r3pek
/
log4j-affected-db
mirror of https://github.com/cisagov/log4j-affected-db
1
0
Fork 0
Code Releases Activity

Merge branch 'develop' into develop

Browse Source
pull/444/head
justmurphy 2 years ago committed by GitHub
parent 4c6f714c58 dd4d70100a
commit c18b7fb0bb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 600 additions and 351 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 32
      SOFTWARE-LIST.md
  2. 714
      data/cisagov.yml
  3. 4
      data/cisagov_A.yml
  4. 137
      data/cisagov_M.yml
  5. 14
      data/cisagov_N.yml
  6. 8
      data/cisagov_Non-Alphabet.yml
  7. 40
      data/cisagov_S.yml
  8. 2
      data/cisagov_V.yml

32
SOFTWARE-LIST.md
Unescape View File

@ -22,7 +22,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| Vendor | Product | Affected Versions | Patched Versions | Status | Vendor Links | Notes | References | Reporter | Last Updated |
| ------ | ------- | ----------------- | ---------------- | ------ | ------------ | ----- | ---------- | -------- | ------------ |
| 1Password | All products | | | Unknown | [link](https://support.1password.com/kb/202112/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 |
| 1Password | All products | | | Not Affected | [link](https://support.1password.com/kb/202112/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-01-14 |
| 2n | | | | Unknown | [link](https://www.2n.com/cs_CZ/novinky/produkty-2n-neohrozuje-zranitelnost-cve-2021-44228-komponenty-log4j-2) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| 3CX | | | | Unknown | [link](https://www.3cx.com/community/threads/log4j-vulnerability-cve-2021-44228.86436/#post-407911) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| 3M Health Information Systems | CGS | | | Unknown | [link](https://support.3mhis.com/app/account/updates/ri/5210) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
@ -150,6 +150,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| Atlassian | Fisheye | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Jira Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Attivo networks | | | | Unknown | [link](https://www.attivonetworks.com/wp-content/uploads/2021/12/Log4j_Vulnerability-Advisory-211213-4.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atvise | All | | | Not Affected | [link](https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen) | The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise solutions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 |
| AudioCodes | | | | Unknown | [link](https://services.audiocodes.com/app/answers/kbdetail/a_id/2225) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Autodesk | | | | Unknown | [link](https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html) | Autodesk is continuing to perform a thorough investigation in relation to the recently discovered Apache Log4j security vulnerabilities. We continue to implement several mitigating factors for our products including patching, network firewall blocks, and updated detection signatures to reduce the threat of this vulnerability and enhance our ability to quickly respond to potential malicious activity. We have not identified any compromised systems in the Autodesk environment due to this vulnerability, at this time. This is an ongoing investigation and we will provide updates on the [Autodesk Trust Center as we learn more](https://www.autodesk.com/trust/overview). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Automox | | | | Unknown | [link](https://blog.automox.com/log4j-critical-vulnerability-scores-a-10) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
@ -1771,7 +1772,11 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| iRedMail | | | | Unknown | [link](https://forum.iredmail.org/topic18605-log4j-cve202144228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Ironnet | | | | Unknown | [link](https://www.ironnet.com/blog/ironnet-security-notifications-related-to-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| ISLONLINE | | | | Unknown | [link](https://blog.islonline.com/2021/12/13/isl-online-is-not-affected-by-log4shell-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Ivanti | | | | Unknown | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Ivanti | Avalanche | 6.2.2, 6.3.0 to 6.3.3 | | Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 |
| Ivanti | Ivanti File Director | 2019.1.*, 2020.1.*, 2020.3.*, 2021.1.*, 4.4.* | 2021.3 HF2, 2021.1 HF1, 2020.3 HF2 | Fixed | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 |
| Ivanti | MobileIron Core | All | | Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | See Advisory details for mitigation instructions for MobileIron Core. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 |
| Ivanti | MobileIron Core Connector | All | | Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | See Advisory details for mitigation instructions for MobileIron Core Connector. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 |
| Ivanti | MobileIron Sentry (Core/Cloud) | 9.13, 9.14 | | Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | See Advisory details for mitigation instructions for MobileIron Sentry. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 |
| Jamasoftware | | | | Unknown | [link](https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Jamf | Jamf Pro | 10.31.0 – 10.34.0 | | Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Janitza | GridVis | | | Not Affected | [link](https://www.janitza.com/us/gridvis-download.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 |
@ -1962,8 +1967,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| ManageEngine | AD SelfService Plus | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-27 |
| ManageEngine | Servicedesk Plus | 11305 and below | | Affected | [link](https://www.manageengine.com/products/service-desk/security-response-plan.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| MariaDB | | | | Unknown | [link](https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| MathWorks | All MathWorks general release desktop or server products | | | Unknown | [link](https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| MathWorks | MATLAB | | | Not Affected | [link](https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-29 |
| MathWorks | All MathWorks general release desktop or server products | | | Not Affected | [link](https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 |
| MathWorks | MATLAB | | | Not Affected | [link](https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 |
| Matillion | Matillion ETL | | 1.59.10+ | Fixed | [link](https://documentation.matillion.com/docs/security-advisory-14th-december-2021) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-11-01 |
