From 248c7449bcdb4aeee1703e554564e75a9a8d38a7 Mon Sep 17 00:00:00 2001 From: Jamie Finnigan Date: Wed, 15 Dec 2021 12:37:50 -0800 Subject: [PATCH 1/3] add HashiCorp products --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index 04c5b47..e782ab0 100644 --- a/README.md +++ b/README.md @@ -379,6 +379,18 @@ This list was initially populated using information from the following sources: | Gradle | Gradle Enterprise | < 2021.3.6 | Affected | Yes | [Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2](https://security.gradle.com/advisory/2021-11) | | | | | Gradle | Gradle Enterprise Test Distribution Agent | < 1.6.2 | Affected | Yes | [Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2](https://security.gradle.com/advisory/2021-11) | | | | | Gradle | Gradle Enterprise Build Cache Node | < 10.1 | Affected | Yes | [Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2](https://security.gradle.com/advisory/2021-11) | | | | +| HashiCorp | Boundary | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | +| HashiCorp | Consul | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | +| HashiCorp | Consul Enterprise | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | +| HashiCorp | Nomad | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | +| HashiCorp | Nomad Enterprise | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | +| HashiCorp | Packer | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | +| HashiCorp | Terraform | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | +| HashiCorp | Terraform Enterprise | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | +| HashiCorp | Waypoint | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | +| HashiCorp | Vagrant | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | +| HashiCorp | Vault | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | +| HashiCorp | Vault Enterprise | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | | IBM | BigFix Compliance | | Affected | No | | | | | | IBM | BigFix Inventory | VM Manager Tool & SAP Tool | Affected | No | | To verify if your instance is affected, go to the lib subdirectory of the tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version of log4j is included. Version is included in the name of the library. | | | | IBM | Server Automation | | Affected | No | | | | | From 709b8dbff9ab1d6760f5175a514826d1d2a25907 Mon Sep 17 00:00:00 2001 From: Jamie Finnigan Date: Wed, 15 Dec 2021 12:44:07 -0800 Subject: [PATCH 2/3] clean up URL markdown formatting --- README.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index e782ab0..dc26fdc 100644 --- a/README.md +++ b/README.md @@ -379,18 +379,18 @@ This list was initially populated using information from the following sources: | Gradle | Gradle Enterprise | < 2021.3.6 | Affected | Yes | [Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2](https://security.gradle.com/advisory/2021-11) | | | | | Gradle | Gradle Enterprise Test Distribution Agent | < 1.6.2 | Affected | Yes | [Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2](https://security.gradle.com/advisory/2021-11) | | | | | Gradle | Gradle Enterprise Build Cache Node | < 10.1 | Affected | Yes | [Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2](https://security.gradle.com/advisory/2021-11) | | | | -| HashiCorp | Boundary | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | -| HashiCorp | Consul | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | -| HashiCorp | Consul Enterprise | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | -| HashiCorp | Nomad | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | -| HashiCorp | Nomad Enterprise | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | -| HashiCorp | Packer | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | -| HashiCorp | Terraform | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | -| HashiCorp | Terraform Enterprise | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | -| HashiCorp | Waypoint | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | -| HashiCorp | Vagrant | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | -| HashiCorp | Vault | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | -| HashiCorp | Vault Enterprise | | Not Affected | | https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228/ | | | | +| HashiCorp | Boundary | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | | +| HashiCorp | Consul | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | | +| HashiCorp | Consul Enterprise | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | | +| HashiCorp | Nomad | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | | +| HashiCorp | Nomad Enterprise | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | | +| HashiCorp | Packer | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | | +| HashiCorp | Terraform | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | | +| HashiCorp | Terraform Enterprise | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | | +| HashiCorp | Waypoint | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | | +| HashiCorp | Vagrant | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | | +| HashiCorp | Vault | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | | +| HashiCorp | Vault Enterprise | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | | | IBM | BigFix Compliance | | Affected | No | | | | | | IBM | BigFix Inventory | VM Manager Tool & SAP Tool | Affected | No | | To verify if your instance is affected, go to the lib subdirectory of the tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version of log4j is included. Version is included in the name of the library. | | | | IBM | Server Automation | | Affected | No | | | | | From b96939d95eeb14f5317c83b767c9d5090d1d9ce5 Mon Sep 17 00:00:00 2001 From: Jamie Finnigan Date: Wed, 15 Dec 2021 12:45:35 -0800 Subject: [PATCH 3/3] fix product ordering --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dc26fdc..5e9666b 100644 --- a/README.md +++ b/README.md @@ -387,10 +387,10 @@ This list was initially populated using information from the following sources: | HashiCorp | Packer | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | | | HashiCorp | Terraform | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | | | HashiCorp | Terraform Enterprise | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | | -| HashiCorp | Waypoint | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | | | HashiCorp | Vagrant | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | | | HashiCorp | Vault | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | | | HashiCorp | Vault Enterprise | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | | +| HashiCorp | Waypoint | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | | | IBM | BigFix Compliance | | Affected | No | | | | | | IBM | BigFix Inventory | VM Manager Tool & SAP Tool | Affected | No | | To verify if your instance is affected, go to the lib subdirectory of the tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version of log4j is included. Version is included in the name of the library. | | | | IBM | Server Automation | | Affected | No | | | | |