mirror of
https://github.com/cisagov/log4j-affected-db.git
synced 2024-11-25 01:40:47 +00:00
Update the software list
This commit is contained in:
parent
86ca7cdb73
commit
e3e8cef63f
2 changed files with 103 additions and 6 deletions
|
@ -1746,7 +1746,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
|
|||
| Illumio | VEN | | | Unknown | [link](https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
|
||||
| IManage | | | | Unknown | [link](https://help.imanage.com/hc/en-us/articles/4412696236699-ADVISORY-Security-vulnerability-CVE-2021-44228-in-third-party-component-Apache-Log4j2#h_3164fa6c-4717-4aa1-b2dc-d14d4112595e) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| Imperva | | | | Unknown | [link](https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| Inductive Automation | | | | Unknown | [link](https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| Inductive Automation | Ignition | | | Not Affected | [link](https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day) | Older versions of Ignition (7.8 and older) did use the Log4j library, but they used an older version (1.2) that was not affected by this vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-19 |
|
||||
| IndustrialDefender | | | | Unknown | [link](https://www.industrialdefender.com/cve-2021-44228-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| infinidat | | | | Unknown | [link](https://support.infinidat.com/hc/en-us/articles/4413483145489-INFINIDAT-Support-Announcement-2021-010-Log4Shell-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| InfluxData | | | | Unknown | [link](https://www.influxdata.com/blog/apache-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
|
@ -2103,6 +2103,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
|
|||
| Moodle | | | | Unknown | [link](https://moodle.org/mod/forum/discuss.php?d=429966) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| MoogSoft | | | | Unknown | [link](https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| Motorola Avigilon | | | | Unknown | [link](https://support.avigilon.com/s/article/Technical-Notification-Apache-Log4j2-vulnerability-impact-on-Avigilon-products-CVE-2021-44228?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| Moxa | | | | Not Affected | [link](https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability) | Moxa is investigating to determine if any of our products are affected by this vulnerability. At the time of publication, none of Moxa's products are affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-19 |
|
||||
| Mulesoft | | | | Unknown | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| Mulesoft | Anypoint Studio | 7.x | | Affected | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to account holders only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
|
||||
| Mulesoft | Cloudhub | | | Unknown | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to account holders only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
|
||||
|
@ -2631,6 +2632,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
|
|||
| TPLink | Omega Controller | Linux/Windows(all) | | Affected | [link](https://www.tp-link.com/us/support/faq/3255) | Update is Beta. Reddit: overwritten vulnerable log4j with 2.15 files as potential workaround. Though that should now be done with 2.16 | [Tp Community Link](https://community.tp-link.com/en/business/forum/topic/514452),[Reddit Link](https://www.reddit.com/r/TPLink_Omada/comments/rdzvlp/updating_the_sdn_to_protect_against_the_log4j) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
|
||||
| TrendMicro | All | | | Unknown | [link](https://success.trendmicro.com/solution/000289940) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| Tricentis Tosca | | | | Unknown | [link](https://support-hub.tricentis.com/open?number=NEW0001148&id=post) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| Tridium | | | | Unknown | [link](https://docs.niagara-community.com/bundle/TechBulletin2021/resource/Dec_13_2021_NiagaraNotExposed_Apache_log4j.pdf) | Document access requires authentication. CISA is not able to validate vulnerability status. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-19 |
|
||||
| Trimble | eCognition | 10.2.0 Build 4618 | | Affected | | Remediation steps provided by Trimble | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 |
|
||||
| Tripp Lite | LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) | | | Unknown | [link](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-04 |
|
||||
| Tripp Lite | PowerAlert Local (PAL) | | | Unknown | [link](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-04 |
|
||||
|
@ -2699,6 +2701,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
|
|||
| Venafi | | | | Unknown | [link](https://support.venafi.com/hc/en-us/articles/4416213022733-Log4j-Zero-Day-Vulnerability-notice) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| Veritas NetBackup | | | | Unknown | [link](https://www.veritas.com/content/support/en_US/article.100052070) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| Vertica | | | | Unknown | [link](https://forum.vertica.com/discussion/242512/vertica-security-bulletin-a-potential-vulnerability-has-been-identified-apache-log4j-library-used) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| Video Insight Inc. | Video Insight | | | Not Affected | [link](https://i-pro.com/eu/en/surveillance/news/i-pro-products-and-log4j-2x-vulnerability) | Video Insight is a part of Panasonic I-Pro. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-19 |
|
||||
| Viso Trust | | | | Unknown | [link](https://blog.visotrust.com/viso-trust-statement-re-cve-2021-44228-log4j-a4b9b5767492) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||||
| VMware | API Portal for VMware Tanzu | 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
|
||||
| VMware | App Metrics | 2.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
|
||||
|
|
104
data/cisagov.yml
104
data/cisagov.yml
|
@ -50987,7 +50987,7 @@ software:
|
|||
- ''
|
||||
last_updated: '2022-01-12T07:18:53+00:00'
|
||||
- vendor: Inductive Automation
|
||||
product: ''
|
||||
product: Ignition
|
||||
cves:
|
||||
cve-2021-4104:
|
||||
investigated: false
|
||||
|
@ -50995,10 +50995,11 @@ software:
|
|||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-44228:
|
||||
investigated: false
|
||||
investigated: true
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
unaffected_versions:
|
||||
- All
|
||||
cve-2021-45046:
|
||||
investigated: false
|
||||
affected_versions: []
|
||||
|
@ -51011,10 +51012,11 @@ software:
|
|||
unaffected_versions: []
|
||||
vendor_links:
|
||||
- https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day
|
||||
notes: ''
|
||||
notes: Older versions of Ignition (7.8 and older) did use the Log4j library, but
|
||||
they used an older version (1.2) that was not affected by this vulnerability.
|
||||
references:
|
||||
- ''
|
||||
last_updated: '2022-01-12T07:18:53+00:00'
|
||||
last_updated: '2022-01-19T00:00:00'
|
||||
- vendor: IndustrialDefender
|
||||
product: ''
|
||||
cves:
|
||||
|
@ -61496,6 +61498,38 @@ software:
|
|||
references:
|
||||
- ''
|
||||
last_updated: '2022-01-12T07:18:54+00:00'
|
||||
- vendor: Moxa
|
||||
product: ''
|
||||
cves:
|
||||
cve-2021-4104:
|
||||
investigated: ''
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-44228:
|
||||
investigated: true
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions:
|
||||
- All
|
||||
cve-2021-45046:
|
||||
investigated: ''
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-45105:
|
||||
investigated: ''
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
vendor_links:
|
||||
- https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability
|
||||
notes: Moxa is investigating to determine if any of our products are affected
|
||||
by this vulnerability. At the time of publication, none of Moxa's products are
|
||||
affected.
|
||||
references:
|
||||
- ''
|
||||
last_updated: '2022-01-19T00:00:00'
|
||||
- vendor: Mulesoft
|
||||
product: ''
|
||||
cves:
|
||||
|
@ -77172,6 +77206,36 @@ software:
|
|||
references:
|
||||
- ''
|
||||
last_updated: '2022-01-12T07:18:56+00:00'
|
||||
- vendor: Tridium
|
||||
product: ''
|
||||
cves:
|
||||
cve-2021-4104:
|
||||
investigated: ''
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-44228:
|
||||
investigated: ''
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-45046:
|
||||
investigated: ''
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-45105:
|
||||
investigated: ''
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
vendor_links:
|
||||
- https://docs.niagara-community.com/bundle/TechBulletin2021/resource/Dec_13_2021_NiagaraNotExposed_Apache_log4j.pdf
|
||||
notes: Document access requires authentication. CISA is not able to validate vulnerability
|
||||
status.
|
||||
references:
|
||||
- ''
|
||||
last_updated: '2022-01-19T00:00:00'
|
||||
- vendor: Trimble
|
||||
product: eCognition
|
||||
cves:
|
||||
|
@ -79196,6 +79260,36 @@ software:
|
|||
references:
|
||||
- ''
|
||||
last_updated: '2022-01-12T07:18:56+00:00'
|
||||
- vendor: Video Insight Inc.
|
||||
product: Video Insight
|
||||
cves:
|
||||
cve-2021-4104:
|
||||
investigated: ''
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-44228:
|
||||
investigated: true
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions:
|
||||
- All
|
||||
cve-2021-45046:
|
||||
investigated: ''
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
cve-2021-45105:
|
||||
investigated: ''
|
||||
affected_versions: []
|
||||
fixed_versions: []
|
||||
unaffected_versions: []
|
||||
vendor_links:
|
||||
- https://i-pro.com/eu/en/surveillance/news/i-pro-products-and-log4j-2x-vulnerability
|
||||
notes: Video Insight is a part of Panasonic I-Pro.
|
||||
references:
|
||||
- ''
|
||||
last_updated: '2022-01-19T00:00:00'
|
||||
- vendor: Viso Trust
|
||||
product: ''
|
||||
cves:
|
||||
|
|
Loading…
Reference in a new issue