| Matomo | | | | Unknown | [link](https://forum.matomo.org/t/matomo-is-not-concerned-by-the-log4j-security-breach-cve-2021-44228-discovered-on-december-2021-the-9th/44089) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Mattermost FocalBoard | | | | Unknown | [link](https://forum.mattermost.org/t/log4j-vulnerability-concern/12676) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
@ -2021,10 +2026,6 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| Mitel | | | | Unknown | [link](https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| MMM Group | Control software of all MMM series | | | Unknown | [link](https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 |
| MMM Group | RUMED360 Cycles, RUMED360 Cycles View, RUMED360 Sicon, RUMED360 ISA-Server | | | Unknown | [link](https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 |
| MobileIron | Core | All Versions | | Affected | [link](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| MobileIron | Core Connector | All Versions | | Affected | [link](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| MobileIron | Reporting Database (RDB) | All Versions | | Affected | [link](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| MobileIron | Sentry | 9.13, 9.14 | | Affected | [link](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| MongoDB | All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| MongoDB | MongoDB Atlas Search | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| MongoDB | MongoDB Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators) | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
@ -2043,8 +2044,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| N-able | | | | Unknown | [link](https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Nagios | | | | Unknown | [link](https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| NAKIVO | | | | Unknown | [link](https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| National Instruments | OptimalPlus | -, L, i, m, i, t, e, d, , t, o, , d, e, p, l, o, y, m, e, n, t, s, , r, u, n, n, i, n, g, , V, e, r, t, i, c, a, ,, , C, l, o, u, d, e, r, a, ,, , o, r, , L, o, g, s, t, a, s, h | | Affected | [link](https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html) | (Limited to deployments running Vertica, Cloudera, or Logstash) Contact Technical Support | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 |
| Neo4j | Neo4j Graph Database | Version >4.2, <4..2.12 | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 |
| National Instruments | OptimalPlus | Vertica, Cloudera, Logstash | | Affected | [link](https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html) | (Limited to deployments running Vertica, Cloudera, or Logstash) Contact Technical Support | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 |
| Neo4j | Neo4j Graph Database | >4.2, <4..2.12 | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 |
| Netapp | Multiple NetApp products | | | Unknown | [link](https://security.netapp.com/advisory/ntap-20211210-0007/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Netcup | | | | Unknown | [link](https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| NetGate PFSense | | | | Unknown | [link](https://forum.netgate.com/topic/168417/java-log4j-vulnerability-is-pfsense-affected/35) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
@ -2184,6 +2185,16 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| Salesforce | Social Studio | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Social Studio is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Salesforce | Tableau (On-Premise) | | < 2021.4.1 | Fixed | [link](https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell) | Fixed in 2021.4.1 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| Salesforce | Tableau (Online) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Tableau (Online) is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Samsung Electronics America | Knox Admin Portal | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 |
| Samsung Electronics America | Knox Asset Intelligence | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 |
| Samsung Electronics America | Knox Configure | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 |
| Samsung Electronics America | Knox E-FOTA One | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 |
| Samsung Electronics America | Knox Guard | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 |
| Samsung Electronics America | Knox License Management | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 |
| Samsung Electronics America | Knox Manage | | Cloud | Fixed | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 |
| Samsung Electronics America | Knox Managed Services Provider (MSP) | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 |
| Samsung Electronics America | Knox Mobile Enrollment | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 |
| Samsung Electronics America | Knox Reseller Portal | | Cloud | Fixed | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 |
| Sangoma | | | | Unknown | [link](https://help.sangoma.com/community/s/article/Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| SAP | | | | Unknown | [link](https://support.sap.com/content/dam/support/en_us/library/ssp/my-support/trust-center/sap-tc-01-5025.pdf) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| SAP Advanced Platform | | | | Unknown | [link](https://launchpad.support.sap.com/#/notes/3130698) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
@ -2659,6 +2670,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| VMware | VMware vRealize Orchestrator | 8.x, 7.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
| VMware | VMware Workspace ONE Access | 21.x, 20.10.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
| VMware | VMware Workspace ONE Access Connector (VMware Identity Manager Connector) | 21.x, 20.10.x, 19.03.0.1 | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
| VTScada | All | | | Not Affected | [link](https://www.vtscada.com/vtscada-unaffected-by-log4j/) | Java is not utilized within VTScada software, and thus our users are unaffected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 |
| Vyaire | | | | Unknown | [link](https://www.vyaire.com/sites/us/files/2021-12/2021-12-15-product-security-bulletin-for-log4shell-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| WAGO | WAGO Smart Script | 4.2.x < 4.8.1.3 | | Affected | [link](https://www.wago.com/de/automatisierungstechnik/psirt#log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| Wallarm | | | | Unknown | [link](https://lab.wallarm.com/cve-2021-44228-mitigation-update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |

714
data/cisagov.yml
Unescape View File

@ -8,31 +8,35 @@ software:
product: All products
cves:
cve-2021-4104:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- '>= 1.0.0'
cve-2021-44228:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- '>= 1.0.0'
cve-2021-45046:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- '>= 1.0.0'
cve-2021-45105:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
unaffected_versions:
- '>= 1.0.0'
vendor_links:
- https://support.1password.com/kb/202112/
notes: ''
references:
- ''
last_updated: '2021-12-23T00:00:00'
last_updated: '2021-01-14T00:00:00'
- vendor: 2n
product: ''
cves:
@ -3851,6 +3855,38 @@ software:
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Atvise
product: All
cves:
cve-2021-4104:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen
notes: The security vulnerability does NOT affect our applications and products
or pose any threat. This applies to all Bachmann applications and products,
including atvise solutions.
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: AudioCodes
product: ''
cves:
@ -51710,7 +51746,7 @@ software:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: Ivanti
product: ''
product: Avalanche
cves:
cve-2021-4104:
investigated: false
@ -51718,26 +51754,156 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 6.2.2
- 6.3.0 to 6.3.3
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US
notes: ''
references:
- ''
last_updated: '2022-01-18T00:00:00'
- vendor: Ivanti
product: Ivanti File Director
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 2019.1.*
- 2020.1.*
- 2020.3.*
- 2021.1.*
- 4.4.*
fixed_versions:
- 2021.3 HF2
- 2021.1 HF1
- 2020.3 HF2
unaffected_versions: []
cve-2021-45046:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US
notes: ''
references:
- ''
last_updated: '2022-01-18T00:00:00'
- vendor: Ivanti
product: MobileIron Core
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- All
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US
notes: See Advisory details for mitigation instructions for MobileIron Core.
references:
- ''
last_updated: '2022-01-18T00:00:00'
- vendor: Ivanti
product: MobileIron Core Connector
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- All
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US
notes: ''
notes: See Advisory details for mitigation instructions for MobileIron Core Connector.
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-18T00:00:00'
- vendor: Ivanti
product: MobileIron Sentry (Core/Cloud)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- '9.13'
- '9.14'
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US
notes: See Advisory details for mitigation instructions for MobileIron Sentry.
references:
- ''
last_updated: '2022-01-18T00:00:00'
- vendor: Jamasoftware
product: ''
cves:
@ -57338,7 +57504,7 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
@ -57357,7 +57523,7 @@ software:
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
last_updated: '2022-01-18T00:00:00'
- vendor: MathWorks
product: MATLAB
cves:
@ -57387,7 +57553,7 @@ software:
notes: ''
references:
- ''
last_updated: '2021-12-29T00:00:00'
last_updated: '2022-01-18T00:00:00'
- vendor: Matillion
product: Matillion ETL
cves:
@ -59023,76 +59189,9 @@ software:
references:
- ''
last_updated: '2022-01-05T00:00:00'
- vendor: MobileIron
product: Core
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- All Versions
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US
notes: The mitigation instructions listed in a subsequent section removes a vulnerable
Java class (JNDILookUp.class) from the affected Log4J Java library and as a
result removes the ability to perform the RCE attack. The workaround needs
to be applied in a maintenance window. You will not be able to access the admin
portal during the procedure, however, end user devices will continue to function.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: MobileIron
product: Core Connector
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- All Versions
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US
notes: The mitigation instructions listed in a subsequent section removes a vulnerable
Java class (JNDILookUp.class) from the affected Log4J Java library and as a
result removes the ability to perform the RCE attack. The workaround needs
to be applied in a maintenance window. You will not be able to access the admin
portal during the procedure, however, end user devices will continue to function.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: MobileIron
product: Reporting Database (RDB)
- vendor: MongoDB
product: All other components of MongoDB Atlas (including Atlas Database, Data
Lake, Charts)
cves:
cve-2021-4104:
investigated: false
@ -59100,46 +59199,10 @@ software:
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- All Versions
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US
notes: The mitigation instructions listed in a subsequent section removes a vulnerable
Java class (JNDILookUp.class) from the affected Log4J Java library and as a
result removes the ability to perform the RCE attack. The workaround needs
to be applied in a maintenance window. You will not be able to access the admin
portal during the procedure, however, end user devices will continue to function.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: MobileIron
product: Sentry
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- '9.13'
- '9.14'
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
@ -59151,18 +59214,13 @@ software:
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US
notes: The mitigation instructions listed in a subsequent section removes a vulnerable
Java class (JNDILookUp.class) from the affected Log4J Java library and as a
result removes the ability to perform the RCE attack. The workaround needs
to be applied in a maintenance window. You will not be able to access the admin
portal during the procedure, however, end user devices will continue to function.
- https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
notes: ''
references:
- ''
last_updated: '2021-12-20T00:00:00'
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: MongoDB
product: All other components of MongoDB Atlas (including Atlas Database, Data
Lake, Charts)
product: MongoDB Atlas Search
cves:
cve-2021-4104:
investigated: false
@ -59191,7 +59249,8 @@ software:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: MongoDB
product: MongoDB Atlas Search
product: MongoDB Community Edition (including Community Server, Cloud Manager,
Community Kubernetes Operators)
cves:
cve-2021-4104:
investigated: false
@ -59220,8 +59279,7 @@ software:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: MongoDB
product: MongoDB Community Edition (including Community Server, Cloud Manager,
Community Kubernetes Operators)
product: MongoDB Drivers
cves:
cve-2021-4104:
investigated: false
@ -59250,7 +59308,8 @@ software:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: MongoDB
product: MongoDB Drivers
product: MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager,
Enterprise Kubernetes Operators)
cves:
cve-2021-4104:
investigated: false
@ -59279,8 +59338,7 @@ software:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: MongoDB
product: MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager,
Enterprise Kubernetes Operators)
product: MongoDB Realm (including Realm Database, Sync, Functions, APIs)
cves:
cve-2021-4104:
investigated: false
@ -59309,7 +59367,8 @@ software:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: MongoDB
product: MongoDB Realm (including Realm Database, Sync, Functions, APIs)
product: MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas
CLI, Database Connectors)
cves:
cve-2021-4104:
investigated: false
@ -59337,38 +59396,8 @@ software:
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: MongoDB
product: MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas
CLI, Database Connectors)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: Moodle
product: ''
- vendor: Moodle
product: ''
cves:
cve-2021-4104:
investigated: false
@ -59705,7 +59734,10 @@ software:
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: -Limited to deployments running Vertica, Cloudera, or Logstash
affected_versions:
- Vertica
- Cloudera
- Logstash
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -59736,7 +59768,7 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
- Version >4.2
- '>4.2'
- <4..2.12
fixed_versions: []
unaffected_versions: []
@ -63874,6 +63906,316 @@ software:
references:
- ''
last_updated: '2021-12-15T00:00:00'
- vendor: Samsung Electronics America
product: Knox Admin Portal
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox Asset Intelligence
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox Configure
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox E-FOTA One
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox Guard
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox License Management
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox Manage
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- Cloud
unaffected_versions: []
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions:
- Cloud
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox Managed Services Provider (MSP)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox Mobile Enrollment
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Samsung Electronics America
product: Knox Reseller Portal
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- Cloud
unaffected_versions: []
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions:
- Cloud
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services
notes: ''
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Sangoma
product: ''
cves:
@ -78004,6 +78346,36 @@ software:
references:
- ''
last_updated: '2021-12-12T00:00:00'
- vendor: VTScada
product: All
cves:
cve-2021-4104:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: ''
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.vtscada.com/vtscada-unaffected-by-log4j/
notes: Java is not utilized within VTScada software, and thus our users are unaffected.
references:
- ''
last_updated: '2022-01-17T00:00:00'
- vendor: Vyaire
product: ''
cves:

4
data/cisagov_A.yml
Unescape View File

@ -3718,7 +3718,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
- 'All'
cve-2021-45046:
investigated: ''
affected_versions: []
@ -3731,7 +3731,7 @@ software:
unaffected_versions: []
vendor_links:
- https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen
notes: The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise® solutions.
notes: The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise solutions.
references:
- ''
last_updated: '2022-01-17T00:00:00'

137
data/cisagov_M.yml
Unescape View File

@ -2233,143 +2233,6 @@ software:
references:
- ''
last_updated: '2022-01-05T00:00:00'
- vendor: MobileIron
product: Core
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- All Versions
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US
notes: The mitigation instructions listed in a subsequent section removes a vulnerable
Java class (JNDILookUp.class) from the affected Log4J Java library and as a
result removes the ability to perform the RCE attack. The workaround needs
to be applied in a maintenance window. You will not be able to access the admin
portal during the procedure, however, end user devices will continue to function.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: MobileIron
product: Core Connector
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- All Versions
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US
notes: The mitigation instructions listed in a subsequent section removes a vulnerable
Java class (JNDILookUp.class) from the affected Log4J Java library and as a
result removes the ability to perform the RCE attack. The workaround needs
to be applied in a maintenance window. You will not be able to access the admin
portal during the procedure, however, end user devices will continue to function.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: MobileIron
product: Reporting Database (RDB)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- All Versions
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US
notes: The mitigation instructions listed in a subsequent section removes a vulnerable
Java class (JNDILookUp.class) from the affected Log4J Java library and as a
result removes the ability to perform the RCE attack. The workaround needs
to be applied in a maintenance window. You will not be able to access the admin
portal during the procedure, however, end user devices will continue to function.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: MobileIron
product: Sentry
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- '9.13'
- '9.14'
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US
notes: The mitigation instructions listed in a subsequent section removes a vulnerable
Java class (JNDILookUp.class) from the affected Log4J Java library and as a
result removes the ability to perform the RCE attack. The workaround needs
to be applied in a maintenance window. You will not be able to access the admin
portal during the procedure, however, end user devices will continue to function.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: MongoDB
product: All other components of MongoDB Atlas (including Atlas Database, Data
Lake, Charts)

