From dd4d70100a258285beff49d1c3a50e77375258a0 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 18 Jan 2022 21:16:08 +0000 Subject: [PATCH] Update the software list --- SOFTWARE-LIST.md | 4 -- data/cisagov.yml | 137 ----------------------------------------------- 2 files changed, 141 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 3cc682e..26429b6 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2026,10 +2026,6 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Mitel | | | | Unknown | [link](https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | MMM Group | Control software of all MMM series | | | Unknown | [link](https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | | MMM Group | RUMED360 Cycles, RUMED360 Cycles View, RUMED360 Sicon, RUMED360 ISA-Server | | | Unknown | [link](https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | -| MobileIron | Core | All Versions | | Affected | [link](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| MobileIron | Core Connector | All Versions | | Affected | [link](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| MobileIron | Reporting Database (RDB) | All Versions | | Affected | [link](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| MobileIron | Sentry | 9.13, 9.14 | | Affected | [link](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | MongoDB | All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | MongoDB | MongoDB Atlas Search | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | MongoDB | MongoDB Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators) | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 286186c..f1a4797 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -59189,143 +59189,6 @@ software: references: - '' last_updated: '2022-01-05T00:00:00' - - vendor: MobileIron - product: Core - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All Versions - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: MobileIron - product: Core Connector - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All Versions - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: MobileIron - product: Reporting Database (RDB) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All Versions - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: MobileIron - product: Sentry - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - '9.13' - - '9.14' - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. - references: - - '' - last_updated: '2021-12-20T00:00:00' - vendor: MongoDB product: All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts)