Merge pull request #463 from CodeAlligator/master

Updated Salesforce statuses
2024-11-22 16:40:48 +00:00 · 2022-01-25 15:29:24 -05:00 · 2022-01-25 15:29:24 -05:00 · b27e73aea7
commit b27e73aea7
parent 1b09d6cac2 d8c4b4ce60
1 changed files with 71 additions and 44 deletions
--- a/data/cisagov_S.yml
+++ b/data/cisagov_S.yml
@ -146,9 +146,9 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://help.salesforce.com/s/articleView?id=000363736&type=1
-    notes: '"Analytics Cloud is reported to be affected by CVE-2021-44228. Services
+    notes: Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046.
-      have been updated to mitigate the issues identified in CVE-2021-44228 and we
+      Salesforce-owned services and third-party vendors have been patched to
-      are executing our final validation steps."'
+      address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
@ -177,8 +177,9 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://help.salesforce.com/s/articleView?id=000363736&type=1
-    notes: '"B2C Commerce Cloud is reported to be affected by CVE-2021-44228. The
+    notes: B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046.
-      service is being updated to remediate the vulnerability identified  in CVE-2021-44228."'
+      Salesforce-owned services and third-party vendors have been patched to address
      the issues currently identified in CVE-2021-44228 and CVE-2021-45046.
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
@ -207,8 +208,10 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://help.salesforce.com/s/articleView?id=000363736&type=1
-    notes: '"ClickSoftware (As-a-Service) is reported to be affected by CVE-2021-44228.
+    notes: ClickSoftware (As-a-Service) was affected by CVE-2021-44228
-      The service is being updated to remediate the vulnerability identified in CVE-2021-44228."'
+      and CVE-2021-45046. Salesforce-owned services and third-party vendors
      have been patched to address the issues currently identified in
      CVE-2021-44228 and CVE-2021-45046.
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
@ -237,12 +240,15 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://help.salesforce.com/s/articleView?id=000363736&type=1
-    notes: '"Please contact Customer Support."'
+    notes: ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046.
      Salesforce-owned services and third-party vendors have been patched to address the
      issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional details
      are available here.
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
  - vendor: Salesforce
-    product: Community Cloud
+    product: Experience (Community) Cloud
    cves:
      cve-2021-4104:
        investigated: false
@ -266,8 +272,9 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://help.salesforce.com/s/articleView?id=000363736&type=1
-    notes: '"Community Cloud is reported to be affected by CVE-2021-44228. The service
+    notes: Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046.
-      is being updated to remediate the vulnerability identified  in CVE-2021-44228."'
+      Salesforce-owned services and third-party vendors have been patched to
      address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
@ -296,9 +303,9 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://help.salesforce.com/s/articleView?id=000363736&type=1
-    notes: '"Data.com is reported to be affected by CVE-2021-44228. The service has
+    notes: Data.com was affected by CVE-2021-44228 and CVE-2021-45046.
-      a mitigation in place and is being updated to remediate the vulnerability identified  in
+      Salesforce-owned services and third-party vendors have been patched
-      CVE-2021-44228."'
+      to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
@ -357,9 +364,9 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://help.salesforce.com/s/articleView?id=000363736&type=1
-    notes: '"Datorama is reported to be affected by CVE-2021-44228. The service has
+    notes: Datorama was affected by CVE-2021-44228 and CVE-2021-45046.
-      a mitigation in place and is being updated to remediate the vulnerability identified  in
+      Salesforce-owned services and third-party vendors have been patched
-      CVE-2021-44228."'
+      to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
@ -388,9 +395,9 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://help.salesforce.com/s/articleView?id=000363736&type=1
-    notes: '"Evergage (Interaction Studio) is reported to be affected by CVE-2021-44228.
+    notes: Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046.
-      Services have been updated to mitigate the issues identified in CVE-2021-44228
+      Salesforce-owned services and third-party vendors have been patched to address the issues
-      and we are executing our final validation steps."'
+      currently identified in CVE-2021-44228 and CVE-2021-45046.
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
@ -419,8 +426,13 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://help.salesforce.com/s/articleView?id=000363736&type=1
-    notes: '"Force.com is reported to be affected by CVE-2021-44228. The service is
+    notes: Force.com was affected by CVE-2021-44228 and CVE-2021-45046.
-      being updated to remediate the vulnerability identified  in CVE-2021-44228."'
+      Salesforce-owned services and third-party vendors have been patched
      to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.
      The Data Loader tool has been patched to address the issues currently identified
      in CVE-2021-44228 and CVE-2021-45046. Make sure that you are using Data Loader
      version 53.0.2 or later. Follow the steps described here to download the latest
      version of Data Loader.
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
@ -449,8 +461,8 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://help.salesforce.com/s/articleView?id=000363736&type=1
-    notes: '"Heroku is reported to not be affected by CVE-2021-44228; no further action
+    notes: Heroku is reported to not be affected by the issues currently
-      is necessary at this time."'
+      identified in CVE-2021-44228 or CVE-2021-45046.
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
@ -479,8 +491,10 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://help.salesforce.com/s/articleView?id=000363736&type=1
-    notes: '"Marketing Cloud is reported to be affected by CVE-2021-44228. The service
+    notes: Salesforce-owned services within Marketing Cloud are not affected
-      is being updated to remediate the vulnerability identified  in CVE-2021-44228."'
+      by the issues currently identified in CVE-2021-44228 or CVE-2021-45046.
      Third-party vendors have been patched to address the security issues currently
      identified in CVE-2021-44228 or CVE-2021-45046.
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
@ -509,8 +523,10 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://help.salesforce.com/s/articleView?id=000363736&type=1
-    notes: '"MuleSoft (Cloud) is reported to be affected by CVE-2021-44228. The service
+    notes: MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046.
-      is being updated to remediate the vulnerability identified  in CVE-2021-44228."'
+      Mulesoft services, including dataloader.io, have been updated to mitigate
      the issues currently identified in CVE-2021-44228 and CVE-2021-45046.
      Please see additional details here.
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
@ -539,7 +555,11 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://help.salesforce.com/s/articleView?id=000363736&type=1
-    notes: '"Please contact Customer Support."'
+    notes: MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046.
      Salesforce-owned services and third-party vendors, including Private Cloud
      Edition (PCE) and Anypoint Studio, have a mitigation in place to address the
      issues currently identified in CVE-2021-44228 and CVE-2021-45046.
      Please see additional details here.
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
@ -568,8 +588,9 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://help.salesforce.com/s/articleView?id=000363736&type=1
-    notes: '"Pardot is reported to be affected by CVE-2021-44228. The service is being
+    notes: Pardot was affected by CVE-2021-44228 and CVE-2021-45046.
-      updated to remediate the vulnerability identified  in CVE-2021-44228."'
+      Salesforce-owned services and third-party vendors have been patched
      to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
@ -598,8 +619,9 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://help.salesforce.com/s/articleView?id=000363736&type=1
-    notes: '"Sales Cloud is reported to be affected by CVE-2021-44228. The service
+    notes: Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046.
-      is being updated to remediate the vulnerability identified in CVE-2021-44228."'
+      Salesforce-owned services and third-party vendors have been patched to
      address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
@ -628,8 +650,9 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://help.salesforce.com/s/articleView?id=000363736&type=1
-    notes: '"Service Cloud is reported to be affected by CVE-2021-44228. The service
+    notes: Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046.
-      is being updated to remediate the vulnerability identified  in CVE-2021-44228."'
+      Salesforce-owned services and third-party vendors have been patched to
      address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
@ -658,9 +681,10 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://help.salesforce.com/s/articleView?id=000363736&type=1
-    notes: '"Slack is reported to be affected by CVE-2021-44228. The service has a
+    notes: Slack was affected by CVE-2021-44228 and CVE-2021-45046.
-      mitigation in place and is being updated to remediate the vulnerability identified  in
+      Salesforce-owned services and third-party vendors have been patched
-      CVE-2021-44228."'
+      to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046.
      Additional details are available here.
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
@ -689,9 +713,9 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://help.salesforce.com/s/articleView?id=000363736&type=1
-    notes: '"Social Studio is reported to be affected by CVE-2021-44228. The service
+    notes: Social Studio was affected by CVE-2021-44228 and CVE-2021-45046.
-      has a mitigation in place and is being updated to remediate the vulnerability
+      Salesforce-owned services and third-party vendors have been patched to
-      identified  in CVE-2021-44228."'
+      address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
@ -721,7 +745,9 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell
-    notes: Fixed in 2021.4.1
+    notes: Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046.
      Patches to address the issues currently identified in both CVE-2021-44228 and
      CVE-2021-45046 are available for download. Additional details are available here.
    references:
      - ''
    last_updated: '2021-12-16T00:00:00'
@ -750,8 +776,9 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://help.salesforce.com/s/articleView?id=000363736&type=1
-    notes: '"Tableau (Online) is reported to be affected by CVE-2021-44228. The service
+    notes: Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046.
-      is being updated to remediate the vulnerability identified in CVE-2021-44228."'
+      Services have been patched to mitigate the issues currently identified in
      both CVE-2021-44228 and CVE-2021-45046.
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'