From cdc5a681821688067eed1f12f255f337b55ee2bc Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 25 Jan 2022 20:31:24 +0000 Subject: [PATCH] Update the software list --- SOFTWARE-LIST.md | 40 +++++------ data/cisagov.yml | 142 +++++++++++++++++++++++---------------- data/cisagov_S.yml | 161 ++++++++++++++++++++++----------------------- 3 files changed, 184 insertions(+), 159 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 231f55a..b6abc74 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2422,27 +2422,27 @@ NOTE: This file is automatically generated. To submit updates, please refer to | SAFE FME Server | | | | Unknown | [link](https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | SAGE | | | | Unknown | [link](https://www.sagecity.com/sage-global-solutions/sage-crm/f/sage-crm-announcements-news-and-alerts/178655/advisory-apache-log4j-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | SailPoint | | | | Unknown | [link](https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Salesforce | Analytics Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Analytics Cloud is reported to be affected by CVE-2021-44228. Services have been updated to mitigate the issues identified in CVE-2021-44228 and we are executing our final validation steps." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | B2C Commerce Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "B2C Commerce Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | ClickSoftware (As-a-Service) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "ClickSoftware (As-a-Service) is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | ClickSoftware (On-Premise) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Please contact Customer Support." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Community Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Community Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Data.com | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Data.com is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Analytics Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | B2C Commerce Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | ClickSoftware (As-a-Service) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | ClickSoftware (On-Premise) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional details are available here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Data.com | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Data.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Salesforce | DataLoader | | <=53.0.0 | Fixed | [link](https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Salesforce | Datorama | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Datorama is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Evergage (Interaction Studio) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Evergage (Interaction Studio) is reported to be affected by CVE-2021-44228. Services have been updated to mitigate the issues identified in CVE-2021-44228 and we are executing our final validation steps." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Force.com | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Force.com is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Heroku | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Heroku is reported to not be affected by CVE-2021-44228; no further action is necessary at this time." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Marketing Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Marketing Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | MuleSoft (Cloud) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "MuleSoft (Cloud) is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | MuleSoft (On-Premise) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Please contact Customer Support." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Pardot | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Pardot is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Sales Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Sales Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Service Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Service Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Slack | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Slack is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Social Studio | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Social Studio is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Tableau (On-Premise) | | < 2021.4.1 | Fixed | [link](https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell) | Fixed in 2021.4.1 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Salesforce | Tableau (Online) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Tableau (Online) is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Datorama | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Evergage (Interaction Studio) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Experience (Community) Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Force.com | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. The Data Loader tool has been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Make sure that you are using Data Loader version 53.0.2 or later. Follow the steps described here to download the latest version of Data Loader. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Heroku | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Heroku is reported to not be affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Marketing Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Salesforce-owned services within Marketing Cloud are not affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party vendors have been patched to address the security issues currently identified in CVE-2021-44228 or CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | MuleSoft (Cloud) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft services, including dataloader.io, have been updated to mitigate the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | MuleSoft (On-Premise) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors, including Private Cloud Edition (PCE) and Anypoint Studio, have a mitigation in place to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Pardot | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Sales Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Service Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Slack | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are available here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Social Studio | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Tableau (On-Premise) | | < 2021.4.1 | Fixed | [link](https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell) | Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Patches to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046 are available for download. Additional details are available here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Salesforce | Tableau (Online) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services have been patched to mitigate the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Samsung Electronics America | Knox Admin Portal | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | | Samsung Electronics America | Knox Asset Intelligence | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | | Samsung Electronics America | Knox Configure | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 371fd39..ee8532d 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -70975,9 +70975,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Analytics Cloud is reported to be affected by CVE-2021-44228. Services - have been updated to mitigate the issues identified in CVE-2021-44228 and we - are executing our final validation steps."' + notes: Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71006,8 +71006,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"B2C Commerce Cloud is reported to be affected by CVE-2021-44228. The - service is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71036,8 +71037,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"ClickSoftware (As-a-Service) is reported to be affected by CVE-2021-44228. - The service is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71066,12 +71068,15 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Please contact Customer Support."' + notes: ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional + details are available here. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Salesforce - product: Community Cloud + product: Data.com cves: cve-2021-4104: investigated: false @@ -71095,13 +71100,14 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Community Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: Data.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Salesforce - product: Data.com + product: DataLoader cves: cve-2021-4104: investigated: false @@ -71109,9 +71115,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - <=53.0.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -71124,15 +71131,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Data.com is reported to be affected by CVE-2021-44228. The service has - a mitigation in place and is being updated to remediate the vulnerability identified in - CVE-2021-44228."' + - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2021-12-22T00:00:00' - vendor: Salesforce - product: DataLoader + product: Datorama cves: cve-2021-4104: investigated: false @@ -71140,10 +71145,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - <=53.0.0 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -71156,13 +71160,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2021-12-15T00:00:00' - vendor: Salesforce - product: Datorama + product: Evergage (Interaction Studio) cves: cve-2021-4104: investigated: false @@ -71186,14 +71192,14 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Datorama is reported to be affected by CVE-2021-44228. The service has - a mitigation in place and is being updated to remediate the vulnerability identified in - CVE-2021-44228."' + notes: Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Salesforce - product: Evergage (Interaction Studio) + product: Experience (Community) Cloud cves: cve-2021-4104: investigated: false @@ -71217,9 +71223,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Evergage (Interaction Studio) is reported to be affected by CVE-2021-44228. - Services have been updated to mitigate the issues identified in CVE-2021-44228 - and we are executing our final validation steps."' + notes: Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71248,8 +71254,12 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Force.com is reported to be affected by CVE-2021-44228. The service is - being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. The Data Loader tool has been + patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + Make sure that you are using Data Loader version 53.0.2 or later. Follow the + steps described here to download the latest version of Data Loader. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71278,8 +71288,8 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Heroku is reported to not be affected by CVE-2021-44228; no further action - is necessary at this time."' + notes: Heroku is reported to not be affected by the issues currently identified + in CVE-2021-44228 or CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71308,8 +71318,10 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Marketing Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: Salesforce-owned services within Marketing Cloud are not affected by the + issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party + vendors have been patched to address the security issues currently identified + in CVE-2021-44228 or CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71338,8 +71350,10 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"MuleSoft (Cloud) is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft + services, including dataloader.io, have been updated to mitigate the issues + currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional + details here. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71368,7 +71382,11 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Please contact Customer Support."' + notes: MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors, including Private Cloud Edition + (PCE) and Anypoint Studio, have a mitigation in place to address the issues + currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional + details here. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71397,8 +71415,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Pardot is reported to be affected by CVE-2021-44228. The service is being - updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71427,8 +71446,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Sales Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71457,8 +71477,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Service Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71487,9 +71508,10 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Slack is reported to be affected by CVE-2021-44228. The service has a - mitigation in place and is being updated to remediate the vulnerability identified in - CVE-2021-44228."' + notes: Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are + available here. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71518,9 +71540,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Social Studio is reported to be affected by CVE-2021-44228. The service - has a mitigation in place and is being updated to remediate the vulnerability - identified in CVE-2021-44228."' + notes: Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71550,7 +71572,10 @@ software: unaffected_versions: [] vendor_links: - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell - notes: Fixed in 2021.4.1 + notes: Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Patches to address the issues currently identified in both CVE-2021-44228 and + CVE-2021-45046 are available for download. Additional details are available + here. references: - '' last_updated: '2021-12-16T00:00:00' @@ -71579,8 +71604,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Tableau (Online) is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services + have been patched to mitigate the issues currently identified in both CVE-2021-44228 + and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 4810e97..ed1e576 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -146,9 +146,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to - address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + notes: Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -177,9 +177,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to address - the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + notes: B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -208,10 +208,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: ClickSoftware (As-a-Service) was affected by CVE-2021-44228 - and CVE-2021-45046. Salesforce-owned services and third-party vendors - have been patched to address the issues currently identified in - CVE-2021-44228 and CVE-2021-45046. + notes: ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -241,14 +240,14 @@ software: vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 notes: ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to address the - issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional details - are available here. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional + details are available here. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Salesforce - product: Experience (Community) Cloud + product: Data.com cves: cve-2021-4104: investigated: false @@ -272,14 +271,14 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to - address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + notes: Data.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Salesforce - product: Data.com + product: DataLoader cves: cve-2021-4104: investigated: false @@ -287,9 +286,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - <=53.0.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -302,15 +302,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Data.com was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched - to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2021-12-22T00:00:00' - vendor: Salesforce - product: DataLoader + product: Datorama cves: cve-2021-4104: investigated: false @@ -318,10 +316,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - <=53.0.0 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -334,13 +331,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2021-12-15T00:00:00' - vendor: Salesforce - product: Datorama + product: Evergage (Interaction Studio) cves: cve-2021-4104: investigated: false @@ -364,14 +363,14 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Datorama was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched - to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + notes: Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Salesforce - product: Evergage (Interaction Studio) + product: Experience (Community) Cloud cves: cve-2021-4104: investigated: false @@ -395,9 +394,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to address the issues - currently identified in CVE-2021-44228 and CVE-2021-45046. + notes: Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -426,13 +425,12 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Force.com was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched - to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. - The Data Loader tool has been patched to address the issues currently identified - in CVE-2021-44228 and CVE-2021-45046. Make sure that you are using Data Loader - version 53.0.2 or later. Follow the steps described here to download the latest - version of Data Loader. + notes: Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. The Data Loader tool has been + patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + Make sure that you are using Data Loader version 53.0.2 or later. Follow the + steps described here to download the latest version of Data Loader. references: - '' last_updated: '2021-12-15T00:00:00' @@ -461,8 +459,8 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Heroku is reported to not be affected by the issues currently - identified in CVE-2021-44228 or CVE-2021-45046. + notes: Heroku is reported to not be affected by the issues currently identified + in CVE-2021-44228 or CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -491,10 +489,10 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Salesforce-owned services within Marketing Cloud are not affected - by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. - Third-party vendors have been patched to address the security issues currently - identified in CVE-2021-44228 or CVE-2021-45046. + notes: Salesforce-owned services within Marketing Cloud are not affected by the + issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party + vendors have been patched to address the security issues currently identified + in CVE-2021-44228 or CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -523,10 +521,10 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. - Mulesoft services, including dataloader.io, have been updated to mitigate - the issues currently identified in CVE-2021-44228 and CVE-2021-45046. - Please see additional details here. + notes: MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft + services, including dataloader.io, have been updated to mitigate the issues + currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional + details here. references: - '' last_updated: '2021-12-15T00:00:00' @@ -556,10 +554,10 @@ software: vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 notes: MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors, including Private Cloud - Edition (PCE) and Anypoint Studio, have a mitigation in place to address the - issues currently identified in CVE-2021-44228 and CVE-2021-45046. - Please see additional details here. + Salesforce-owned services and third-party vendors, including Private Cloud Edition + (PCE) and Anypoint Studio, have a mitigation in place to address the issues + currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional + details here. references: - '' last_updated: '2021-12-15T00:00:00' @@ -588,9 +586,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Pardot was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched - to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + notes: Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -619,9 +617,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to - address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + notes: Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -650,9 +648,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to - address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + notes: Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -681,10 +679,10 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Slack was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched - to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. - Additional details are available here. + notes: Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are + available here. references: - '' last_updated: '2021-12-15T00:00:00' @@ -713,9 +711,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to - address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + notes: Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -747,7 +745,8 @@ software: - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Patches to address the issues currently identified in both CVE-2021-44228 and - CVE-2021-45046 are available for download. Additional details are available here. + CVE-2021-45046 are available for download. Additional details are available + here. references: - '' last_updated: '2021-12-16T00:00:00' @@ -776,9 +775,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. - Services have been patched to mitigate the issues currently identified in - both CVE-2021-44228 and CVE-2021-45046. + notes: Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services + have been patched to mitigate the issues currently identified in both CVE-2021-44228 + and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00'