to exploitation in their default configuration. However, if a you have modified the default logging configuration (log4j.properties) to enable the JMS Appender functionality, remote code execution may be possible | | |
 | Atlassian | Crucible | All | Affected | Yes | [FAQ for CVE-2021-44228  Atlassian Support  Atlassian Documentation](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html) | | | |
 | BeyondTrust | Privilege Management Cloud | Unkown | Fixed |  | [BeyondTrust Statement on log4j2 CVE-2021-44228 (Log4Shell)](https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542) | vulnerability has been mitigated on all customer instances as of December 10, 2021 | KB0016542 | 2021-12-15 |
 | BeyondTrust | Privilege Management Reporting in BeyondInsight | 21.2 | Affected | No | [BeyondTrust Statement on log4j2 CVE-2021-44228 (Log4Shell)](https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542) | Until a patch is available, BeyondTrust recommends ensuring access to the instance is restricted and monitoring for anomalous behavior. There is no known exploit path at this time. | KB0016542 | 2021-12-15 |
 | BeyondTrust | Secure Remote Access appliances | Unkown | Not Affected |  | [BeyondTrust Statement on log4j2 CVE-2021-44228 (Log4Shell)](https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542) |  | KB0016542 | 2021-12-15 |
 | Avaya | Avaya Analytics | 3.5, 3.6, 3.6.1, 3.7, 4| Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET  |
 | Avaya | Avaya Aura® Device Services | 8, 8.1, 8.1.4, 8.1.5 | Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET  |
 | Avaya | Avaya Aura for OneCloud Private | | Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| Avaya is scanning and monitoring its OneCloud Private environments as part of its management activities.  Avaya will continue to monitor this fluid situation and remediations will be made as patches become available, in accordance with appropriate change processes. | | Tuesday, December 14, 2021 - 8:30pm ET  |