From 4efa317cb99ffea80b68380f1ef72c2b9fd0d310 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 10:35:31 -0500 Subject: [PATCH 1/3] Add Qlik products --- data/cisagov_Q.yml | 934 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 931 insertions(+), 3 deletions(-) diff --git a/data/cisagov_Q.yml b/data/cisagov_Q.yml index 7062f16..6b70c17 100644 --- a/data/cisagov_Q.yml +++ b/data/cisagov_Q.yml @@ -4,8 +4,38 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: + - vendor: Qconference + product: FaceTalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://qconferencing.com/status-vulnerability-log4j-en-qconferencing/ + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' - vendor: QF-Test - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -34,7 +64,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Qlik - product: '' + product: AIS, including ARC cves: cve-2021-4104: investigated: false @@ -42,10 +72,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Attunity Visibility + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -61,7 +122,874 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: AutoML + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Blendr + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DW + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '6.6.1' + - '7.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4.10.0' + - '4.10.1' + - '4.10.2' + - '4.11.0' + - '4.11.1' + - '4.12.0' + - '4.12.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2021.2' + - '2021.5' + - '2021.8' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Lakes + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6.6' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869987 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Wharehouses + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6.6' + - '6.6.1' + - '7.0' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869990 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Plus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '5.26.5' + - '5.27.5 - 5.28.2' + - '5.29.4 - 5.30.1' + - '5.31.1' + - '5.31.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4.19.1 - 4.27.3' + - '4.23.4' + - '4.32.3' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nodegraph + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nprinting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: ODBC Connector Package + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: QEM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Alerting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'May 2021 release and after' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Data Transfer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Enterprise Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869994 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Forts + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik RepliWeb and ARC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Business + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise SaaS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik View + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Web Connectors + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Replicate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: REST Connectors + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Salesforce and SAP Connectors + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: Connectos are not affected. + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: QMATIC product: Appointment Booking cves: From 951c85f25b868c30822602bfdd73d6aaf0e4ddd4 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 10:44:06 -0500 Subject: [PATCH 2/3] Add QNAP products --- data/cisagov_Q.yml | 109 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 100 insertions(+), 9 deletions(-) diff --git a/data/cisagov_Q.yml b/data/cisagov_Q.yml index 6b70c17..bfe3c24 100644 --- a/data/cisagov_Q.yml +++ b/data/cisagov_Q.yml @@ -1000,9 +1000,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.4+ - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '2.4+' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1030,9 +1030,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Cloud/Managed Service - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1060,9 +1060,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Cloud - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1111,7 +1111,67 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: QNAP - product: '' + product: QES Operating System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: Qsirch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QTS Operating System cves: cve-2021-4104: investigated: false @@ -1119,10 +1179,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QuTS Hero Operating System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1140,7 +1231,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: QOPPA - product: '' + product: All cves: cve-2021-4104: investigated: false From 6da80d105a969d55b9607093eebb7e549836d893 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 10:58:54 -0500 Subject: [PATCH 3/3] Add Quest products --- data/cisagov_Q.yml | 98 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 94 insertions(+), 4 deletions(-) diff --git a/data/cisagov_Q.yml b/data/cisagov_Q.yml index bfe3c24..b915cea 100644 --- a/data/cisagov_Q.yml +++ b/data/cisagov_Q.yml @@ -1259,8 +1259,37 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QOS.ch + product: SLF4J Simple Logging Facade for Java + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.slf4j.org/log4shell.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: QSC Q-SYS - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1289,7 +1318,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: QT - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1317,8 +1346,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Quest Global - product: '' + - vendor: Quest + product: Foglight cves: cve-2021-4104: investigated: false @@ -1326,10 +1355,71 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '5.9' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Foglight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Quest KACE SMA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: []