From 7e47aa042993f9d08bb03b3d7b9f9de95a084331 Mon Sep 17 00:00:00 2001 From: kyle-ni <97638392+kyle-ni@users.noreply.github.com> Date: Wed, 12 Jan 2022 17:38:52 -0600 Subject: [PATCH 01/25] Update cisagov_N.yml - Updated status of NI Products - fixed typo in 'notes' - removed duplicate entry --- data/cisagov_N.yml | 39 +++++---------------------------------- 1 file changed, 5 insertions(+), 34 deletions(-) diff --git a/data/cisagov_N.yml b/data/cisagov_N.yml index 89aad2e..bd3a085 100644 --- a/data/cisagov_N.yml +++ b/data/cisagov_N.yml @@ -95,28 +95,28 @@ software: product: OptimalPlus cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html - notes: (Limited to deployments running Veritas, Cloudera, or Logstash) Contact + notes: (Limited to deployments running Vertica, Cloudera, or Logstash) Contact Technical Support references: - '' @@ -417,35 +417,6 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: NI (National Instruments) - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:54+00:00' - vendor: Nice Software (AWS) EnginFRAME product: '' cves: From a506e9ce192345f43542c38eec2b6b894fd06113 Mon Sep 17 00:00:00 2001 From: kyle-ni <97638392+kyle-ni@users.noreply.github.com> Date: Fri, 14 Jan 2022 11:05:51 -0600 Subject: [PATCH 02/25] Update data/cisagov_N.yml Co-authored-by: Lcerkov <96153185+Lcerkov@users.noreply.github.com> --- data/cisagov_N.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/data/cisagov_N.yml b/data/cisagov_N.yml index bd3a085..64cf7f5 100644 --- a/data/cisagov_N.yml +++ b/data/cisagov_N.yml @@ -96,7 +96,8 @@ software: cves: cve-2021-4104: investigated: true - affected_versions: [] + affected_versions: + -Limited to deployments running Vertica, Cloudera, or Logstash fixed_versions: [] unaffected_versions: [] cve-2021-44228: From ca1df74416c5f55d239cd5fe2a76196592e44a8a Mon Sep 17 00:00:00 2001 From: kyle-ni <97638392+kyle-ni@users.noreply.github.com> Date: Fri, 14 Jan 2022 11:06:16 -0600 Subject: [PATCH 03/25] Update data/cisagov_N.yml Co-authored-by: Lcerkov <96153185+Lcerkov@users.noreply.github.com> --- data/cisagov_N.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/data/cisagov_N.yml b/data/cisagov_N.yml index 64cf7f5..2118493 100644 --- a/data/cisagov_N.yml +++ b/data/cisagov_N.yml @@ -102,7 +102,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + -Limited to deployments running Vertica, Cloudera, or Logstash fixed_versions: [] unaffected_versions: [] cve-2021-45046: From f059c80fec7bb3a675e0437bcd2a29b35ee9d359 Mon Sep 17 00:00:00 2001 From: kyle-ni <97638392+kyle-ni@users.noreply.github.com> Date: Fri, 14 Jan 2022 11:06:32 -0600 Subject: [PATCH 04/25] Update data/cisagov_N.yml Co-authored-by: Lcerkov <96153185+Lcerkov@users.noreply.github.com> --- data/cisagov_N.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/data/cisagov_N.yml b/data/cisagov_N.yml index 2118493..4b8a4b1 100644 --- a/data/cisagov_N.yml +++ b/data/cisagov_N.yml @@ -108,7 +108,8 @@ software: unaffected_versions: [] cve-2021-45046: investigated: true - affected_versions: [] + affected_versions: + -Limited to deployments running Vertica, Cloudera, or Logstash fixed_versions: [] unaffected_versions: [] cve-2021-45105: From f2d55183123de38175488b38922447f2717432da Mon Sep 17 00:00:00 2001 From: kyle-ni <97638392+kyle-ni@users.noreply.github.com> Date: Fri, 14 Jan 2022 11:06:43 -0600 Subject: [PATCH 05/25] Update data/cisagov_N.yml Co-authored-by: Lcerkov <96153185+Lcerkov@users.noreply.github.com> --- data/cisagov_N.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/data/cisagov_N.yml b/data/cisagov_N.yml index 4b8a4b1..7f6f34a 100644 --- a/data/cisagov_N.yml +++ b/data/cisagov_N.yml @@ -114,7 +114,8 @@ software: unaffected_versions: [] cve-2021-45105: investigated: true - affected_versions: [] + affected_versions: + -Limited to deployments running Vertica, Cloudera, or Logstash fixed_versions: [] unaffected_versions: [] vendor_links: From 3f199397f59992de772b8c19ba4dc144f33ab371 Mon Sep 17 00:00:00 2001 From: Rick van Galen <1130569+DCKcode@users.noreply.github.com> Date: Fri, 14 Jan 2022 17:31:54 -0500 Subject: [PATCH 06/25] Complete data for 1Password --- data/cisagov_Non-Alphabet.yml | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/data/cisagov_Non-Alphabet.yml b/data/cisagov_Non-Alphabet.yml index 9196061..225c9a9 100644 --- a/data/cisagov_Non-Alphabet.yml +++ b/data/cisagov_Non-Alphabet.yml @@ -8,31 +8,35 @@ software: product: All products cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - >= 1.0.0 cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - >= 1.0.0 cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - >= 1.0.0 cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - >= 1.0.0 vendor_links: - https://support.1password.com/kb/202112/ notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' + last_updated: '2021-01-14T00:00:00' - vendor: 2n product: '' cves: From b2f1f27d94bc7f9ba9e1743c59c2c567a8e4408a Mon Sep 17 00:00:00 2001 From: Rick van Galen <1130569+DCKcode@users.noreply.github.com> Date: Sat, 15 Jan 2022 16:37:11 -0500 Subject: [PATCH 07/25] Address yaml errors --- data/cisagov_Non-Alphabet.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/data/cisagov_Non-Alphabet.yml b/data/cisagov_Non-Alphabet.yml index 225c9a9..d3bbd8f 100644 --- a/data/cisagov_Non-Alphabet.yml +++ b/data/cisagov_Non-Alphabet.yml @@ -12,25 +12,25 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - >= 1.0.0 + - ">= 1.0.0" cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - >= 1.0.0 + - ">= 1.0.0" cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - >= 1.0.0 + - ">= 1.0.0" cve-2021-45105: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - >= 1.0.0 + - ">= 1.0.0" vendor_links: - https://support.1password.com/kb/202112/ notes: '' From 50a3b88ade8eaca53583d923f9400f3df34807bb Mon Sep 17 00:00:00 2001 From: Rick van Galen <1130569+DCKcode@users.noreply.github.com> Date: Sat, 15 Jan 2022 16:41:07 -0500 Subject: [PATCH 08/25] Better indentation of version ranges --- data/cisagov_Non-Alphabet.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_Non-Alphabet.yml b/data/cisagov_Non-Alphabet.yml index d3bbd8f..f1b793e 100644 --- a/data/cisagov_Non-Alphabet.yml +++ b/data/cisagov_Non-Alphabet.yml @@ -12,7 +12,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - ">= 1.0.0" + - ">= 1.0.0" cve-2021-44228: investigated: true affected_versions: [] From c05750e2f6d64632ffdb9a7bf27648b8c924ef07 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Mon, 17 Jan 2022 11:45:55 -0700 Subject: [PATCH 09/25] Update cisagov_S.yml Added Samsung Electronics America --- data/cisagov_S.yml | 310 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 310 insertions(+) diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 1599d02..ca79e4d 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -755,6 +755,316 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' + - vendor: Samsung Electronics America + product: Knox Reseller Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Manage + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Admin Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Mobile Enrollment + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Configure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Asset Intelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox E-FOTA One + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Managed Services Provider (MSP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Guard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox License Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' - vendor: Sangoma product: '' cves: From f226ef21ca7abbfb2ba1897754a4c9709cb3948c Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Mon, 17 Jan 2022 14:13:47 -0700 Subject: [PATCH 10/25] Update cisagov_S.yml found whitespace at the end and removed --- data/cisagov_S.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index ca79e4d..be7667e 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -1064,7 +1064,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' + last_updated: '2022-01-17T00:00:00' - vendor: Sangoma product: '' cves: From c6fcca9b9414d91aa9aa5461a8f91851dbabcf39 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Mon, 17 Jan 2022 15:29:30 -0700 Subject: [PATCH 11/25] Update cisagov_V.yml Add VTSada vendor --- data/cisagov_V.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/data/cisagov_V.yml b/data/cisagov_V.yml index 3a62fe6..bee878a 100644 --- a/data/cisagov_V.yml +++ b/data/cisagov_V.yml @@ -2571,6 +2571,36 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' + - vendor: VTScada + product: All + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.vtscada.com/vtscada-unaffected-by-log4j/ + notes: Java is not utilized within VTScada software, and thus our users are unaffected. + references: + - '' + last_updated: '2022-01-17T00:00:00' - vendor: Vyaire product: '' cves: From 6ec7fdfb59eb32e3fb89be91d45cad14a2f657af Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Mon, 17 Jan 2022 15:47:13 -0700 Subject: [PATCH 12/25] Update cisagov_A.yml Added Atvise vendor --- data/cisagov_A.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 7a6ce38..12c2697 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -3705,6 +3705,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atvise + product: All + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen + notes: The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise® solutions. + references: + - '' + last_updated: '2022-01-17T00:00:00' - vendor: AudioCodes product: '' cves: From db9eae4b81add8be9a7089f2424f3b4ad6f0495e Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Mon, 17 Jan 2022 16:29:01 -0700 Subject: [PATCH 13/25] Update cisagov_I.yml Added Avanti products, removed the one generic entry for Avanti. Added the affected products, will be adding the nonaffected products, which is going to be a long list. --- data/cisagov_I.yml | 136 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 133 insertions(+), 3 deletions(-) diff --git a/data/cisagov_I.yml b/data/cisagov_I.yml index 5a3cfcd..1298cc9 100644 --- a/data/cisagov_I.yml +++ b/data/cisagov_I.yml @@ -6975,7 +6975,38 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: Ivanti - product: '' + product: Avalanche + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 6.2.2 + - 6.3.0 to 6.3.3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti File Director cves: cve-2021-4104: investigated: false @@ -6983,24 +7014,123 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - 2019.1.* + - 2020.1.* + - 2020.3.* + - 2021.1.* + - 4.4.* + fixed_versions: + - 2021.3 HF2 + - 2021.1 HF1 + - 2020.3 HF2 + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Core. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Sentry (Core/Cloud) + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 9.13 + - 9.14 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Sentry. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core Connector + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: '' + notes: See Advisory details for mitigation instructions for MobileIron Core Connector. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-18T00:00:00' ... From d9e1373aa050fd700260243c65b44a3be2482d35 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Tue, 18 Jan 2022 09:37:01 -0500 Subject: [PATCH 14/25] Update cisagov_N.yml Updating affected versions for accuracy --- data/cisagov_N.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/data/cisagov_N.yml b/data/cisagov_N.yml index 7f6f34a..6bf4b5e 100644 --- a/data/cisagov_N.yml +++ b/data/cisagov_N.yml @@ -96,8 +96,7 @@ software: cves: cve-2021-4104: investigated: true - affected_versions: - -Limited to deployments running Vertica, Cloudera, or Logstash + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: @@ -108,14 +107,12 @@ software: unaffected_versions: [] cve-2021-45046: investigated: true - affected_versions: - -Limited to deployments running Vertica, Cloudera, or Logstash + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: true - affected_versions: - -Limited to deployments running Vertica, Cloudera, or Logstash + affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: From 0a9f1d72016d6305d8876f54efb76bb96761a324 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 18 Jan 2022 14:40:23 +0000 Subject: [PATCH 15/25] Update the software list --- SOFTWARE-LIST.md | 3 +-- data/cisagov.yml | 41 ++++++----------------------------------- 2 files changed, 7 insertions(+), 37 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 659761c..7d3fe6e 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2043,7 +2043,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | N-able | | | | Unknown | [link](https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Nagios | | | | Unknown | [link](https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | NAKIVO | | | | Unknown | [link](https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| National Instruments | OptimalPlus | | | Unknown | [link](https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html) | (Limited to deployments running Veritas, Cloudera, or Logstash) Contact Technical Support | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | +| National Instruments | OptimalPlus | -, L, i, m, i, t, e, d, , t, o, , d, e, p, l, o, y, m, e, n, t, s, , r, u, n, n, i, n, g, , V, e, r, t, i, c, a, ,, , C, l, o, u, d, e, r, a, ,, , o, r, , L, o, g, s, t, a, s, h | | Affected | [link](https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html) | (Limited to deployments running Vertica, Cloudera, or Logstash) Contact Technical Support | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | | Neo4j | Neo4j Graph Database | Version >4.2, <4..2.12 | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | | Netapp | Multiple NetApp products | | | Unknown | [link](https://security.netapp.com/advisory/ntap-20211210-0007/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Netcup | | | | Unknown | [link](https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -2054,7 +2054,6 @@ NOTE: This file is automatically generated. To submit updates, please refer to | NextCloud | | | | Unknown | [link](https://help.nextcloud.com/t/apache-log4j-does-not-affect-nextcloud/129244) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Nextflow | Nextflow | | | Not Affected | [link](https://www.nextflow.io/docs/latest/index.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Nexus Group | | | | Unknown | [link](https://doc.nexusgroup.com/pages/viewpage.action?pageId=83133294) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| NI (National Instruments) | | | | Unknown | [link](https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Nice Software (AWS) EnginFRAME | | | | Unknown | [link](https://download.enginframe.com/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | NinjaRMM | | | | Unknown | [link](https://ninjarmm.zendesk.com/hc/en-us/articles/4416226194189-12-10-21-Security-Declaration-NinjaOne-not-affected-by-CVE-2021-44228-log4j-) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Nomachine | | | | Unknown | [link](https://forums.nomachine.com/topic/apache-log4j-notification) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 6111ad1..e0f2a6d 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -59699,28 +59699,28 @@ software: product: OptimalPlus cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: -Limited to deployments running Vertica, Cloudera, or Logstash fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html - notes: (Limited to deployments running Veritas, Cloudera, or Logstash) Contact + notes: (Limited to deployments running Vertica, Cloudera, or Logstash) Contact Technical Support references: - '' @@ -60021,35 +60021,6 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: NI (National Instruments) - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:54+00:00' - vendor: Nice Software (AWS) EnginFRAME product: '' cves: From 9f9676c1b259335db315d327cb04bf4bd5559bb7 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Tue, 18 Jan 2022 12:46:39 -0500 Subject: [PATCH 16/25] Update cisagov_M.yml Updating MATHWORKS entries --- data/cisagov_M.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index 9ce866b..57e649b 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -548,7 +548,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -567,7 +567,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-18' - vendor: MathWorks product: MATLAB cves: @@ -597,7 +597,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-29T00:00:00' + last_updated: '2022-01-18' - vendor: Matillion product: Matillion ETL cves: From da71d244beeddcd2f265d511e4af77d75aa1e4fe Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Tue, 18 Jan 2022 12:56:27 -0500 Subject: [PATCH 17/25] Update cisagov_M.yml --- data/cisagov_M.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index 57e649b..f81d062 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -567,7 +567,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-18' + last_updated: '2022-01-18T00:00:00' - vendor: MathWorks product: MATLAB cves: @@ -597,7 +597,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-18' + last_updated: '2022-01-18T00:00:00' - vendor: Matillion product: Matillion ETL cves: From 89ffe6c0120d02b3f2e94e3e402faa35fb987e78 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Tue, 18 Jan 2022 14:05:23 -0500 Subject: [PATCH 18/25] Update cisagov_M.yml Adding quotes to version --- data/cisagov_M.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index f81d062..c96ff4b 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -581,7 +581,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: false affected_versions: [] From 1d4a367b997f2a9cdeaad39b7acdfe1f3fd80458 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 18 Jan 2022 14:23:40 -0500 Subject: [PATCH 19/25] Update Atvise version entry --- data/cisagov_A.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 12c2697..03f5dd2 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -3718,7 +3718,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -3731,7 +3731,7 @@ software: unaffected_versions: [] vendor_links: - https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen - notes: The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise® solutions. + notes: The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise solutions. references: - '' last_updated: '2022-01-17T00:00:00' From 85090f413cfb19063b5c7042431a63ff30556d28 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 18 Jan 2022 14:28:14 -0500 Subject: [PATCH 20/25] Update cisagov_I.yml Updated Ivanti entries --- data/cisagov_I.yml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/data/cisagov_I.yml b/data/cisagov_I.yml index 1298cc9..348159f 100644 --- a/data/cisagov_I.yml +++ b/data/cisagov_I.yml @@ -6985,8 +6985,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 6.2.2 - - 6.3.0 to 6.3.3 + - '6.2.2' + - '6.3.0 to 6.3.3' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7016,15 +7016,15 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2019.1.* - - 2020.1.* - - 2020.3.* - - 2021.1.* - - 4.4.* + - '2019.1.*' + - '2020.1.*' + - '2020.3.*' + - '2021.1.*' + - '4.4.*' fixed_versions: - - 2021.3 HF2 - - 2021.1 HF1 - - 2020.3 HF2 + - '2021.3 HF2' + - '2021.1 HF1' + - '2020.3 HF2' unaffected_versions: [] cve-2021-45046: investigated: '' @@ -7053,7 +7053,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - All + - 'All' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7083,8 +7083,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 9.13 - - 9.14 + - '9.13' + - '9.14' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7114,7 +7114,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - All + - 'All' fixed_versions: [] unaffected_versions: [] cve-2021-45046: From 2df0731e9325483dd61f3b67f8fb579f30d2734c Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 18 Jan 2022 14:33:31 -0500 Subject: [PATCH 21/25] Update cisagov_S.yml Update Samsung versions --- data/cisagov_S.yml | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index be7667e..3ef818e 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -767,13 +767,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - Cloud + - 'Cloud' unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - Cloud + - 'Cloud' unaffected_versions: [] cve-2021-45105: investigated: false @@ -798,13 +798,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - Cloud + - 'Cloud' unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - Cloud + - 'Cloud' unaffected_versions: [] cve-2021-45105: investigated: false @@ -830,13 +830,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45105: investigated: false affected_versions: [] @@ -861,13 +861,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45105: investigated: false affected_versions: [] @@ -892,13 +892,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45105: investigated: false affected_versions: [] @@ -923,13 +923,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45105: investigated: false affected_versions: [] @@ -954,13 +954,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45105: investigated: false affected_versions: [] @@ -985,13 +985,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45105: investigated: false affected_versions: [] @@ -1016,13 +1016,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45105: investigated: false affected_versions: [] @@ -1047,13 +1047,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45105: investigated: false affected_versions: [] From c00dc5d11d7e0ce1b7a742107ccbc5fd92daeb3c Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 18 Jan 2022 14:37:03 -0500 Subject: [PATCH 22/25] Update cisagov_V.yml Update VTScada version --- data/cisagov_V.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_V.yml b/data/cisagov_V.yml index bee878a..5a6257a 100644 --- a/data/cisagov_V.yml +++ b/data/cisagov_V.yml @@ -2584,7 +2584,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] From b5b09ae10d832b0cc25c44bebdee60d71a524f0e Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 18 Jan 2022 14:40:42 -0500 Subject: [PATCH 23/25] Update cisagov_Non-Alphabet.yml Update versions --- data/cisagov_Non-Alphabet.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/data/cisagov_Non-Alphabet.yml b/data/cisagov_Non-Alphabet.yml index f1b793e..082f969 100644 --- a/data/cisagov_Non-Alphabet.yml +++ b/data/cisagov_Non-Alphabet.yml @@ -12,25 +12,25 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - ">= 1.0.0" + - '>= 1.0.0' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - ">= 1.0.0" + - '>= 1.0.0' cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - ">= 1.0.0" + - '>= 1.0.0' cve-2021-45105: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - ">= 1.0.0" + - '>= 1.0.0' vendor_links: - https://support.1password.com/kb/202112/ notes: '' From 75dbd0fb308995680e47e092b67bfa93f77b135d Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 18 Jan 2022 14:46:26 -0500 Subject: [PATCH 24/25] Update cisagov_N.yml Update version for NI products --- data/cisagov_N.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/data/cisagov_N.yml b/data/cisagov_N.yml index 6bf4b5e..3ce3b55 100644 --- a/data/cisagov_N.yml +++ b/data/cisagov_N.yml @@ -102,7 +102,9 @@ software: cve-2021-44228: investigated: true affected_versions: - -Limited to deployments running Vertica, Cloudera, or Logstash + - 'Vertica' + - 'Cloudera' + - 'Logstash' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -133,8 +135,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - Version >4.2 - - <4..2.12 + - '>4.2' + - '<4..2.12' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -280,7 +282,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 3.0.57 + - '3.0.57' unaffected_versions: [] cve-2021-45046: investigated: false @@ -310,7 +312,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <7.4.3 + - '<7.4.3' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -372,7 +374,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 21.04.0.5552 + - '21.04.0.5552' cve-2021-45046: investigated: false affected_versions: [] From 7cfadd6effd701b7a5177dd78191fd8ba84e0ed5 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 18 Jan 2022 19:51:10 +0000 Subject: [PATCH 25/25] Update the software list --- SOFTWARE-LIST.md | 28 ++- data/cisagov.yml | 543 +++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 548 insertions(+), 23 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 7d3fe6e..3cc682e 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -22,7 +22,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Vendor | Product | Affected Versions | Patched Versions | Status | Vendor Links | Notes | References | Reporter | Last Updated | | ------ | ------- | ----------------- | ---------------- | ------ | ------------ | ----- | ---------- | -------- | ------------ | -| 1Password | All products | | | Unknown | [link](https://support.1password.com/kb/202112/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| 1Password | All products | | | Not Affected | [link](https://support.1password.com/kb/202112/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-01-14 | | 2n | | | | Unknown | [link](https://www.2n.com/cs_CZ/novinky/produkty-2n-neohrozuje-zranitelnost-cve-2021-44228-komponenty-log4j-2) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | 3CX | | | | Unknown | [link](https://www.3cx.com/community/threads/log4j-vulnerability-cve-2021-44228.86436/#post-407911) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | 3M Health Information Systems | CGS | | | Unknown | [link](https://support.3mhis.com/app/account/updates/ri/5210) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -150,6 +150,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Atlassian | Fisheye | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Atlassian | Jira Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Attivo networks | | | | Unknown | [link](https://www.attivonetworks.com/wp-content/uploads/2021/12/Log4j_Vulnerability-Advisory-211213-4.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atvise | All | | | Not Affected | [link](https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen) | The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise solutions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | | AudioCodes | | | | Unknown | [link](https://services.audiocodes.com/app/answers/kbdetail/a_id/2225) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Autodesk | | | | Unknown | [link](https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html) | Autodesk is continuing to perform a thorough investigation in relation to the recently discovered Apache Log4j security vulnerabilities. We continue to implement several mitigating factors for our products including patching, network firewall blocks, and updated detection signatures to reduce the threat of this vulnerability and enhance our ability to quickly respond to potential malicious activity. We have not identified any compromised systems in the Autodesk environment due to this vulnerability, at this time. This is an ongoing investigation and we will provide updates on the [Autodesk Trust Center as we learn more](https://www.autodesk.com/trust/overview). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Automox | | | | Unknown | [link](https://blog.automox.com/log4j-critical-vulnerability-scores-a-10) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1771,7 +1772,11 @@ NOTE: This file is automatically generated. To submit updates, please refer to | iRedMail | | | | Unknown | [link](https://forum.iredmail.org/topic18605-log4j-cve202144228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Ironnet | | | | Unknown | [link](https://www.ironnet.com/blog/ironnet-security-notifications-related-to-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ISLONLINE | | | | Unknown | [link](https://blog.islonline.com/2021/12/13/isl-online-is-not-affected-by-log4shell-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Ivanti | | | | Unknown | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ivanti | Avalanche | 6.2.2, 6.3.0 to 6.3.3 | | Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti File Director | 2019.1.*, 2020.1.*, 2020.3.*, 2021.1.*, 4.4.* | 2021.3 HF2, 2021.1 HF1, 2020.3 HF2 | Fixed | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | MobileIron Core | All | | Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | See Advisory details for mitigation instructions for MobileIron Core. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | MobileIron Core Connector | All | | Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | See Advisory details for mitigation instructions for MobileIron Core Connector. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | MobileIron Sentry (Core/Cloud) | 9.13, 9.14 | | Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | See Advisory details for mitigation instructions for MobileIron Sentry. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | | Jamasoftware | | | | Unknown | [link](https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Jamf | Jamf Pro | 10.31.0 – 10.34.0 | | Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Janitza | GridVis | | | Not Affected | [link](https://www.janitza.com/us/gridvis-download.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | @@ -1962,8 +1967,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to | ManageEngine | AD SelfService Plus | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-27 | | ManageEngine | Servicedesk Plus | 11305 and below | | Affected | [link](https://www.manageengine.com/products/service-desk/security-response-plan.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | MariaDB | | | | Unknown | [link](https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| MathWorks | All MathWorks general release desktop or server products | | | Unknown | [link](https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| MathWorks | MATLAB | | | Not Affected | [link](https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-29 | +| MathWorks | All MathWorks general release desktop or server products | | | Not Affected | [link](https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| MathWorks | MATLAB | | | Not Affected | [link](https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | | Matillion | Matillion ETL | | 1.59.10+ | Fixed | [link](https://documentation.matillion.com/docs/security-advisory-14th-december-2021) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-11-01 | | Matomo | | | | Unknown | [link](https://forum.matomo.org/t/matomo-is-not-concerned-by-the-log4j-security-breach-cve-2021-44228-discovered-on-december-2021-the-9th/44089) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Mattermost FocalBoard | | | | Unknown | [link](https://forum.mattermost.org/t/log4j-vulnerability-concern/12676) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -2043,8 +2048,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to | N-able | | | | Unknown | [link](https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Nagios | | | | Unknown | [link](https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | NAKIVO | | | | Unknown | [link](https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| National Instruments | OptimalPlus | -, L, i, m, i, t, e, d, , t, o, , d, e, p, l, o, y, m, e, n, t, s, , r, u, n, n, i, n, g, , V, e, r, t, i, c, a, ,, , C, l, o, u, d, e, r, a, ,, , o, r, , L, o, g, s, t, a, s, h | | Affected | [link](https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html) | (Limited to deployments running Vertica, Cloudera, or Logstash) Contact Technical Support | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | -| Neo4j | Neo4j Graph Database | Version >4.2, <4..2.12 | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| National Instruments | OptimalPlus | Vertica, Cloudera, Logstash | | Affected | [link](https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html) | (Limited to deployments running Vertica, Cloudera, or Logstash) Contact Technical Support | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | +| Neo4j | Neo4j Graph Database | >4.2, <4..2.12 | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | | Netapp | Multiple NetApp products | | | Unknown | [link](https://security.netapp.com/advisory/ntap-20211210-0007/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Netcup | | | | Unknown | [link](https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | NetGate PFSense | | | | Unknown | [link](https://forum.netgate.com/topic/168417/java-log4j-vulnerability-is-pfsense-affected/35) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -2184,6 +2189,16 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Salesforce | Social Studio | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Social Studio is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Salesforce | Tableau (On-Premise) | | < 2021.4.1 | Fixed | [link](https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell) | Fixed in 2021.4.1 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | Salesforce | Tableau (Online) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Tableau (Online) is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Samsung Electronics America | Knox Admin Portal | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | +| Samsung Electronics America | Knox Asset Intelligence | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | +| Samsung Electronics America | Knox Configure | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | +| Samsung Electronics America | Knox E-FOTA One | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | +| Samsung Electronics America | Knox Guard | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | +| Samsung Electronics America | Knox License Management | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | +| Samsung Electronics America | Knox Manage | | Cloud | Fixed | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | +| Samsung Electronics America | Knox Managed Services Provider (MSP) | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | +| Samsung Electronics America | Knox Mobile Enrollment | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | +| Samsung Electronics America | Knox Reseller Portal | | Cloud | Fixed | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | | Sangoma | | | | Unknown | [link](https://help.sangoma.com/community/s/article/Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | SAP | | | | Unknown | [link](https://support.sap.com/content/dam/support/en_us/library/ssp/my-support/trust-center/sap-tc-01-5025.pdf) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | SAP Advanced Platform | | | | Unknown | [link](https://launchpad.support.sap.com/#/notes/3130698) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | @@ -2659,6 +2674,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | VMware | VMware vRealize Orchestrator | 8.x, 7.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | VMware | VMware Workspace ONE Access | 21.x, 20.10.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | VMware | VMware Workspace ONE Access Connector (VMware Identity Manager Connector) | 21.x, 20.10.x, 19.03.0.1 | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | +| VTScada | All | | | Not Affected | [link](https://www.vtscada.com/vtscada-unaffected-by-log4j/) | Java is not utilized within VTScada software, and thus our users are unaffected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | | Vyaire | | | | Unknown | [link](https://www.vyaire.com/sites/us/files/2021-12/2021-12-15-product-security-bulletin-for-log4shell-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | WAGO | WAGO Smart Script | 4.2.x < 4.8.1.3 | | Affected | [link](https://www.wago.com/de/automatisierungstechnik/psirt#log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Wallarm | | | | Unknown | [link](https://lab.wallarm.com/cve-2021-44228-mitigation-update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index e0f2a6d..286186c 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -8,31 +8,35 @@ software: product: All products cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '>= 1.0.0' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '>= 1.0.0' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '>= 1.0.0' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '>= 1.0.0' vendor_links: - https://support.1password.com/kb/202112/ notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' + last_updated: '2021-01-14T00:00:00' - vendor: 2n product: '' cves: @@ -3851,6 +3855,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atvise + product: All + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen + notes: The security vulnerability does NOT affect our applications and products + or pose any threat. This applies to all Bachmann applications and products, + including atvise solutions. + references: + - '' + last_updated: '2022-01-17T00:00:00' - vendor: AudioCodes product: '' cves: @@ -51710,7 +51746,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: Ivanti - product: '' + product: Avalanche cves: cve-2021-4104: investigated: false @@ -51718,26 +51754,156 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - 6.2.2 + - 6.3.0 to 6.3.3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti File Director + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2019.1.* + - 2020.1.* + - 2020.3.* + - 2021.1.* + - 4.4.* + fixed_versions: + - 2021.3 HF2 + - 2021.1 HF1 + - 2020.3 HF2 + unaffected_versions: [] cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Core. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core Connector + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: '' + notes: See Advisory details for mitigation instructions for MobileIron Core Connector. references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Sentry (Core/Cloud) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '9.13' + - '9.14' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Sentry. + references: + - '' + last_updated: '2022-01-18T00:00:00' - vendor: Jamasoftware product: '' cves: @@ -57338,7 +57504,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -57357,7 +57523,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-18T00:00:00' - vendor: MathWorks product: MATLAB cves: @@ -57387,7 +57553,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-29T00:00:00' + last_updated: '2022-01-18T00:00:00' - vendor: Matillion product: Matillion ETL cves: @@ -59705,7 +59871,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: -Limited to deployments running Vertica, Cloudera, or Logstash + affected_versions: + - Vertica + - Cloudera + - Logstash fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59736,7 +59905,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Version >4.2 + - '>4.2' - <4..2.12 fixed_versions: [] unaffected_versions: [] @@ -63874,6 +64043,316 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' + - vendor: Samsung Electronics America + product: Knox Admin Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Asset Intelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Configure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox E-FOTA One + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Guard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox License Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Manage + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Managed Services Provider (MSP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Mobile Enrollment + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Reseller Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' - vendor: Sangoma product: '' cves: @@ -78004,6 +78483,36 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' + - vendor: VTScada + product: All + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.vtscada.com/vtscada-unaffected-by-log4j/ + notes: Java is not utilized within VTScada software, and thus our users are unaffected. + references: + - '' + last_updated: '2022-01-17T00:00:00' - vendor: Vyaire product: '' cves: