From d16ba65edd6bbe174279eee8173bec5be118a60d Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Tue, 21 Dec 2021 23:23:16 -0500 Subject: [PATCH] Update SOFTWARE-LIST.md --- SOFTWARE-LIST.md | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index f13f350..6af573c 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -423,12 +423,18 @@ This list was initially populated using information from the following sources: | Cisco | duo network gateway (on-prem/self-hosted) | | Under Investigation | | | | | | | Cisco | Exony Virtualized Interaction Manager (VIM) | | Under Investigation | | [Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | | | Cisco | Managed Services Accelerator (MSX) Network Access Control Service | | Under Investigation | | [Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | | -| Citrix | | | | | [Cirtix Article](https://support.citrix.com/article/CTX335705) | | | | -| Citrix | Citrix ADC | | Under Investigation | | [https://support.citrix.com/article/CTX335705](https://support.citrix.com/article/CTX335705) | | | | -| Citrix | Citrix Endpoint Management | | Under Investigation | | [https://support.citrix.com/article/CTX335705](https://support.citrix.com/article/CTX335705) | | | | -| Citrix | Citrix Gateway | | Under Investigation | | [https://support.citrix.com/article/CTX335705](https://support.citrix.com/article/CTX335705) | | | | -| Citrix | Citrix SD-WAN | | Under Investigation | | [https://support.citrix.com/article/CTX335705](https://support.citrix.com/article/CTX335705) | | | | -| Citrix | Citrix Virtual Apps and Desktops | | Under Investigation | | [https://support.citrix.com/article/CTX335705](https://support.citrix.com/article/CTX335705) | | | | +| Citrix | Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) | All Platforms | Not Affected | | [Citrix Statement](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | 12/21/2021 | +| Citrix | Citrix Application Delivery Management (NetScaler MAS) | All Platforms | Not Affected | | [Citrix Statement](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | 12/21/2021 | +| Citrix | Citrix Cloud Connector | | Not Affected | | [Citrix Statement](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | 12/21/2021 | +| Citrix | Citrix Connector Appliance for Cloud Services | | Not Affected | | [Citrix Statement](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | 12/21/2021 | +| Citrix | Citrix Content Collaboration (ShareFile Integration) – Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook | | Not Affected | | [Citrix Statement](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | 12/21/2021 | +| Citrix | Citrix Endpoint Management (Citrix XenMobile Server) | | Affected | Yes | [Citrix Statement](https://support.citrix.com/article/CTX335705) | For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised to apply the latest CEM rolling patch updates listed below as soon as possible to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). Note: Customers who have upgraded their XenMobile Server to the updated versions are recommended not to apply the responder policy mentioned in the blog listed below to the Citrix ADC vserver in front of the XenMobile Server as it may impact the enrollment of Android devices. For CVE-2021-45105: Investigation in progress. | | 12/21/2021 | +| Citrix | Citrix Hypervisor (XenServer) | | Not Affected | | [Citrix Statement](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | 12/21/2021 | +| Citrix | Citrix License Server | | Not Affected | | [Citrix Statement](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | 12/21/2021 | +| Citrix | Citrix SD-WAN | All Platforms | Not Affected | | [Citrix Statement](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | 12/21/2021 | +| Citrix | ShareFile Storage Zones Controller | | Not Affected | | [Citrix Statement](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | 12/21/2021 | +| Citrix | Citrix Virtual Apps and Desktops (XenApp & XenDesktop) | | Affected | | [Citrix Statement](https://support.citrix.com/article/CTX335705) | IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: Customers are advised to apply the latest update as soon as possible to reduce the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for additional mitigations. For CVE-2021-45105: Investigation has shown that Linux VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: Linux VDA LTSR all versions; All other CVAD components. | | 12/21/2021 | +| Citrix | Citrix Workspace App | All Platforms | Not Affected | | [Citrix Statement](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | 12/21/2021 | | Claris | | | | | [Claris Article](https://support.claris.com/s/article/CVE-2021-44228-Apache-Log4j-Vulnerability-and-Claris-products?language=en_US) | | | | | Cloudera | AM2CM Tool | | Not Affected | | [https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | | | Cloudera | Ambari | Only versions 2.x, 1.x | Affected | | [https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | |