mirror of
https://github.com/cisagov/log4j-affected-db.git
synced 2024-11-22 16:40:48 +00:00
691 lines
19 KiB
YAML
691 lines
19 KiB
YAML
---
|
|
version: '1.0'
|
|
owners:
|
|
- name: cisagov
|
|
url: https://github.com/cisagov/log4j-affected-db
|
|
software:
|
|
- vendor: WAGO
|
|
product: WAGO Smart Script
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-44228:
|
|
investigated: true
|
|
affected_versions:
|
|
- 4.2.x < 4.8.1.3
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45046:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45105:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
vendor_links:
|
|
- https://www.wago.com/de/automatisierungstechnik/psirt#log4j
|
|
notes: ''
|
|
references:
|
|
- ''
|
|
last_updated: '2021-12-17T00:00:00'
|
|
- vendor: Wallarm
|
|
product: ''
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-44228:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45046:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45105:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
vendor_links:
|
|
- https://lab.wallarm.com/cve-2021-44228-mitigation-update/
|
|
notes: ''
|
|
references:
|
|
- ''
|
|
last_updated: '2022-01-12T07:18:50+00:00'
|
|
- vendor: Wasp Barcode technologies
|
|
product: ''
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-44228:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45046:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45105:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
vendor_links:
|
|
- https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no
|
|
notes: ''
|
|
references:
|
|
- ''
|
|
last_updated: '2022-01-12T07:18:50+00:00'
|
|
- vendor: WatchGuard
|
|
product: Secplicity
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-44228:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45046:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45105:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
vendor_links:
|
|
- https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/
|
|
notes: ''
|
|
references:
|
|
- ''
|
|
last_updated: '2022-01-12T07:18:50+00:00'
|
|
- vendor: Western Digital
|
|
product: ''
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-44228:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45046:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45105:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
vendor_links:
|
|
- https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis
|
|
notes: ''
|
|
references:
|
|
- ''
|
|
last_updated: '2022-01-12T07:18:50+00:00'
|
|
- vendor: WIBU Systems
|
|
product: CodeMeter Cloud Lite
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-44228:
|
|
investigated: true
|
|
affected_versions:
|
|
- 2.2 and prior
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45046:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45105:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
vendor_links:
|
|
- https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf
|
|
notes: ''
|
|
references:
|
|
- ''
|
|
last_updated: '2021-12-22T00:00:00'
|
|
- vendor: WIBU Systems
|
|
product: CodeMeter Keyring for TIA Portal
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-44228:
|
|
investigated: true
|
|
affected_versions:
|
|
- 1.30 and prior
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45046:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45105:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
vendor_links:
|
|
- https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf
|
|
notes: Only the Password Manager is affected
|
|
references:
|
|
- ''
|
|
last_updated: '2021-12-22T00:00:00'
|
|
- vendor: Wind River
|
|
product: LTS17
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-44228:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-45046:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-45105:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
vendor_links:
|
|
- https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191
|
|
notes: ''
|
|
references:
|
|
- ''
|
|
last_updated: '2022-01-21T00:00:00'
|
|
- vendor: Wind River
|
|
product: LTS18
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-44228:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-45046:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-45105:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
vendor_links:
|
|
- https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191
|
|
notes: ''
|
|
references:
|
|
- ''
|
|
last_updated: '2022-01-21T00:00:00'
|
|
- vendor: Wind River
|
|
product: LTS19
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-44228:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-45046:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-45105:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
vendor_links:
|
|
- https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191
|
|
notes: ''
|
|
references:
|
|
- ''
|
|
last_updated: '2022-01-21T00:00:00'
|
|
- vendor: Wind River
|
|
product: LTS21
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-44228:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-45046:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-45105:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
vendor_links:
|
|
- https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191
|
|
notes: ''
|
|
references:
|
|
- ''
|
|
last_updated: '2022-01-12T07:18:50+00:00'
|
|
- vendor: Wind River
|
|
product: WRL-6
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-44228:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-45046:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-45105:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
vendor_links:
|
|
- https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191
|
|
notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2
|
|
and JMSAppender components, however, JMSAppender is deactivated in the release
|
|
package and not affected by CVE-2021-4104 customers are advised to NOT manually
|
|
activate the JMSAppender component.
