1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-22 16:40:48 +00:00

Merge branch 'develop' into contributing-adjustments

This commit is contained in:
iainDe 2022-01-05 15:13:25 -05:00 committed by GitHub
commit c7f02fe859
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -1326,7 +1326,24 @@ This list was initially populated using information from the following sources:
| HENIX | Squash TM | 1.21.7 - 1.22.9, 2.0.3 - 2.1.5, 2.2.0 - 3.0.2 | Fixed | | [Vendor Link](https://tm-en.doc.squashtest.com/v3/downloads.html#download-previous-versions) | | | 12/23/2021 |
| Hexagon | | | | | [Hexagon Statement](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2?language=en_US) | | | |
| Hikvision | | | | | [Hikvision](https://video.xortec.de/media/pdf/87/e8/03/kw50_Update-for-Apache-Log4j2-Issue-Hikvision_official.pdf) | | | |
| Hitachi Energy | 3rd party - Elastic Search, Kibana | Elasticsearch 5.0.0+ | Fixed | No | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | Set the JVM option -Dlog4j2.formatMsgNoLookups=true and restart each node of the cluster. | | 01/05/2022 |
| Hitachi Energy | Axis | 3.6 | Fixed | No | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | No action is required by customers. Axis is a fully SaaS hosted solution adn the enviroment has been patched per the recommendations | | 01/05/2022 |
| Hitachi Energy | Counterparty Settlement and Billing (CSB) | v6 | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | | | 01/05/2022 |
| Hitachi Energy | e-Mesh Monitor | | Fixed | No | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | No end-user action needed. The affected e-Mesh Monitor part is at the cloud offering side of which the remediation is handled by Hitachi Energy team. Remediation is currently ongoing, and during this time period, e-Mesh Monitor edge device is not able to upload data to cloud. | | 01/05/2022 |
| Hitachi Energy | eSOMS | | Not Affected | | [Hitachi Energy](https://www.hitachienergy.com/offering/solutions/cybersecurity/alerts-and-notifications) | | | |
| Hitachi Energy | FOXMAN-UN | R15A, R14B, R14A, R11B SP1 | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | A patch is available for releases R15A, R14B, R14A and R11B SP1. . For details on how to apply such patch, please refer to the technical bulletin “FOXMAN-UN - Installation of Log4j Patch”, version A (1KHW029176) available in the Hitachi Energy Customer Connect Portal. | | 01/05/2022 |
| Hitachi Energy | FOXMAN-UN | R11A and R10 series | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | Apply General Mitigations and upgrade to latest version. For upgrades, please get in touch with your Hitachi Energy contacts. | | 01/05/2022 |
| Hitachi Energy | Lumada APM SaaS offering | | Fixed | No | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | No action is required by customers. The SaaS offering has been patched per the recommendations. | | 01/05/2022 |
| Hitachi Energy | Lumada APM On-premises | | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | See vendor advisory for instructions for various versions. | | 01/05/2022 |
| Hitachi Energy | Lumada EAM / FSM | v1.7.x, v1.8.x, v1.9.x | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | See Section Mitigation Strategy in vendor advisory. | | 01/05/2022 |
| Hitachi Energy | MMS Internal facing subcomponent. | | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | | | 01/05/2022 |
| Hitachi Energy | Network Manager Outage Management Interface (CMI) | 9.0 - 9.10.44, 9.1.1, 10.3.4 | Fixed | No | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | See vendor advisory for instructions on mitigation steps. | | 01/05/2022 |
| Hitachi Energy | Network Manager ADMS Network Model Server | 9.1.0.32 - 9.1.0.44 | Fixed | No | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | See vendor advisory for instructions on mitigation steps. | | 01/05/2022 |
| Hitachi Energy | 3rd party - Oracle Database Components | 12.1, 12.2, 19c | Fixed | | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | As this is a third-party component, a separate patch management report will be provided to customers with the steps to apply the Oracle provided patches for these components. | | 01/05/2022 |
| Hitachi Energy | nMarket Global I-SEM | 3.7.15, 3.7.16 | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | | | 01/05/2022 |
| Hitachi Energy | RelCare | 2.0.0 | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | No action is required by customers. The RelCare SaaS hosted solution and the on-premises have been patched per the recommendations. | | 01/05/2022 |