14
data/cisagov_N.yml
Unescape View File

@ -102,7 +102,9 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
-Limited to deployments running Vertica, Cloudera, or Logstash
- 'Vertica'
- 'Cloudera'
- 'Logstash'
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -133,8 +135,8 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
- Version >4.2
- <4..2.12
- '>4.2'
- '<4..2.12'
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -280,7 +282,7 @@ software:
investigated: true
affected_versions: []
fixed_versions:
- 3.0.57
- '3.0.57'
unaffected_versions: []
cve-2021-45046:
investigated: false
@ -310,7 +312,7 @@ software:
cve-2021-44228:
investigated: true
affected_versions:
- <7.4.3
- '<7.4.3'
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
@ -372,7 +374,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- 21.04.0.5552
- '21.04.0.5552'
cve-2021-45046:
investigated: false
affected_versions: []

8
data/cisagov_Non-Alphabet.yml
Unescape View File

@ -12,25 +12,25 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- ">= 1.0.0"
- '>= 1.0.0'
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ">= 1.0.0"
- '>= 1.0.0'
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ">= 1.0.0"
- '>= 1.0.0'
cve-2021-45105:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ">= 1.0.0"
- '>= 1.0.0'
vendor_links:
- https://support.1password.com/kb/202112/
notes: ''

40
data/cisagov_S.yml
Unescape View File

@ -767,13 +767,13 @@ software:
investigated: true
affected_versions: []
fixed_versions:
- Cloud
- 'Cloud'
unaffected_versions: []
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions:
- Cloud
- 'Cloud'
unaffected_versions: []
cve-2021-45105:
investigated: false
@ -798,13 +798,13 @@ software:
investigated: true
affected_versions: []
fixed_versions:
- Cloud
- 'Cloud'
unaffected_versions: []
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions:
- Cloud
- 'Cloud'
unaffected_versions: []
cve-2021-45105:
investigated: false
@ -830,13 +830,13 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
- 'All'
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
- 'All'
cve-2021-45105:
investigated: false
affected_versions: []
@ -861,13 +861,13 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
- 'All'
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
- 'All'
cve-2021-45105:
investigated: false
affected_versions: []
@ -892,13 +892,13 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
- 'All'
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
- 'All'
cve-2021-45105:
investigated: false
affected_versions: []
@ -923,13 +923,13 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
- 'All'
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
- 'All'
cve-2021-45105:
investigated: false
affected_versions: []
@ -954,13 +954,13 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
- 'All'
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
- 'All'
cve-2021-45105:
investigated: false
affected_versions: []
@ -985,13 +985,13 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
- 'All'
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
- 'All'
cve-2021-45105:
investigated: false
affected_versions: []
@ -1016,13 +1016,13 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
- 'All'
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
- 'All'
cve-2021-45105:
investigated: false
affected_versions: []
@ -1047,13 +1047,13 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
- 'All'
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
- 'All'
cve-2021-45105:
investigated: false
affected_versions: []

2
data/cisagov_V.yml
Unescape View File

@ -2584,7 +2584,7 @@ software:
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
- 'All'
cve-2021-45046:
investigated: ''
affected_versions: []

Write Preview
Loading…
Cancel
Save