1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-22 08:30:48 +00:00

Merge pull request #433 from cisagov/improvement/switch_to_yaml_files

Migrate to using YAML files to store product information
This commit is contained in:
Nick 2022-01-12 15:53:10 -05:00 committed by GitHub
commit cadf052d3b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
34 changed files with 159424 additions and 46 deletions

View file

@ -27,30 +27,6 @@ body:
placeholder: v2; 1.5; >3; >=4; >5, <6; etc.
validations:
required: true
- type: dropdown
id: product-status
attributes:
label: Product status
description: What is the current status of the affected product?
options:
- Unknown
- Affected
- Not Affected
- Fixed
- Under Investigation
validations:
required: true
- type: markdown
attributes:
value: |
Please use the information below when selecting a status.
- Unknown - Status unknown. Default choice.
- Affected - Reported to be affected by CVE-2021-44228.
- Not Affected - Reported to NOT be affected by CVE-2021-44228 and no
further action necessary.
- Fixed - Patch and/or mitigations available (see provided links).
- Under Investigation - Vendor investigating status.
- type: dropdown
id: product-updated
attributes:

View file

@ -29,28 +29,6 @@ body:
attributes:
label: Product version(s)
description: What version(s) of the product are affected?
- type: dropdown
id: product-status
attributes:
label: Product status
description: What is the current status of the affected product?
options:
- Unknown
- Affected
- Not Affected
- Fixed
- Under Investigation
- type: markdown
attributes:
value: |
Please use the information below when selecting a status.
- Unknown - Status unknown. Default choice.
- Affected - Reported to be affected by CVE-2021-44228.
- Not Affected - Reported to NOT be affected by CVE-2021-44228 and no
further action necessary.
- Fixed - Patch and/or mitigations available (see provided links).
- Under Investigation - Vendor investigating status.
- type: dropdown
id: product-updated
attributes:

View file

@ -0,0 +1,113 @@
---
name: Update the software list
on:
push:
branches:
- develop
env:
PIP_CACHE_DIR: ~/.cache/pip
TESTING_BRANCH_BASE: testing/update_software_list
jobs:
setup:
runs-on: ubuntu-latest
outputs:
# Commit author information for git
git_author: ${{ steps.git-config.outputs.author }}
git_email: ${{ steps.git-config.outputs.email }}
git_user: ${{ steps.git-config.outputs.user }}
# The name of the branch used for testing
testing_branch: ${{ steps.testing-branch.outputs.name }}
steps:
- id: git-config
run: |
echo "::set-output name=author::$GIT_USER <$GIT_EMAIL>"
echo "::set-output name=email::$GIT_EMAIL"
echo "::set-output name=user::$GIT_USER"
env:
GIT_EMAIL: ${{ fromJson(secrets.GIT_AUTHOR_INFORMATION).user.email }}
GIT_USER: ${{ fromJson(secrets.GIT_AUTHOR_INFORMATION).user.name }}
- id: testing-branch
run: echo "::set-output name=name::$BASE_BRANCH/$COMMIT_SHA"
env:
BASE_BRANCH: ${{ env.TESTING_BRANCH_BASE }}
COMMIT_SHA: ${{ github.sha }}
generate_list_update:
runs-on: ubuntu-latest
needs: setup
outputs:
# If changes are detected then a commit will have been pushed
updated_list: ${{ steps.commit-for-testing.outputs.changes_detected }}
# Don't run if we're seeing an update push
if: github.actor != needs.setup.outputs.git_user
steps:
- uses: actions/checkout@v2
with:
token: ${{ secrets.CISAGOVBOT_PAT }}
- id: setup-python
uses: actions/setup-python@v2
with:
python-version: "3.10"
- uses: actions/cache@v2
env:
BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
py${{ steps.setup-python.outputs.python-version }}-"
with:
path: |
${{ env.PIP_CACHE_DIR }}
key: "${{ env.BASE_CACHE_KEY }}\
${{ hashFiles('.github/workflows/update_software_list.yml') }}-\
${{ hashFiles('config/requirements.txt') }}"
restore-keys: |
${{ env.BASE_CACHE_KEY }}
- name: Update Python base packages
run: python -m pip install --upgrade pip setuptools wheel
- name: Install dependencies
run: pip install --upgrade --requirement config/requirements.txt
- name: Create the branch for test validation
run: git switch --create ${{ needs.setup.outputs.testing_branch }}
- name: Update the comprehensive cisagov YAML file
run: normalize-yml --cisagov-format data/cisagov_*.yml > data/cisagov.yml
- name: Generate a normalized YAML file from all source YAML files
run: normalize-yml data/cisagov.yml > normalized.yml
- name: Generate a Markdown table from the normalized YAML file
run: yml2md normalized.yml > table_data.md
- name: Generate a new software list from the updated data
run: md-from-template config/SOFTWARE-LIST.tpl.md table_data.md > SOFTWARE-LIST.md
- id: commit-for-testing
uses: stefanzweifel/git-auto-commit-action@v4
with:
branch: ${{ needs.setup.outputs.testing_branch }}
commit_message: Update the software list
commit_user_name: ${{ needs.setup.outputs.git_user }}
commit_user_email: ${{ needs.setup.outputs.git_email }}
commit_author: ${{ needs.setup.outputs.git_author }}
file_pattern: SOFTWARE-LIST.md data/cisagov.yml
merge_list_update:
runs-on: ubuntu-latest
needs:
- setup
- generate_list_update
if: needs.generate_list_update.outputs.updated_list == 'true'
steps:
- uses: actions/checkout@v2
with:
token: ${{ secrets.CISAGOVBOT_PAT }}
- name: Configure git
run: |
git config user.name "${{ needs.setup.outputs.git_user }}"
git config user.email "${{ needs.setup.outputs.git_email }}"
- uses: lewagon/wait-on-check-action@v1.0.0
with:
check-name: lint
ref: ${{ needs.setup.outputs.testing_branch }}
repo-token: ${{ github.token }}
- name: Merge the testing branch
run: |
git fetch
git merge origin/${{ needs.setup.outputs.testing_branch }}
git push
- name: Cleanup testing branch
run: git push --delete origin ${{ needs.setup.outputs.testing_branch }}

View file

@ -5,3 +5,6 @@ rules:
# yamllint doesn't like when we use yes and no for true and false,
# but that's pretty standard in Ansible.
truthy: disable
# Enforcing this rule would be complicated for auto-generated data right now.
line-length: disable

View file

@ -0,0 +1,23 @@
# CISA Log4j (CVE-2021-44228) Affected Vendor & Software List #
## Status Descriptions ##
| Status | Description |
| ------ | ----------- |
| Unknown | Status unknown. Default choice. |
| Affected | Reported to be affected by CVE-2021-44228. |
| Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. |
| Fixed | Patch and/or mitigations available (see provided links). |
| Under Investigation | Vendor investigating status. |
## Software List ##
This list was initially populated using information from the following sources:
- Kevin Beaumont
- SwitHak
NOTE: This file is automatically generated. To submit updates, please refer to
[`CONTRIBUTING.md`](CONTRIBUTING.md).
{{software_markdown_table}}