|
|
references:
|
|
- ''
|
|
last_updated: '2022-01-21T00:00:00'
|
|
- vendor: Wind River
|
|
product: WRL-7
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-44228:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-45046:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-45105:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
vendor_links:
|
|
- https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191
|
|
notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2
|
|
and JMSAppender components, however, JMSAppender is deactivated in the release
|
|
package and not affected by CVE-2021-4104 customers are advised to NOT manually
|
|
activate the JMSAppender component.
|
|
references:
|
|
- ''
|
|
last_updated: '2022-01-21T00:00:00'
|
|
- vendor: Wind River
|
|
product: WRL-8
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-44228:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-45046:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-45105:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
vendor_links:
|
|
- https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191
|
|
notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2
|
|
and JMSAppender components, however, JMSAppender is deactivated in the release
|
|
package and not affected by CVE-2021-4104 customers are advised to NOT manually
|
|
activate the JMSAppender component.
|
|
references:
|
|
- ''
|
|
last_updated: '2022-01-21T00:00:00'
|
|
- vendor: Wind River
|
|
product: WRL-9
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-44228:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-45046:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
cve-2021-45105:
|
|
investigated: true
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions:
|
|
- All
|
|
vendor_links:
|
|
- https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191
|
|
notes: ''
|
|
references:
|
|
- ''
|
|
last_updated: '2022-01-21T00:00:00'
|
|
- vendor: WireShark
|
|
product: ''
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-44228:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45046:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45105:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
vendor_links:
|
|
- https://gitlab.com/wireshark/wireshark/-/issues/17783
|
|
notes: ''
|
|
references:
|
|
- ''
|
|
last_updated: '2022-01-12T07:18:50+00:00'
|
|
- vendor: Wistia
|
|
product: ''
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-44228:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45046:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45105:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
vendor_links:
|
|
- https://status.wistia.com/incidents/jtg0dfl5l224
|
|
notes: ''
|
|
references:
|
|
- ''
|
|
last_updated: '2022-01-12T07:18:50+00:00'
|
|
- vendor: WitFoo
|
|
product: ''
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-44228:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45046:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45105:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
vendor_links:
|
|
- https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/
|
|
notes: ''
|
|
references:
|
|
- ''
|
|
last_updated: '2022-01-12T07:18:50+00:00'
|
|
- vendor: WordPress
|
|
product: ''
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-44228:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45046:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45105:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
vendor_links:
|
|
- https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/
|
|
notes: ''
|
|
references:
|
|
- ''
|
|
last_updated: '2022-01-12T07:18:50+00:00'
|
|
- vendor: Worksphere
|
|
product: ''
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-44228:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45046:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45105:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
vendor_links:
|
|
- https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228
|
|
notes: ''
|
|
references:
|
|
- ''
|
|
last_updated: '2022-01-12T07:18:50+00:00'
|
|
- vendor: Wowza
|
|
product: ''
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-44228:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45046:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45105:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
vendor_links:
|
|
- https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve
|
|
notes: ''
|
|
references:
|
|
- ''
|
|
last_updated: '2022-01-12T07:18:50+00:00'
|
|
- vendor: WSO2
|
|
product: WSO2 Enterprise Integrator
|
|
cves:
|
|
cve-2021-4104:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-44228:
|
|
investigated: true
|
|
affected_versions:
|
|
- 6.1.0 and above
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45046:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
cve-2021-45105:
|
|
investigated: false
|
|
affected_versions: []
|
|
fixed_versions: []
|
|
unaffected_versions: []
|
|
vendor_links:
|
|
- https://docs.wso2.com/pages/viewpage.action?pageId=180948677
|
|
notes: A temporary mitigation is available while vendor works on update
|
|
references:
|
|
- ''
|
|
last_updated: '2022-01-12T07:18:50+00:00'
|
|
...
|