Merge pull request #433 from cisagov/improvement/switch_to_yaml_files

Migrate to using YAML files to store product information
2024-11-22 16:40:48 +00:00 · 2022-01-12 15:53:10 -05:00 · 2022-01-12 15:53:10 -05:00 · cadf052d3b
commit cadf052d3b
parent 404dec8aa2 11da8a796f
34 changed files with 159424 additions and 46 deletions
--- a/.github/ISSUE_TEMPLATE/product-submission-form.yml
+++ b/.github/ISSUE_TEMPLATE/product-submission-form.yml
@ -27,30 +27,6 @@ body:
      placeholder: v2; 1.5; >3; >=4; >5, <6; etc.
    validations:
      required: true
  - type: dropdown
    id: product-status
    attributes:
      label: Product status
      description: What is the current status of the affected product?
      options:
        - Unknown
        - Affected
        - Not Affected
        - Fixed
        - Under Investigation
    validations:
      required: true
  - type: markdown
    attributes:
      value: |
        Please use the information below when selecting a status.
        - Unknown - Status unknown. Default choice.
        - Affected - Reported to be affected by CVE-2021-44228.
        - Not Affected - Reported to NOT be affected by CVE-2021-44228 and no
          further action necessary.
        - Fixed - Patch and/or mitigations available (see provided links).
        - Under Investigation - Vendor investigating status.
  - type: dropdown
    id: product-updated
    attributes:
--- a/.github/ISSUE_TEMPLATE/product-update-form.yml
+++ b/.github/ISSUE_TEMPLATE/product-update-form.yml
@ -29,28 +29,6 @@ body:
    attributes:
      label: Product version(s)
      description: What version(s) of the product are affected?
  - type: dropdown
    id: product-status
    attributes:
      label: Product status
      description: What is the current status of the affected product?
      options:
        - Unknown
        - Affected
        - Not Affected
        - Fixed
        - Under Investigation
  - type: markdown
    attributes:
      value: |
        Please use the information below when selecting a status.
        - Unknown - Status unknown. Default choice.
        - Affected - Reported to be affected by CVE-2021-44228.
        - Not Affected - Reported to NOT be affected by CVE-2021-44228 and no
          further action necessary.
        - Fixed - Patch and/or mitigations available (see provided links).
        - Under Investigation - Vendor investigating status.
  - type: dropdown
    id: product-updated
    attributes:
--- a/.github/workflows/update_software_list.yml
+++ b/.github/workflows/update_software_list.yml
@ -0,0 +1,113 @@
 ---
 name: Update the software list
 on:
  push:
    branches:
      - develop
 env:
  PIP_CACHE_DIR: ~/.cache/pip
  TESTING_BRANCH_BASE: testing/update_software_list
 jobs:
  setup:
    runs-on: ubuntu-latest
    outputs:
      # Commit author information for git
      git_author: ${{ steps.git-config.outputs.author }}
      git_email: ${{ steps.git-config.outputs.email }}
      git_user: ${{ steps.git-config.outputs.user }}
      # The name of the branch used for testing
      testing_branch: ${{ steps.testing-branch.outputs.name }}
    steps:
      - id: git-config
        run: |
          echo "::set-output name=author::$GIT_USER <$GIT_EMAIL>"
          echo "::set-output name=email::$GIT_EMAIL"
          echo "::set-output name=user::$GIT_USER"
        env:
          GIT_EMAIL: ${{ fromJson(secrets.GIT_AUTHOR_INFORMATION).user.email }}
          GIT_USER: ${{ fromJson(secrets.GIT_AUTHOR_INFORMATION).user.name }}
      - id: testing-branch
        run: echo "::set-output name=name::$BASE_BRANCH/$COMMIT_SHA"
        env:
          BASE_BRANCH: ${{ env.TESTING_BRANCH_BASE }}
          COMMIT_SHA: ${{ github.sha }}
  generate_list_update:
    runs-on: ubuntu-latest
    needs: setup
    outputs:
      # If changes are detected then a commit will have been pushed
      updated_list: ${{ steps.commit-for-testing.outputs.changes_detected }}
    # Don't run if we're seeing an update push
    if: github.actor != needs.setup.outputs.git_user
    steps:
      - uses: actions/checkout@v2
        with:
          token: ${{ secrets.CISAGOVBOT_PAT }}
      - id: setup-python
        uses: actions/setup-python@v2
        with:
          python-version: "3.10"
      - uses: actions/cache@v2
        env:
          BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
            py${{ steps.setup-python.outputs.python-version }}-"
        with:
          path: |
            ${{ env.PIP_CACHE_DIR }}
          key: "${{ env.BASE_CACHE_KEY }}\
            ${{ hashFiles('.github/workflows/update_software_list.yml') }}-\
            ${{ hashFiles('config/requirements.txt') }}"
          restore-keys: |
            ${{ env.BASE_CACHE_KEY }}
      - name: Update Python base packages
        run: python -m pip install --upgrade pip setuptools wheel
      - name: Install dependencies
        run: pip install --upgrade --requirement config/requirements.txt
      - name: Create the branch for test validation
        run: git switch --create ${{ needs.setup.outputs.testing_branch }}
      - name: Update the comprehensive cisagov YAML file
        run: normalize-yml --cisagov-format data/cisagov_*.yml > data/cisagov.yml
      - name: Generate a normalized YAML file from all source YAML files
        run: normalize-yml data/cisagov.yml > normalized.yml
      - name: Generate a Markdown table from the normalized YAML file
        run: yml2md normalized.yml > table_data.md
      - name: Generate a new software list from the updated data
        run: md-from-template config/SOFTWARE-LIST.tpl.md table_data.md > SOFTWARE-LIST.md
      - id: commit-for-testing
        uses: stefanzweifel/git-auto-commit-action@v4
        with:
          branch: ${{ needs.setup.outputs.testing_branch }}
          commit_message: Update the software list
          commit_user_name: ${{ needs.setup.outputs.git_user }}
          commit_user_email: ${{ needs.setup.outputs.git_email }}
          commit_author: ${{ needs.setup.outputs.git_author }}
          file_pattern: SOFTWARE-LIST.md data/cisagov.yml
  merge_list_update:
    runs-on: ubuntu-latest
    needs:
      - setup
      - generate_list_update
    if: needs.generate_list_update.outputs.updated_list == 'true'
    steps:
      - uses: actions/checkout@v2
        with:
          token: ${{ secrets.CISAGOVBOT_PAT }}
      - name: Configure git
        run: |
          git config user.name "${{ needs.setup.outputs.git_user }}"
          git config user.email "${{ needs.setup.outputs.git_email }}"
      - uses: lewagon/wait-on-check-action@v1.0.0
        with:
          check-name: lint
          ref: ${{ needs.setup.outputs.testing_branch }}
          repo-token: ${{ github.token }}
      - name: Merge the testing branch
        run: |
          git fetch
          git merge origin/${{ needs.setup.outputs.testing_branch }}
          git push
      - name: Cleanup testing branch
        run: git push --delete origin ${{ needs.setup.outputs.testing_branch }}
--- a/.yamllint
+++ b/.yamllint
@ -5,3 +5,6 @@ rules:
  # yamllint doesn't like when we use yes and no for true and false,
  # but that's pretty standard in Ansible.
  truthy: disable
  # Enforcing this rule would be complicated for auto-generated data right now.
  line-length: disable
--- a/config/SOFTWARE-LIST.tpl.md
+++ b/config/SOFTWARE-LIST.tpl.md
@ -0,0 +1,23 @@
 # CISA Log4j (CVE-2021-44228) Affected Vendor & Software List #
 ## Status Descriptions ##
 | Status | Description |
 | ------ | ----------- |
 | Unknown | Status unknown. Default choice. |
 | Affected | Reported to be affected by CVE-2021-44228. |
 | Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. |
 | Fixed | Patch and/or mitigations available (see provided links). |
 | Under Investigation | Vendor investigating status. |
 ## Software List ##
 This list was initially populated using information from the following sources:
 - Kevin Beaumont
 - SwitHak
 NOTE: This file is automatically generated. To submit updates, please refer to
 [`CONTRIBUTING.md`](CONTRIBUTING.md).
 {{software_markdown_table}}
--- a/config/requirements.txt
+++ b/config/requirements.txt
@ -0,0 +1 @@
 https://github.com/cisagov/log4j-md-yml/archive/v1.1.0.tar.gz
--- a/data/cisagov.yml
+++ b/data/cisagov.yml
--- a/data/cisagov_A.yml
+++ b/data/cisagov_A.yml
--- a/data/cisagov_B.yml
+++ b/data/cisagov_B.yml
--- a/data/cisagov_C.yml
+++ b/data/cisagov_C.yml
--- a/data/cisagov_D.yml
+++ b/data/cisagov_D.yml
--- a/data/cisagov_E.yml
+++ b/data/cisagov_E.yml
--- a/data/cisagov_F.yml
+++ b/data/cisagov_F.yml
--- a/data/cisagov_G.yml
+++ b/data/cisagov_G.yml
--- a/data/cisagov_H.yml
+++ b/data/cisagov_H.yml
--- a/data/cisagov_I.yml
+++ b/data/cisagov_I.yml
--- a/data/cisagov_J.yml
+++ b/data/cisagov_J.yml
--- a/data/cisagov_K.yml
+++ b/data/cisagov_K.yml
@ -0,0 +1,326 @@
 ---
 version: '1.0'
 owners:
  - name: cisagov
    url: https://github.com/cisagov/log4j-affected-db
 software:
  - vendor: K15t
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://help.k15t.com/k15t-apps-and-log4shell-193401141.html
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:54+00:00'
  - vendor: K6
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:54+00:00'
  - vendor: Karakun
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://board.karakun.com/viewtopic.php?f=21&t=8351
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:54+00:00'
  - vendor: Kaseya
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:54+00:00'
  - vendor: Keeper Security
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:54+00:00'
  - vendor: KEMP
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:54+00:00'
  - vendor: KEMP 2
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:54+00:00'
  - vendor: Kofax
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228)
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:54+00:00'
  - vendor: Konica Minolta
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.konicaminolta.de/de-de/support/log4j
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:54+00:00'
  - vendor: Kronos UKG
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:54+00:00'
  - vendor: Kyberna
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.kyberna.com/detail/log4j-sicherheitsluecke
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:54+00:00'
 ...
--- a/data/cisagov_L.yml
+++ b/data/cisagov_L.yml
--- a/data/cisagov_M.yml
+++ b/data/cisagov_M.yml
--- a/data/cisagov_N.yml
+++ b/data/cisagov_N.yml
--- a/data/cisagov_Non-Alphabet.yml
+++ b/data/cisagov_Non-Alphabet.yml
@ -0,0 +1,153 @@
 ---
 version: '1.0'
 owners:
  - name: cisagov
    url: https://github.com/cisagov/log4j-affected-db
 software:
  - vendor: 1Password
    product: All products
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://support.1password.com/kb/202112/
    notes: ''
    references:
      - ''
    last_updated: '2021-12-23T00:00:00'
  - vendor: 2n
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.2n.com/cs_CZ/novinky/produkty-2n-neohrozuje-zranitelnost-cve-2021-44228-komponenty-log4j-2
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:50+00:00'
  - vendor: 3CX
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.3cx.com/community/threads/log4j-vulnerability-cve-2021-44228.86436/#post-407911
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:50+00:00'
  - vendor: 3M Health Information Systems
    product: CGS
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://support.3mhis.com/app/account/updates/ri/5210
    notes: This advisory is available to customer only and has not been reviewed by
      CISA.
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
  - vendor: 7-Zip
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://sourceforge.net/p/sevenzip/discussion/45797/thread/b977bbd4d1
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:50+00:00'
 ...
--- a/data/cisagov_O.yml
+++ b/data/cisagov_O.yml
--- a/data/cisagov_P.yml
+++ b/data/cisagov_P.yml
@ -0,0 +1,39 @@
 ---
 version: '1.0'
 owners:
  - name: cisagov
    url: https://github.com/cisagov/log4j-affected-db
 software:
  - vendor: PagerDuty
    product: PagerDuty SaaS
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability
    notes: We currently see no evidence of compromises on our platform. Our teams
      continue to monitor for new developments and for impacts on sub-processors and
      dependent systems. PagerDuty SaaS customers do not need to take any additional
      action for their PagerDuty SaaS environment
    references:
      - ''
    last_updated: '2021-12-21T00:00:00'
 ...
--- a/data/cisagov_Q.yml
+++ b/data/cisagov_Q.yml
@ -0,0 +1,330 @@
 ---
 version: '1.0'
 owners:
  - name: cisagov
    url: https://github.com/cisagov/log4j-affected-db
 software:
  - vendor: QF-Test
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:55+00:00'
  - vendor: Qlik
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:55+00:00'
  - vendor: QMATIC
    product: Orchestra Central
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: true
        affected_versions: []
        fixed_versions: []
        unaffected_versions:
          - 6.0+
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability
    notes: ''
    references:
      - ''
    last_updated: '2021-12-21T00:00:00'
  - vendor: QMATIC
    product: Appointment Booking
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: true
        affected_versions:
          - 2.4+
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability
    notes: Update to v. 2.8.2 which contains log4j 2.16
    references:
      - ''
    last_updated: '2021-12-21T00:00:00'
  - vendor: QMATIC
    product: Insights
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: true
        affected_versions:
          - Cloud
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability
    notes: log4j 2.16 applied 2021-12-16
    references:
      - ''
    last_updated: '2021-12-21T00:00:00'
  - vendor: QMATIC
    product: Appointment Booking
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: true
        affected_versions:
          - Cloud/Managed Service
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability
    notes: log4j 2.16 applied 2021-12-15
    references:
      - ''
    last_updated: '2021-12-21T00:00:00'
  - vendor: QNAP
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.qnap.com/en-uk/security-advisory/qsa-21-58
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:55+00:00'
  - vendor: QOPPA
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:55+00:00'
  - vendor: QSC Q-SYS
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:55+00:00'
  - vendor: QT
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:55+00:00'
  - vendor: Quest Global
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:55+00:00'
 ...
--- a/data/cisagov_R.yml
+++ b/data/cisagov_R.yml
@ -0,0 +1,37 @@
 ---
 version: '1.0'
 owners:
  - name: cisagov
    url: https://github.com/cisagov/log4j-affected-db
 software:
  - vendor: Runecast
    product: Runecast Analyzer
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: true
        affected_versions: []
        fixed_versions:
          - 6.0.3
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.runecast.com/release-notes
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:55+00:00'
 ...
--- a/data/cisagov_S.yml
+++ b/data/cisagov_S.yml
--- a/data/cisagov_T.yml
+++ b/data/cisagov_T.yml
--- a/data/cisagov_U.yml
+++ b/data/cisagov_U.yml
@ -0,0 +1,272 @@
 ---
 version: '1.0'
 owners:
  - name: cisagov
    url: https://github.com/cisagov/log4j-affected-db
 software:
  - vendor: Ubiquiti
    product: UniFi Network Application
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: true
        affected_versions:
          - 6.5.53 & lower versions
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: Ubiquiti
    product: UniFi Network Controller
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: true
        affected_versions:
          - 6.5.54 & lower versions
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e
    notes: ''
    references:
      - 6.5.54 is reported to still be vulnerable. 6.5.55 is the new recommendation
        for mitigatin log4j vulnerabilities by updating to log4j 2.16.0
    last_updated: '2021-12-15T00:00:00'
  - vendor: Ubuntu
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://ubuntu.com/security/CVE-2021-44228
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: Umbraco
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: UniFlow
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.uniflow.global/en/security/security-and-maintenance/
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: Unify ATOS
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://networks.unify.com/security/advisories/OBSO-2112-01.pdf
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: Unimus
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://forum.unimus.net/viewtopic.php?f=7&t=1390#top
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: UiPath
    product: InSights
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: true
        affected_versions:
          - '20.10'
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.uipath.com/legal/trust-and-security/cve-2021-44228
    notes: ''
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
  - vendor: USSIGNAL MSP
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://ussignal.com/blog/apache-log4j-vulnerability
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
 ...