| Hitachi Energy | UNEM | R15A, R14B, R14A, R11B SP1 | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | A patch is available for releases R15A, R14B, R14A and R11B SP1. For details on how to apply such patch, please refer to the technical bulletin “UNEM - Installation of Log4j Patch”, version A (1KHW029176) available in the Hitachi Energy Customer Connect Portal. | | 01/05/2022 |
| Hitachi Energy | UNEM | R11A and R10 series | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | Apply General Mitigations and upgrade to latest version. For upgrades, please get in touch with your Hitachi Energy contacts. | | 01/05/2022 |
| Hitachi Vantara | | | | | [Hitachi Vantara](https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2) | | | |
| Honeywell | | | | | [Honeywell Statement](https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability) | | | |
| HP | Teradici Cloud Access Controller | < v113 | Fixed | Yes | [Apache Log4j update for Teradici PCoIP Connection Manager, Teradici Cloud Access Connector, Teradici PCoIP License Server, Teradici Management Console, and Teradici EMSDK](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | 2021-12-17 |
@ -2662,6 +2679,13 @@ This list was initially populated using information from the following sources:
| TPLink |Omega Controller|Linux/Windows(all)|Affected|Yes|[Statement on Apache Log4j Vulnerability](https://www.tp-link.com/us/support/faq/3255)|Update is Beta. Reddit: overwritten vulnerable log4j with 2.15 files as potential workaround. Though that should now be done with 2.16|[Tp Community Link](https://community.tp-link.com/en/business/forum/topic/514452),[Reddit Link](https://www.reddit.com/r/TPLink_Omada/comments/rdzvlp/updating_the_sdn_to_protect_against_the_log4j)|12/15/2021|
| TrendMicro | All | | Under Investigation | | [https://success.trendmicro.com/solution/000289940](https://success.trendmicro.com/solution/000289940) | | | |
| Tricentis Tosca | | | | | [Tricentis Tosca Statement](https://support-hub.tricentis.com/open?number=NEW0001148&id=post) | | | |
| Tripp Lite | LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) | | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | | | 01/04/2022 |
| Tripp Lite | SNMPWEBCARD, SRCOOLNET, SRCOOLNET2 and devices with pre-installed or embedded SNMPWEBCARD | | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | | | 01/04/2022 |
| Tripp Lite | PowerAlert Local (PAL) | | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability. | | 01/04/2022 |
| Tripp Lite | PowerAlert Network Shutdown Agent (PANSA) | | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | Some versions of PANSA use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability.| | 01/04/2022 |
| Tripp Lite | PowerAlert Network Management System (PANMS) | | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) |Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability. | | 01/04/2022 |
| Tripp Lite | TLNETCARD and associated software| | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | | | 01/04/2022 |
| Tripp Lite | PowerAlertElement Manager (PAEM)| 1.0.0 | Affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | Tripp Lite will soon be issuing a patch in the form of PAEM 1.0.1 which will contain a patched version of Log4j2 | |01/04/2022 |
| Tripwire | | | | | [Tripwire Log4j Statement](https://www.tripwire.com/log4j) | | | |
| Trimble | eCognition | 10.2.0 Build 4618 | Affected | No | Details are shared with active subscribers | Remediation steps provided by Trimble | | 12/23/2021 |
| TrueNAS | | | | | [TrueNAS Statement](https://www.truenas.com/community/threads/log4j-vulnerability.97359/post-672559) | | | |
@ -2816,6 +2840,6 @@ This list was initially populated using information from the following sources:
| Zix | | | | | [Zix Appriver Statement](https://status.appriver.com/) | | | 12/16/2021 |
| Zoom | | | | | [Zoom Security Exposure](https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache) | | | |
| ZPE systems Inc | | | | | [ZpeSystems CVE-2021-44228](https://support.zpesystems.com/portal/en/kb/articles/is-nodegrid-os-and-zpe-cloud-affected-by-cve-2021-44228-apache-log4j) | | | |
| Zscaler | See Link (Multiple Products) | | Not Affected | No | [CVE-2021-44228 log4j Vulnerability](https://trust.zscaler.com/posts/9581) | | | 12/15/2021 |
| Zscaler | See Link (Multiple Products) | | Fixed | Yes | [CVE-2021-44228 log4j Vulnerability](https://trust.zscaler.com/posts/9581) | | | 12/15/2021 |
| Zyxel | | | | | [Zyxel Security Advisory for Apache Log4j](https://www.zyxel.com/support/Zyxel_security_advisory_for_Apache_Log4j_RCE_vulnerability.shtml) | | | |
| Zyxel | Security Firewall/Gateways | ZLD Firmware Security Services, Nebula | Not Affected | N/A | [Zyxel Security Advisory](https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability) | | | 12/14/2021 |