1
config/requirements.txt Normal file
View file

@ -0,0 +1 @@
https://github.com/cisagov/log4j-md-yml/archive/v1.1.0.tar.gz

79551
data/cisagov.yml Normal file

File diff suppressed because it is too large Load diff

4995
data/cisagov_A.yml Normal file

File diff suppressed because it is too large Load diff

4274
data/cisagov_B.yml Normal file

File diff suppressed because it is too large Load diff

7343
data/cisagov_C.yml Normal file

File diff suppressed because it is too large Load diff

9992
data/cisagov_D.yml Normal file

File diff suppressed because it is too large Load diff

4762
data/cisagov_E.yml Normal file

File diff suppressed because it is too large Load diff

2095
data/cisagov_F.yml Normal file

File diff suppressed because it is too large Load diff

5164
data/cisagov_G.yml Normal file

File diff suppressed because it is too large Load diff

5961
data/cisagov_H.yml Normal file

File diff suppressed because it is too large Load diff

7006
data/cisagov_I.yml Normal file

File diff suppressed because it is too large Load diff

1767
data/cisagov_J.yml Normal file

File diff suppressed because it is too large Load diff

326
data/cisagov_K.yml Normal file
View file

@ -0,0 +1,326 @@
---
version: '1.0'
owners:
- name: cisagov
url: https://github.com/cisagov/log4j-affected-db
software:
- vendor: K15t
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://help.k15t.com/k15t-apps-and-log4shell-193401141.html
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: K6
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: Karakun
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://board.karakun.com/viewtopic.php?f=21&t=8351
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: Kaseya
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: Keeper Security
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: KEMP
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: KEMP 2
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: Kofax
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228)
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: Konica Minolta
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.konicaminolta.de/de-de/support/log4j
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: Kronos UKG
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
- vendor: Kyberna
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.kyberna.com/detail/log4j-sicherheitsluecke
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:54+00:00'
...

2984
data/cisagov_L.yml Normal file

File diff suppressed because it is too large Load diff

2821
data/cisagov_M.yml Normal file

File diff suppressed because it is too large Load diff

1817
data/cisagov_N.yml Normal file

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,153 @@
---
version: '1.0'
owners:
- name: cisagov
url: https://github.com/cisagov/log4j-affected-db
software:
- vendor: 1Password
product: All products
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://support.1password.com/kb/202112/
notes: ''
references:
- ''
last_updated: '2021-12-23T00:00:00'
- vendor: 2n
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.2n.com/cs_CZ/novinky/produkty-2n-neohrozuje-zranitelnost-cve-2021-44228-komponenty-log4j-2
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: 3CX
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.3cx.com/community/threads/log4j-vulnerability-cve-2021-44228.86436/#post-407911
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: 3M Health Information Systems
product: CGS
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://support.3mhis.com/app/account/updates/ri/5210
notes: This advisory is available to customer only and has not been reviewed by
CISA.
references:
- ''
last_updated: '2021-12-15T00:00:00'
- vendor: 7-Zip
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://sourceforge.net/p/sevenzip/discussion/45797/thread/b977bbd4d1
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
...

1232
data/cisagov_O.yml Normal file

File diff suppressed because it is too large Load diff

39
data/cisagov_P.yml Normal file
View file

@ -0,0 +1,39 @@
---
version: '1.0'
owners:
- name: cisagov
url: https://github.com/cisagov/log4j-affected-db
software:
- vendor: PagerDuty
product: PagerDuty SaaS
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability
notes: We currently see no evidence of compromises on our platform. Our teams
continue to monitor for new developments and for impacts on sub-processors and
dependent systems. PagerDuty SaaS customers do not need to take any additional
action for their PagerDuty SaaS environment
references:
- ''
last_updated: '2021-12-21T00:00:00'
...

330
data/cisagov_Q.yml Normal file
View file

@ -0,0 +1,330 @@
---
version: '1.0'
owners:
- name: cisagov
url: https://github.com/cisagov/log4j-affected-db
software:
- vendor: QF-Test
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:55+00:00'
- vendor: Qlik
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:55+00:00'
- vendor: QMATIC
product: Orchestra Central
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- 6.0+
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability
notes: ''
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: QMATIC
product: Appointment Booking
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 2.4+
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability
notes: Update to v. 2.8.2 which contains log4j 2.16
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: QMATIC
product: Insights
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- Cloud
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability
notes: log4j 2.16 applied 2021-12-16
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: QMATIC
product: Appointment Booking
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- Cloud/Managed Service
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability
notes: log4j 2.16 applied 2021-12-15
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: QNAP
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.qnap.com/en-uk/security-advisory/qsa-21-58
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:55+00:00'
- vendor: QOPPA
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:55+00:00'
- vendor: QSC Q-SYS
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:55+00:00'
- vendor: QT
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:55+00:00'
- vendor: Quest Global
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:55+00:00'
...

37
data/cisagov_R.yml Normal file
View file

@ -0,0 +1,37 @@
---
version: '1.0'
owners:
- name: cisagov
url: https://github.com/cisagov/log4j-affected-db
software:
- vendor: Runecast
product: Runecast Analyzer
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- 6.0.3
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.runecast.com/release-notes
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:55+00:00'
...

8778
data/cisagov_S.yml Normal file

File diff suppressed because it is too large Load diff

3285
data/cisagov_T.yml Normal file

File diff suppressed because it is too large Load diff

272
data/cisagov_U.yml Normal file
View file

@ -0,0 +1,272 @@
---
version: '1.0'
owners:
- name: cisagov
url: https://github.com/cisagov/log4j-affected-db
software:
- vendor: Ubiquiti
product: UniFi Network Application
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 6.5.53 & lower versions
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Ubiquiti
product: UniFi Network Controller
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 6.5.54 & lower versions
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e
notes: ''
references:
- 6.5.54 is reported to still be vulnerable. 6.5.55 is the new recommendation
for mitigatin log4j vulnerabilities by updating to log4j 2.16.0
last_updated: '2021-12-15T00:00:00'
- vendor: Ubuntu
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://ubuntu.com/security/CVE-2021-44228
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Umbraco
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: UniFlow
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.uniflow.global/en/security/security-and-maintenance/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Unify ATOS
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://networks.unify.com/security/advisories/OBSO-2112-01.pdf
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Unimus
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.unimus.net/viewtopic.php?f=7&t=1390#top
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: UiPath
product: InSights
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- '20.10'
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.uipath.com/legal/trust-and-security/cve-2021-44228
notes: ''
references:
- ''
last_updated: '2021-12-15T00:00:00'
- vendor: USSIGNAL MSP
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://ussignal.com/blog/apache-log4j-vulnerability
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
...

2603
data/cisagov_V.yml Normal file

File diff suppressed because it is too large Load diff

446
data/cisagov_W.yml Normal file
View file

@ -0,0 +1,446 @@
---
version: '1.0'
owners:
- name: cisagov
url: https://github.com/cisagov/log4j-affected-db
software:
- vendor: WAGO
product: WAGO Smart Script
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 4.2.x < 4.8.1.3
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.wago.com/de/automatisierungstechnik/psirt#log4j
notes: ''
references:
- ''
last_updated: '2021-12-17T00:00:00'
- vendor: Wallarm
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://lab.wallarm.com/cve-2021-44228-mitigation-update/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Wasp Barcode technologies
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: WatchGuard
product: Secplicity
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Western Digital
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: WIBU Systems
product: CodeMeter Keyring for TIA Portal
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 1.30 and prior
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf
notes: Only the Password Manager is affected
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: WIBU Systems
product: CodeMeter Cloud Lite
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 2.2 and prior
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: WindRiver
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: WireShark
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://gitlab.com/wireshark/wireshark/-/issues/17783
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Wistia
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://status.wistia.com/incidents/jtg0dfl5l224
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: WitFoo
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: WordPress
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Worksphere
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Wowza
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: WSO2
product: WSO2 Enterprise Integrator
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 6.1.0 and above
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://docs.wso2.com/pages/viewpage.action?pageId=180948677
notes: A temporary mitigation is available while vendor works on update
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
...

651
data/cisagov_X.yml Normal file
View file

@ -0,0 +1,651 @@
---
version: '1.0'
owners:
- name: cisagov
url: https://github.com/cisagov/log4j-affected-db
software:
- vendor: XCP-ng
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: XenForo
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Xerox
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://securitydocs.business.xerox.com/wp-content/uploads/2021/12/Xerox-Special-Bulletin-XRX21-021-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.6.pdf
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: XPertDoc
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://kb.xpertdoc.com/pages/viewpage.action?pageId=87622727
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: XPLG
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.xplg.com/log4j-vulnerability-exploit-log4shell-xplg-secure/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: XWIKI
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-zero-day-vulnerability/9557
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Xylem
product: Aquatalk
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Avensor
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Sensus Analytics
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Sensus Automation Control Configuration change complete
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Sensus Cathodic Protection Mitigation in process Mitigation in process
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Sensus FieldLogic LogServer
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Sensus Lighting Control
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Sensus NetMetrics Configuration change complete
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Sensus RNI Saas
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 4.7 through 4.10
- 4.4 through 4.6
- '4.2'
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Sensus RNI On Prem
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 4.7 through 4.10
- 4.4 through 4.6
- '4.2'
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Sensus SCS
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Smart Irrigation
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Water Loss Management (Visenti)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Configuration change complete
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Xylem Cloud
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Xylem
product: Xylem Edge Gateway (xGW)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
...

123
data/cisagov_Y.yml Normal file
View file

@ -0,0 +1,123 @@
---
version: '1.0'
owners:
- name: cisagov
url: https://github.com/cisagov/log4j-affected-db
software:
- vendor: Yellowbrick
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: YellowFin
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: YOKOGAWA
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/
notes: ''
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: YSoft SAFEQ
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
...

477
data/cisagov_Z.yml Normal file
View file

@ -0,0 +1,477 @@
---
version: '1.0'
owners:
- name: cisagov
url: https://github.com/cisagov/log4j-affected-db
software:
- vendor: Zabbix
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://blog.zabbix.com/zabbix-not-affected-by-the-log4j-exploit/17873/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: ZAMMAD
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Zaproxy
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Zebra
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.zebra.com/us/en/support-downloads/lifeguard-security/cve-2021-442280-dubbed-log4shell-or-logjam-vulnerability.html
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Zendesk
product: All Products
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- All Versions
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://support.zendesk.com/hc/en-us/articles/4413583476122
notes: Zendesk products are all cloud-based; thus there are no updates for the
customers to install as the company is working on patching their infrastructure
and systems.
references:
- ''
last_updated: '2021-12-13T00:00:00'
- vendor: Zenoss
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://support.zenoss.com/hc/en-us
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Zentera Systems, Inc.
product: CoIP Access Platform
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://support.zentera.net/hc/en-us/articles/4416227743511--CVE-2021-44228-Log4Shell-Vulnerability-in-Apache-Log4j
notes: ''
references:
- ''
last_updated: '2021-12-17T00:00:00'
- vendor: Zerto
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://help.zerto.com/kb/000004822
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Zesty
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.zesty.io/mindshare/company-announcements/log4j-exploit/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Zimbra
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://bugzilla.zimbra.com/show_bug.cgi?id=109428
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Zix
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://status.appriver.com/
notes: ''
references:
- ''
last_updated: '2021-12-16T00:00:00'
- vendor: Zoom
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: ZPE systems Inc
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://support.zpesystems.com/portal/en/kb/articles/is-nodegrid-os-and-zpe-cloud-affected-by-cve-2021-44228-apache-log4j
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Zscaler
product: See Link (Multiple Products)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://trust.zscaler.com/posts/9581
notes: ''
references:
- ''
last_updated: '2021-12-15T00:00:00'
- vendor: Zyxel
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.zyxel.com/support/Zyxel_security_advisory_for_Apache_Log4j_RCE_vulnerability.shtml
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:56+00:00'
- vendor: Zyxel
product: Security Firewall/Gateways
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ZLD Firmware Security Services
- Nebula
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability
notes: ''
references:
- ''
last_updated: '2021-12-14T00:00:00'
...