From bee5ac6aeac5bcd10b2de3ac09c6107f20e5494f Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 18 Jan 2022 16:11:02 -0500 Subject: [PATCH] Update cisagov_M.yml Remove duplicate mobile iron entries --- data/cisagov_M.yml | 137 --------------------------------------------- 1 file changed, 137 deletions(-) diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index c96ff4b..5e33f8f 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -2233,143 +2233,6 @@ software: references: - '' last_updated: '2022-01-05T00:00:00' - - vendor: MobileIron - product: Core - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All Versions - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: MobileIron - product: Core Connector - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All Versions - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: MobileIron - product: Reporting Database (RDB) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All Versions - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: MobileIron - product: Sentry - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - '9.13' - - '9.14' - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. - references: - - '' - last_updated: '2021-12-20T00:00:00' - vendor: MongoDB product: All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts)