Update cisagov_C.yml

Providing the latest changes for Citrix products and services in context to the Log4j vulnerabilities
2024-11-22 00:20:47 +00:00 · 2022-02-14 13:47:41 -05:00 · 2022-02-14 13:47:41 -05:00 · a2a55d51e1
commit a2a55d51e1
parent 461750059b
1 changed files with 103 additions and 131 deletions
--- a/data/cisagov_C.yml
+++ b/data/cisagov_C.yml
@ -4588,22 +4588,20 @@ software:
        unaffected_versions:
          - All Platforms
      cve-2021-45046:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
      cve-2021-45105:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
    vendor_links:
      - https://support.citrix.com/article/CTX335705
-    notes: Citrix continues to investigate any potential impact on Citrix-managed
+    notes: ''
      cloud services. If, as the investigation continues, any Citrix-managed services
      are found to be affected by this issue, Citrix will take immediate action to
      remediate the problem. Customers using Citrix-managed cloud services do not
      need to take any action.
    references:
      - ''
    last_updated: '2021-12-21T00:00:00'
@ -4622,22 +4620,20 @@ software:
        unaffected_versions:
          - All Platforms
      cve-2021-45046:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
      cve-2021-45105:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
    vendor_links:
      - https://support.citrix.com/article/CTX335705
-    notes: Citrix continues to investigate any potential impact on Citrix-managed
+    notes: ''
      cloud services. If, as the investigation continues, any Citrix-managed services
      are found to be affected by this issue, Citrix will take immediate action to
      remediate the problem. Customers using Citrix-managed cloud services do not
      need to take any action.
    references:
      - ''
    last_updated: '2021-12-21T00:00:00'
@ -4650,27 +4646,26 @@ software:
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
      cve-2021-45046:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
      cve-2021-45105:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
    vendor_links:
      - https://support.citrix.com/article/CTX335705
-    notes: Citrix continues to investigate any potential impact on Citrix-managed
+    notes: ''
      cloud services. If, as the investigation continues, any Citrix-managed services
      are found to be affected by this issue, Citrix will take immediate action to
      remediate the problem. Customers using Citrix-managed cloud services do not
      need to take any action.
    references:
      - ''
    last_updated: '2021-12-21T00:00:00'
@ -4683,27 +4678,26 @@ software:
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
      cve-2021-45046:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
      cve-2021-45105:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
    vendor_links:
      - https://support.citrix.com/article/CTX335705
-    notes: Citrix continues to investigate any potential impact on Citrix-managed
+    notes: ''
      cloud services. If, as the investigation continues, any Citrix-managed services
      are found to be affected by this issue, Citrix will take immediate action to
      remediate the problem. Customers using Citrix-managed cloud services do not
      need to take any action.
    references:
      - ''
    last_updated: '2021-12-21T00:00:00'
@ -4717,27 +4711,26 @@ software:
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
      cve-2021-45046:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
      cve-2021-45105:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
    vendor_links:
      - https://support.citrix.com/article/CTX335705
-    notes: Citrix continues to investigate any potential impact on Citrix-managed
+    notes: ''
      cloud services. If, as the investigation continues, any Citrix-managed services
      are found to be affected by this issue, Citrix will take immediate action to
      remediate the problem. Customers using Citrix-managed cloud services do not
      need to take any action.
    references:
      - ''
    last_updated: '2021-12-21T00:00:00'
@ -4750,31 +4743,23 @@ software:
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
-        investigated: false
+        investigated: true
        affected_versions: []
-        fixed_versions: []
+        fixed_versions: [10.14 RP2, 10.13 RP5, 10.12 RP10]
        unaffected_versions: []
      cve-2021-45046:
-        investigated: false
+        investigated: true
        affected_versions: []
-        fixed_versions: []
+        fixed_versions: [10.14 RP2, 10.13 RP5, 10.12 RP10]
        unaffected_versions: []
      cve-2021-45105:
-        investigated: false
+        investigated: true
        affected_versions: []
-        fixed_versions: []
+        fixed_versions: [10.14 RP3, 10.13 RP6, 10.12 RP11]
        unaffected_versions: []
    vendor_links:
      - https://support.citrix.com/article/CTX335705
-    notes: 'For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised
+    notes: ''
      to apply the latest CEM rolling patch updates listed below as soon as possible
      to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763);
      [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753);
      and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785).
      Note: Customers who have upgraded their XenMobile Server to the updated versions
      are recommended not to apply the responder policy mentioned in the blog listed
      below to the Citrix ADC vserver in front of the XenMobile Server as it may impact
      the enrollment of Android devices. For CVE-2021-45105: Investigation in progress.'
    references:
      - ''
    last_updated: '2021-12-21T00:00:00'
@ -4787,27 +4772,26 @@ software:
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
      cve-2021-45046:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions: 
          - All Platforms
      cve-2021-45105:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
    vendor_links:
      - https://support.citrix.com/article/CTX335705
-    notes: Citrix continues to investigate any potential impact on Citrix-managed
+    notes: ''
      cloud services. If, as the investigation continues, any Citrix-managed services
      are found to be affected by this issue, Citrix will take immediate action to
      remediate the problem. Customers using Citrix-managed cloud services do not
      need to take any action.
    references:
      - ''
    last_updated: '2021-12-21T00:00:00'
@ -4820,27 +4804,26 @@ software:
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
      cve-2021-45046:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
      cve-2021-45105:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
    vendor_links:
      - https://support.citrix.com/article/CTX335705
-    notes: Citrix continues to investigate any potential impact on Citrix-managed
+    notes: ''
      cloud services. If, as the investigation continues, any Citrix-managed services
      are found to be affected by this issue, Citrix will take immediate action to
      remediate the problem. Customers using Citrix-managed cloud services do not
      need to take any action.
    references:
      - ''
    last_updated: '2021-12-21T00:00:00'
@ -4859,22 +4842,20 @@ software:
        unaffected_versions:
          - All Platforms
      cve-2021-45046:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
      cve-2021-45105:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
    vendor_links:
      - https://support.citrix.com/article/CTX335705
-    notes: Citrix continues to investigate any potential impact on Citrix-managed
+    notes: ''
      cloud services. If, as the investigation continues, any Citrix-managed services
      are found to be affected by this issue, Citrix will take immediate action to
      remediate the problem. Customers using Citrix-managed cloud services do not
      need to take any action.
    references:
      - ''
    last_updated: '2021-12-21T00:00:00'
@ -4887,30 +4868,24 @@ software:
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
-        investigated: false
+        investigated: true
        affected_versions: []
-        fixed_versions: []
+        fixed_versions: [Linux Virtual Delivery Agent 2112]
        unaffected_versions: []
      cve-2021-45046:
-        investigated: false
+        investigated: true
        affected_versions: []
-        fixed_versions: []
+        fixed_versions: [Linux Virtual Delivery Agent 2112]
        unaffected_versions: []
      cve-2021-45105:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
    vendor_links:
      - https://support.citrix.com/article/CTX335705
-    notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046:
+    notes: ''
      Customers are advised to apply the latest update as soon as possible to reduce
      the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html).
      See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for
      additional mitigations. For CVE-2021-45105: Investigation has shown that Linux
      VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30,
      released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED:
      Linux VDA LTSR all versions; All other CVAD components.'
    references:
      - ''
    last_updated: '2021-12-21T00:00:00'
@ -4929,22 +4904,20 @@ software:
        unaffected_versions:
          - All Platforms
      cve-2021-45046:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
      cve-2021-45105:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
    vendor_links:
      - https://support.citrix.com/article/CTX335705
-    notes: Citrix continues to investigate any potential impact on Citrix-managed
+    notes: ''
      cloud services. If, as the investigation continues, any Citrix-managed services
      are found to be affected by this issue, Citrix will take immediate action to
      remediate the problem. Customers using Citrix-managed cloud services do not
      need to take any action.
    references:
      - ''
    last_updated: '2021-12-21T00:00:00'
@ -4957,27 +4930,26 @@ software:
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
      cve-2021-45046:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
      cve-2021-45105:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - All Platforms
    vendor_links:
      - https://support.citrix.com/article/CTX335705
-    notes: Citrix continues to investigate any potential impact on Citrix-managed
+    notes: ''
      cloud services. If, as the investigation continues, any Citrix-managed services
      are found to be affected by this issue, Citrix will take immediate action to
      remediate the problem. Customers using Citrix-managed cloud services do not
      need to take any action.
    references:
      - ''
    last_updated: '2021-12-21T00:00:00'