Merge branch 'develop' into contributing-adjustments

pull/425/head
iainDe 2 years ago committed by GitHub
commit d3709351c8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 34
      SOFTWARE-LIST.md

@ -885,6 +885,7 @@ This list was initially populated using information from the following sources:
| Digi International | Remote Hub Config Utility | | Not Affected | | [Digi International Advisory Link](https://www.digi.com/resources/security) | | | 12/21/2021 |
| Digicert | | | | | [Digicert Link](https://knowledge.digicert.com/alerts/digicert-log4j-response.html) | | | |
| Digital AI | | | | | [Digital AI Article](https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1) | | | |
| Digital Alert Systems | All | | Not Affected | | [Digital Alert Systems](https://www.digitalalertsystems.com/default-2.htm) | Formerly Monroe Electronics, Inc. | | 01/05/2022 |
| DNSFilter | | | | | [DNSFilter Blog Post](https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability) | | | |
| Docker | | | | | [Docker Blog Post](https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/) | | | |
| Docusign | | | | | [Docusign Alert](https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability) | | | |
@ -1345,6 +1346,11 @@ This list was initially populated using information from the following sources:
| Hitachi Energy | UNEM | R15A, R14B, R14A, R11B SP1 | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | A patch is available for releases R15A, R14B, R14A and R11B SP1. For details on how to apply such patch, please refer to the technical bulletin “UNEM - Installation of Log4j Patch”, version A (1KHW029176) available in the Hitachi Energy Customer Connect Portal. | | 01/05/2022 |
| Hitachi Energy | UNEM | R11A and R10 series | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | Apply General Mitigations and upgrade to latest version. For upgrades, please get in touch with your Hitachi Energy contacts. | | 01/05/2022 |
| Hitachi Vantara | | | | | [Hitachi Vantara](https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2) | | | |
| HMS Industrial Networks AB | Talk2M including M2Web | | Fixed | Yes | [HMS Advisory Link](https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11) | | | 01/05/2022 |
| HMS Industrial Networks AB | Cosy, Flexy and Ewon CD | | Not Affected | | [HMS Advisory Link](https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11) | | | 01/05/2022 |
| HMS Industrial Networks AB | eCatcher Windows software| | Fixed | Yes | [HMS Advisory Link](https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11) | | | 01/05/2022 |
| HMS Industrial Networks AB | eCatcher Mobile applications | | Not Affected | | [HMS Advisory Link](https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11) | | | 01/05/2022 |
| HMS Industrial Networks AB | Netbiter Hardware including EC, WS, and LC | | Not Affected | | [HMS Advisory Link](https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11) | | | 01/05/2022 |
| Honeywell | | | | | [Honeywell Statement](https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability) | | | |
| HP | Teradici Cloud Access Controller | < v113 | Fixed | Yes | [Apache Log4j update for Teradici PCoIP Connection Manager, Teradici Cloud Access Connector, Teradici PCoIP License Server, Teradici Management Console, and Teradici EMSDK](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | 2021-12-17 |
| HP | Teradici EMSDK | < 1.0.6 | Fixed | Yes | [Apache Log4j update for Teradici PCoIP Connection Manager, Teradici Cloud Access Connector, Teradici PCoIP License Server, Teradici Management Console, and Teradici EMSDK](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | 2021-12-17 |
@ -1742,6 +1748,7 @@ This list was initially populated using information from the following sources:
| Ivanti | | | | | [Ivanti Statement](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | |
| Jamasoftware | | | | | [Jamasoftware Statement](https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22) | | | |
| Jamf | Jamf Pro | 10.31.0 – 10.34.0 | Affected | Yes | [Mitigating the Apache Log4j 2 Vulnerability](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | |
| Janitza | GridVis | 8.0.82 | Not Affected | | [Janitza Advisory Link](https://www.janitza.com/us/gridvis-download.html) | | | 01/05/2022 |
| Jaspersoft | | | | | [Jaspersoft Statement](https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products) | | | |
| Jedox | | | | | [Jedox Statement](https://www.jedox.com/en/trust/) | | | |
| Jenkins | CI/CD Core | | Not Affected | | | | | |
@ -1965,6 +1972,7 @@ This list was initially populated using information from the following sources:
| McAfee | Web Gateway (MWG) | | Foxed | | [https://kc.mcafee.com/agent/index?page=content&id=SB10377](https://kc.mcafee.com/agent/index?page=content&id=SB10377) | | | 12/20/2021 |
| Medtronic | | | Under Investigation | | [Medtronic Advisory Link](https://global.medtronic.com/xg-en/product-security/security-bulletins/log4j-vulnerabilities.html) | | | 12/21/2021 |
| MEINBERG | | | | | [MEINBERG Information](https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm) | | | |
| MEINBERG | LANTIME and microSync | | Not Affected | | [Meinberg Advisory Link](https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm) | | | 01/05/2022 |
| Meltano | Meltano | | Not affected | | [Meltano](https://github.com/meltano/meltano) | Project is written in Python | | |
| Memurai | | | | | [Memurai Information](https://www.memurai.com/blog/apache-log4j2-cve-2021-44228) | | | |
| MicroFocus | | | | | [MicroFocus Statement](https://portal.microfocus.com/s/customportalsearch?language=en_US&searchtext=CVE-2021-44228) | | | |
@ -1985,6 +1993,8 @@ This list was initially populated using information from the following sources:
| Mirantis | | | | | [Mirantis Statement](https://github.com/Mirantis/security/blob/main/news/cve-2021-44288.md) | | | |
| Miro | | | | | [Miro Log4j Updates](https://miro.com/trust/updates/log4j/) | | | |
| Mitel | | | | | [Mitel Statement](https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010) | | | |
| MMM Group | Control software of all MMM series | | Not Affected | | [MMM Group Advisory Link](https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j) | | | 01/05/2022 |
| MMM Group | RUMED360 Cycles, RUMED360 Cycles View, RUMED360 Sicon, RUMED360 ISA-Server | | Affected | | [MMM Group Advisory Link](https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j) | | | 01/05/2022 |
| MobileIron | Core | All Versions | Affected | Yes | [https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | 12/20/21 |
| MobileIron | Core Connector | All Versions | Affected | Yes | [https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | 12/20/21 |
| MobileIron | Reporting Database (RDB) | All Versions | Affected | Yes | [https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | 12/20/21 |
@ -2007,6 +2017,7 @@ This list was initially populated using information from the following sources:
| N-able | | | | | [N-able Statement](https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability) | | | |
| Nagios | | | | | [Nagios Statement](https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/) | | | |
| NAKIVO | | | | | [NAKIVO Statement](https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145) | | | |
| National Instruments | OptimalPlus | | Affected | | [National Instruments Advisory Link](https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html) | (Limited to deployments running Veritas, Cloudera, or Logstash) Contact Technical Support | | 01/05/2022 |
| Neo4j | Neo4j Graph Database| Version >4.2, <4..2.12 | Affected | No | | | | 12/13/2021|
| Netapp | Multiple NetApp products | | Affected | | [https://security.netapp.com/advisory/ntap-20211210-0007/](https://security.netapp.com/advisory/ntap-20211210-0007/) | | | |
| Netcup | | | | | [Netcup Statement](https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/) | | | |
@ -2428,13 +2439,17 @@ This list was initially populated using information from the following sources:
| Siemens Healthineers | X.Ceed Somaris 10 VA40* | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 |
| Siemens Healthineers | X.Cite Somaris 10 VA30*/VA40* | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 |
| Sierra Wireless | | | | | [Sierra Wireless Security Bulletin](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/) | | | |
| Sierra Wireless | AM/AMM servers | | Affected | No | [Sierra Wireless Advisory Link](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs) | | | 01/05/2022 |
| Sierra Wireless | AirVantage and Octave cloud platforms | | Affected | No | [Sierra Wireless Advisory Link](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs) |These systems do not operate with the specific non-standard configuration required for CVE-2021-25046 and hence were not vulnerable to it. | | 01/05/2022 |
| Signald | | | | | [Signald Gitlab](https://gitlab.com/signald/signald/-/issues/259) | | | |
| Silver Peak | Orchestrator, Silver Peak GMS | | Affected | No | [Security Advisory Notice Apache](https://www.arubanetworks.com/website/techdocs/sdwan/docs/advisories/media/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf) | Customer managed Orchestrator and legacy GMS products are affected by this vulnerability. This includes on-premise and customer managed instances running in public cloud services such as AWS, Azure, Google, or Oracle Cloud. See Corrective Action Required for details about how to mitigate this exploit. | | 12/14/2021 |
| SingleWire | | | | | [SingleWire Support Link](https://support.singlewire.com/s/article/Apache-Log4j2-vulnerability-CVE-2021-44228) |This advisory is available to customers only and has not been reviewed by CISA | | |
| SISCO | | | Not Affected | | [SISCO Advisory Link](https://sisconet.com/sisco-news/log4j/) | | | 01/05/2022 |
| Sitecore | | | | | [Sitecore Support Link](https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001391) | | | |
| Skillable | | | | | [Skillable Link](https://skillable.com/log4shell/) | | | |
| SLF4J | | | | | [SLF4J Link](http://slf4j.org/log4shell.html) | | | |
| Slurm | Slurm | 20.11.8 | Not Affected | | [https://slurm.schedmd.com/documentation.html](https://slurm.schedmd.com/documentation.html) | | | 12/21/2021 |
| SMA Solar Technology AG | | | Affected | No | [SMA Advisory Link](https://files.sma.de/downloads/HK_Log4j-en-10.pdf?_ga=2.237963714.352491368.1640298543-2015796445.1640298540) | | | 01/05/2022 |
| SmartBear | | | | | [SmartBear Link](https://smartbear.com/security/cve-2021-44228/) | | | |
| SmileCDR | | | | | [SmileCDR Blog Post](https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228) | | | |
| Snakemake | Snakemake | 6.12.1 | Not Affected | | [https://snakemake.readthedocs.io/en/stable/](https://snakemake.readthedocs.io/en/stable/) | | | 12/21/2021 |
@ -2480,6 +2495,25 @@ This list was initially populated using information from the following sources:
| Sophos | Sophos Mobile EAS Proxy | < 9.7.2 | Affected | No | [Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos](https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce) | The Sophos Mobile EAS Proxy, running in Traffic Mode, is affected. Customers will need to download and install version 9.7.2, available from Monday December 13, 2021, on the same machine where it is currently running. PowerShell mode is not affected. Customers can download the Standalone EAS Proxy Installer version 9.7.2 from the Sophos website. | | 12/12/2021 |
| Sophos | Sophos ZTNA | | Not Affected | | [Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos](https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce) | Sophos ZTNA does not use Log4j. | | 12/12/2021 |
| SOS Berlin | | | | | [SOS Berlin Link](https://www.sos-berlin.com/en/news-mitigation-log4j-vulnerability) | | | |
| Spacelabs Healthcare | XprezzNet | 96190 | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Intesys Clinical Suite (ICS) | | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Intesys Clinical Suite (ICS) Clinical Access Workstations | | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Xhibit Telemetry Receiver (XTR) | 96280 | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Xhibit, XC4 | Xhibit 96102, XC4 96501 | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Xprezzon | 91393 | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Qube | 91390 | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Qube Mini | 91389 | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Ultraview SL | 91367, 91369, 91370, and 91387 | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | DM3 and DM4 Monitors | | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Sentinel | | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Pathfinder SL | | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Lifescreen Pro | | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | EVO | | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Eclipse Pro | | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | CardioExpress | SL6A, SL12A, and SL18A | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | ABP | OnTrak, 90217A, and 90207 | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Spacelabs Cloud | | Under Investigation | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | SafeNSound | 4.3.1 | Fixed | Yes | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | Version >4.3.1 - Not Affected | | 01/05/2022 |
| Spambrella | | | | | [Spambrella FAQ Link](https://www.spambrella.com/faq/status-of-spambrella-products-with-cve-2021-44228/) | | | |
| Spigot | | | | | [Spigot Security Release](https://www.spigotmc.org/threads/spigot-security-releases-%E2%80%94-1-8-8%E2%80%931-18.537204/) | | | |
| Splunk | Splunk Add-On for Java Management Extensions [App ID 2647](https://splunkbase.splunk.com/app/2647) | 5.2.0 and older | Affected | CVE-2021-44228: 5.2.1 CVE-2021-45046: 5.2.2 CVE-2021-45105: not applicable due to configuration parameters | [Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046)](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 8:20 am PT, 12/30/21 |

Loading…
Cancel
Save