--- a/data/cisagov_V.yml
+++ b/data/cisagov_V.yml
--- a/data/cisagov_W.yml
+++ b/data/cisagov_W.yml
@ -0,0 +1,446 @@
 ---
 version: '1.0'
 owners:
  - name: cisagov
    url: https://github.com/cisagov/log4j-affected-db
 software:
  - vendor: WAGO
    product: WAGO Smart Script
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: true
        affected_versions:
          - 4.2.x < 4.8.1.3
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.wago.com/de/automatisierungstechnik/psirt#log4j
    notes: ''
    references:
      - ''
    last_updated: '2021-12-17T00:00:00'
  - vendor: Wallarm
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://lab.wallarm.com/cve-2021-44228-mitigation-update/
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: Wasp Barcode technologies
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: WatchGuard
    product: Secplicity
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: Western Digital
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: WIBU Systems
    product: CodeMeter Keyring for TIA Portal
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: true
        affected_versions:
          - 1.30 and prior
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf
    notes: Only the Password Manager is affected
    references:
      - ''
    last_updated: '2021-12-22T00:00:00'
  - vendor: WIBU Systems
    product: CodeMeter Cloud Lite
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: true
        affected_versions:
          - 2.2 and prior
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf
    notes: ''
    references:
      - ''
    last_updated: '2021-12-22T00:00:00'
  - vendor: WindRiver
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: WireShark
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://gitlab.com/wireshark/wireshark/-/issues/17783
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: Wistia
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://status.wistia.com/incidents/jtg0dfl5l224
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: WitFoo
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: WordPress
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: Worksphere
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: Wowza
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: WSO2
    product: WSO2 Enterprise Integrator
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: true
        affected_versions:
          - 6.1.0 and above
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://docs.wso2.com/pages/viewpage.action?pageId=180948677
    notes: A temporary mitigation is available while vendor works on update
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
 ...
--- a/data/cisagov_X.yml
+++ b/data/cisagov_X.yml
@ -0,0 +1,651 @@
 ---
 version: '1.0'
 owners:
  - name: cisagov
    url: https://github.com/cisagov/log4j-affected-db
 software:
  - vendor: XCP-ng
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: XenForo
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: Xerox
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://securitydocs.business.xerox.com/wp-content/uploads/2021/12/Xerox-Special-Bulletin-XRX21-021-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.6.pdf
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: XPertDoc
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://kb.xpertdoc.com/pages/viewpage.action?pageId=87622727
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: XPLG
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.xplg.com/log4j-vulnerability-exploit-log4shell-xplg-secure/
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: XWIKI
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-zero-day-vulnerability/9557
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: Xylem
    product: Aquatalk
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
    notes: ''
    references:
      - ''
    last_updated: '2021-12-22T00:00:00'
  - vendor: Xylem
    product: Avensor
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
    notes: ''
    references:
      - ''
    last_updated: '2021-12-22T00:00:00'
  - vendor: Xylem
    product: Sensus Analytics
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
    notes: ''
    references:
      - ''
    last_updated: '2021-12-22T00:00:00'
  - vendor: Xylem
    product: Sensus Automation Control Configuration change complete
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
    notes: ''
    references:
      - ''
    last_updated: '2021-12-22T00:00:00'
  - vendor: Xylem
    product: Sensus Cathodic Protection Mitigation in process Mitigation in process
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
    notes: ''
    references:
      - ''
    last_updated: '2021-12-22T00:00:00'
  - vendor: Xylem
    product: Sensus FieldLogic LogServer
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
    notes: ''
    references:
      - ''
    last_updated: '2021-12-22T00:00:00'
  - vendor: Xylem
    product: Sensus Lighting Control
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
    notes: ''
    references:
      - ''
    last_updated: '2021-12-22T00:00:00'
  - vendor: Xylem
    product: Sensus NetMetrics Configuration change complete
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
    notes: ''
    references:
      - ''
    last_updated: '2021-12-22T00:00:00'
  - vendor: Xylem
    product: Sensus RNI Saas
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: true
        affected_versions:
          - 4.7 through 4.10
          - 4.4 through 4.6
          - '4.2'
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
    notes: ''
    references:
      - ''
    last_updated: '2021-12-22T00:00:00'
  - vendor: Xylem
    product: Sensus RNI On Prem
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: true
        affected_versions:
          - 4.7 through 4.10
          - 4.4 through 4.6
          - '4.2'
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
    notes: ''
    references:
      - ''
    last_updated: '2021-12-22T00:00:00'
  - vendor: Xylem
    product: Sensus SCS
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
    notes: ''
    references:
      - ''
    last_updated: '2021-12-22T00:00:00'
  - vendor: Xylem
    product: Smart Irrigation
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
    notes: ''
    references:
      - ''
    last_updated: '2021-12-22T00:00:00'
  - vendor: Xylem
    product: Water Loss Management (Visenti)
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
    notes: ''
    references:
      - ''
    last_updated: '2021-12-22T00:00:00'
  - vendor: Xylem
    product: Configuration change complete
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
    notes: ''
    references:
      - ''
    last_updated: '2021-12-22T00:00:00'
  - vendor: Xylem
    product: Xylem Cloud
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
    notes: ''
    references:
      - ''
    last_updated: '2021-12-22T00:00:00'
  - vendor: Xylem
    product: Xylem Edge Gateway (xGW)
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf
    notes: ''
    references:
      - ''
    last_updated: '2021-12-22T00:00:00'
 ...
--- a/data/cisagov_Y.yml
+++ b/data/cisagov_Y.yml
@ -0,0 +1,123 @@
 ---
 version: '1.0'
 owners:
  - name: cisagov
    url: https://github.com/cisagov/log4j-affected-db
 software:
  - vendor: Yellowbrick
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: YellowFin
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: YOKOGAWA
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/
    notes: ''
    references:
      - ''
    last_updated: '2021-12-22T00:00:00'
  - vendor: YSoft SAFEQ
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
 ...
--- a/data/cisagov_Z.yml
+++ b/data/cisagov_Z.yml
@ -0,0 +1,477 @@
 ---
 version: '1.0'
 owners:
  - name: cisagov
    url: https://github.com/cisagov/log4j-affected-db
 software:
  - vendor: Zabbix
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://blog.zabbix.com/zabbix-not-affected-by-the-log4j-exploit/17873/
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: ZAMMAD
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: Zaproxy
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: Zebra
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.zebra.com/us/en/support-downloads/lifeguard-security/cve-2021-442280-dubbed-log4shell-or-logjam-vulnerability.html
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: Zendesk
    product: All Products
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: true
        affected_versions:
          - All Versions
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://support.zendesk.com/hc/en-us/articles/4413583476122
    notes: Zendesk products are all cloud-based; thus there are no updates for the
      customers to install as the company is working on patching their infrastructure
      and systems.
    references:
      - ''
    last_updated: '2021-12-13T00:00:00'
  - vendor: Zenoss
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://support.zenoss.com/hc/en-us
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: Zentera Systems, Inc.
    product: CoIP Access Platform
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: true
        affected_versions: []
        fixed_versions: []
        unaffected_versions:
          - All
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://support.zentera.net/hc/en-us/articles/4416227743511--CVE-2021-44228-Log4Shell-Vulnerability-in-Apache-Log4j
    notes: ''
    references:
      - ''
    last_updated: '2021-12-17T00:00:00'
  - vendor: Zerto
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://help.zerto.com/kb/000004822
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: Zesty
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.zesty.io/mindshare/company-announcements/log4j-exploit/
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: Zimbra
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://bugzilla.zimbra.com/show_bug.cgi?id=109428
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: Zix
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://status.appriver.com/
    notes: ''
    references:
      - ''
    last_updated: '2021-12-16T00:00:00'
  - vendor: Zoom
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: ZPE systems Inc
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://support.zpesystems.com/portal/en/kb/articles/is-nodegrid-os-and-zpe-cloud-affected-by-cve-2021-44228-apache-log4j
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: Zscaler
    product: See Link (Multiple Products)
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://trust.zscaler.com/posts/9581
    notes: ''
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
  - vendor: Zyxel
    product: ''
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.zyxel.com/support/Zyxel_security_advisory_for_Apache_Log4j_RCE_vulnerability.shtml
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
  - vendor: Zyxel
    product: Security Firewall/Gateways
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: true
        affected_versions: []
        fixed_versions: []
        unaffected_versions:
          - ZLD Firmware Security Services
          - Nebula
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability
    notes: ''
    references:
      - ''
    last_updated: '2021-12-14T00:00:00'
 ...
		`@ -0,0 +1 @@`
							`https://github.com/cisagov/log4j-md-yml/archive/v1.1.0.tar.gz`