1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-18 14:57:54 +00:00
log4j-affected-db/data/cisagov_G.yml
00gh 11ef0d7d70 Removed incorrect usage of escape codes in yml.
The incorrect escape codes are removed. This will also result in the
removal of (incorrect) escape codes in the generated markdown file.
2022-02-08 01:00:54 +01:00

5919 lines
171 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
version: '1.0'
owners:
- name: cisagov
url: https://github.com/cisagov/log4j-affected-db
software:
- vendor: GE Digital
product: All
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories
notes: This advisory is available to customers only and has not been reviewed
by CISA.
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: GE Digital Grid
product: All
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585
notes: This advisory is available to customers only and has not been reviewed
by CISA.
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: Asset Performance Management (APM)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed
in development environment and the team is currently deploying the fixes in
the production environment.
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: Baseline Security Center (BSC)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- ''
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: GE Gas Power is still validating the workaround provided by FoxGuard in
Technical Information Notice M1221-S01.
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: Baseline Security Center (BSC) 2.0
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: GE Gas Power has tested and validated the component of the BSC 2.0 that
is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded
from link in reference section. This update is available to customer only and
has not been reviewed by CISA.
references:
- '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)'
last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: Control Server
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- ''
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: Please see vCenter. Control Server is not directly impacted. It is impacted
through vCenter.
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: MyFleet
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: OPM Performance Intelligence
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: OPM Performance Planning
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: Tag Mapping Service
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: GE Gas Power
product: vCenter
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf
notes: GE Gas Power has tested and validated the update provided by Vmware. The
update and instructions can be downloaded from link in reference section. This
update is available to customer only and has not been reviewed by CISA.
references:
- '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)'
last_updated: '2021-12-22T00:00:00'
- vendor: GE Healthcare
product: ''
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://securityupdate.gehealthcare.com
notes: This advisory is not available at the time of this review, due to maintence
on the GE Healthcare website.
references:
- ''
last_updated: '2021-12-22T00:00:00'
- vendor: Gearset
product: All
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Genesys
product: All
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GeoServer
product: All
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GeoSolutions
product: GeoNetwork
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: All
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html
notes: ''
references:
- ''
last_updated: '2021-12-16T07:18:50+00:00'
- vendor: GeoSolutions
product: GeoServer
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- All
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html
notes: ''
references:
- ''
last_updated: '2021-12-16T07:18:50+00:00'
- vendor: Gerrit Code Review
product: All
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.gerritcodereview.com/2021-12-13-log4j-statement.html
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GFI Software
product: All
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GFI Software
product: Kerio Connect
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Ghidra
product: All
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Ghisler
product: Total Commander
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.ghisler.com/whatsnew.htm
notes: Third Party plugins might contain log4j.
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gigamon
product: Fabric Manager
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- <5.13.01.02
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://community.gigamon.com/gigamoncp/s/my-gigamon
notes: Updates available via the Gigamon Support Portal. This advisory available
to customers only and has not been reviewed by CISA.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: GitHub
product: GitHub
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- GitHub.com and GitHub Enterprise Cloud
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/
notes: ''
references:
- ''
last_updated: '2021-12-17T00:00:00'
- vendor: GitHub
product: GitHub Enterprise Server
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- 3.0.22
- 3.1.14
- 3.2.6
- 3.3.1
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/
notes: ''
references:
- ''
last_updated: '2021-12-17T00:00:00'
- vendor: GitLab
product: All
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763/8
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GitLab
product: DAST Analyzer
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763/8
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GitLab
product: Dependency Scanning
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763/8
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GitLab
product: Gemnasium-Maven
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763/8
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GitLab
product: PMD OSS
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763/8
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GitLab
product: SAST
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763/8
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GitLab
product: Spotbugs
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://forum.gitlab.com/t/cve-2021-4428/62763/8
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Globus
product: All
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GoAnywhere
product: Agents
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps
notes: ''
references:
- ''
last_updated: '2021-12-18T00:00:00'
- vendor: GoAnywhere
product: Gateway
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- Version 2.7.0 or later
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps
notes: ''
references:
- ''
last_updated: '2021-12-18T00:00:00'
- vendor: GoAnywhere
product: MFT
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- Version 5.3.0 or later
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps
notes: ''
references:
- ''
last_updated: '2021-12-18T00:00:00'
- vendor: GoAnywhere
product: MFT Agents
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions:
- 1.4.2 or later
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps
notes: Versions less than GoAnywhere Agent version 1.4.2 are not affected.
references:
- ''
last_updated: '2021-12-18T00:00:00'
- vendor: GoAnywhere
product: Open PGP Studio
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- ''
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps
notes: ''
references:
- ''
last_updated: '2021-12-18T00:00:00'
- vendor: GoAnywhere
product: Suveyor/400
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps
notes: ''
references:
- ''
last_updated: '2021-12-18T00:00:00'
- vendor: GoCD
product: All
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.gocd.org/2021/12/14/log4j-vulnerability.html
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:52+00:00'
- vendor: Google
product: Chrome
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html
notes: Chrome Browser releases, infrastructure and admin console are not using
versions of Log4j affected by the vulnerability.
references:
- ''
last_updated: '2022-01-14'
- vendor: Google Cloud
product: Access Transparency
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Actifio
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Actifio has identified limited exposure to the Log4j 2 vulnerability and
has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com)
for the full statement and to obtain the hotfix (available to Actifio customers
only).
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: AI Platform Data Labeling
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: AI Platform Neural Architecture Search (NAS)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: AI Platform Training and Prediction
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Anthos
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate
logging solution that uses Log4j 2. We strongly encourage customers who manage
Anthos environments to identify components dependent on Log4j 2 and update them
to the latest version.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Anthos Config Management
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Anthos Connect
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Anthos Hub
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Anthos Identity Service
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Anthos on VMWare
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check
VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds
to their VMware products as they become available. We also recommend customers
review their respective applications and workloads affected by the same vulnerabilities
and apply appropriate patches.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Anthos Premium Software
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Anthos Service Mesh
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Apigee
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not
used and therefore the VMs were not impacted by the issues in CVE-2021-44228
and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution.
It is possible that customers may have introduced custom resources that are
using vulnerable versions of Log4j. We strongly encourage customers who manage
Apigee environments to identify components dependent on Log4j and update them
to the latest version. Visit the Apigee Incident Report for more information.
references:
- ''
last_updated: '2021-12-17T00:00:00'
- vendor: Google Cloud
product: App Engine
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate
logging solution that uses Log4j 2. We strongly encourage customers who manage
App Engine environments to identify components dependent on Log4j 2 and update
them to the latest version.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: AppSheet
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At
this time, we have identified no impact to core AppSheet functionality. Additionally,
we have patched one Java-based auxiliary service in our platform. We will continue
to monitor for affected services and patch or remediate as required. If you
have any questions or require assistance, contact AppSheet Support.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Artifact Registry
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Assured Workloads
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: AutoML
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: AutoML Natural Language
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: AutoML Tables
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: AutoML Translation
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: AutoML Video
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: AutoML Vision
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: BigQuery
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: BigQuery Data Transfer Service
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: BigQuery Omni
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: BigQuery Omni, which runs on AWS and Azure infrastructure, does not use
Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046.
We continue to work with AWS and Azure to assess the situation.
references:
- ''
last_updated: '2021-12-19T00:00:00'
- vendor: Google Cloud
product: Binary Authorization
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Certificate Manager
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Chronicle
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Cloud Asset Inventory
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Bigtable
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-19T00:00:00'
- vendor: Google Cloud
product: Cloud Build
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate
logging solution that uses Log4j 2. We strongly encourage customers who manage
Cloud Build environments to identify components dependent on Log4j 2 and update
them to the latest version.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud CDN
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Cloud Composer
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and
is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible
that customers may have imported or introduced other dependencies via DAGs,
installed PyPI modules, plugins, or other services that are using vulnerable
versions of Log4j 2. We strongly encourage customers, who manage Composer environments
to identify components dependent on Log4j 2 and update them to the latest version.
references:
- ''
last_updated: '2021-12-15T00:00:00'
- vendor: Google Cloud
product: Cloud Console App
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Data Loss Prevention
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Debugger
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Deployment Manager
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud DNS
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Cloud Endpoints
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud External Key Manager (EKM)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Functions
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate
logging solution that uses Log4j 2. We strongly encourage customers who manage
Cloud Functions environments to identify components dependent on Log4j 2 and
update them to the latest version.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Hardware Security Module (HSM)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Interconnect
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Intrusion Detection System (IDS)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Key Management Service
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Load Balancing
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Cloud Logging
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Natural Language API
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Network Address Translation (NAT)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Cloud Profiler
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Router
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Cloud Run
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate
logging solution that uses Log4j 2. We strongly encourage customers who manage
Cloud Run environments to identify components dependent on Log4j 2 and update
them to the latest version.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Run for Anthos
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate
logging solution that uses Log4j 2. We strongly encourage customers who manage
Cloud Run for Anthos environments to identify components dependent on Log4j
2 and update them to the latest version.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Scheduler
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud SDK
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Shell
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate
logging solution that uses Log4j 2. We strongly encourage customers who manage
Cloud Shell environments to identify components dependent on Log4j 2 and update
them to the latest version.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Source Repositories
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Spanner
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-19T00:00:00'
- vendor: Google Cloud
product: Cloud SQL
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-19T00:00:00'
- vendor: Google Cloud
product: Cloud Storage
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Cloud Tasks
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Trace
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Traffic Director
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Cloud Translation
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Vision
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud Vision OCR On-Prem
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Cloud VPN
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: CompilerWorks
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Compute Engine
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Compute Engine does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine,
we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes
to Google Cloud VMware Engine as they become available.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Contact Center AI (CCAI)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Contact Center AI Insights
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Container Registry
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Data Catalog
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228
and CVE-2021-45046. We strongly encourage customers who introduced their own
connectors to identify dependencies on Log4j 2 and update them to the latest
version.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Data Fusion
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Data Fusion does not use Log4j 2, but uses Dataproc as one of the options
to execute pipelines. Dataproc released new images on December 18, 2021 to address
the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow
instructions in a notification sent on December 18, 2021 with the subject line
“Important information about Data Fusion.”
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Database Migration Service (DMS)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-19T00:00:00'
- vendor: Google Cloud
product: Dataflow
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: 'Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228
and CVE-2021-45046. If you have changed dependencies or default behavior, it
is strongly recommended you verify there is no dependency on vulnerable versions
Log4j 2. Customers have been provided details and instructions in a notification
sent on December 17, 2021 with the subject line “Update #1 to Important information
about Dataflow.”'
references:
- ''
last_updated: '2021-12-17T00:00:00'
- vendor: Google Cloud
product: Dataproc
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Dataproc released new images on December 18, 2021 to address the vulnerabilities
in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions
in notifications sent on December 18, 2021 with the subject line “Important
information about Dataproc” with Dataproc documentation.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Dataproc Metastore
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Dataproc Metastore has been updated to mitigate the issues identified in
CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent
two notifications with instructions on December 17, 2021 with the subject line
“Important information regarding Log4j 2 vulnerability in your gRPC-enabled
Dataproc Metastore.”
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Datastore
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-19T00:00:00'
- vendor: Google Cloud
product: Datastream
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-19T00:00:00'
- vendor: Google Cloud
product: Dialogflow Essentials (ES)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Document AI
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Event Threat Detection
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Eventarc
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Filestore
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Log4j 2 is contained within the Filestore service; there is a technical
control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046.
Log4j 2 will be updated to the latest version as part of the scheduled rollout
in January 2022.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Firebase
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Firestore
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-19T00:00:00'
- vendor: Google Cloud
product: Game Servers
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Google Cloud Armor
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Google Cloud Armor Managed Protection Plus
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Google Cloud VMware Engine
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: We are working with VMware and tracking VMSA-2021-0028.1. We will deploy
fixes as they become available.
references:
- ''
last_updated: '2021-12-11T00:00:00'
- vendor: Google Cloud
product: Google Kubernetes Engine
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Google Kubernetes Engine does not use Log4j 2 and is not impacted by the
issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have
introduced a separate logging solution that uses Log4j 2. We strongly encourage
customers who manage Google Kubernetes Engine environments to identify components
dependent on Log4j 2 and update them to the latest version.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Healthcare Data Engine (HDE)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Human-in-the-Loop AI
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: IoT Core
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Key Access Justifications (KAJ)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Looker
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Looker-hosted instances have been updated to a Looker version with Log4j v2.16.
Looker is currently working with third-party driver vendors to evaluate the
impact of the Log4j vulnerability. As Looker does not enable logging for these
drivers in Looker-hosted instances, no messages are logged. We conclude that
the vulnerability is mitigated. We continue to actively work with the vendors
to deploy a fix for these drivers. Looker customers who self-manage their Looker
instances have received instructions through their technical contacts on how
to take the necessary steps to address the vulnerability. Looker customers who
have questions or require assistance, please visit Looker Support.
references:
- ''
last_updated: '2021-12-18T00:00:00'
- vendor: Google Cloud
product: Media Translation API
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Memorystore
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-19T00:00:00'
- vendor: Google Cloud
product: Migrate for Anthos
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Migrate for Compute Engine (M4CE)
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: M4CE has been updated to mitigate the issues identified in CVE-2021-44228
and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities.
A notification was sent to customers on December 17, 2021 with subject line
“Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11
or below. If you are on M4CE v5.0 or above, no action is needed.
references:
- ''
last_updated: '2021-12-19T00:00:00'
- vendor: Google Cloud
product: Network Connectivity Center
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Network Intelligence Center
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Network Service Tiers
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Persistent Disk
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Pub/Sub
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-16T00:00:00'
- vendor: Google Cloud
product: Pub/Sub Lite
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate
logging solution that uses Log4j 2. We strongly encourage customers who manage
Pub/Sub Lite environments to identify components dependent on Log4j 2 and update
them to the latest version.
references:
- ''
last_updated: '2021-12-16T00:00:00'
- vendor: Google Cloud
product: reCAPTCHA Enterprise
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Recommendations AI
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Retail Search
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Risk Manager
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Secret Manager
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Security Command Center
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Service Directory
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Service Infrastructure
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Speaker ID
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Speech-to-Text
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Speech-to-Text On-Prem
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Storage Transfer Service
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Talent Solution
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Text-to-Speech
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Transcoder API
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Transfer Appliance
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Video Intelligence API
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Virtual Private Cloud
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-20T00:00:00'
- vendor: Google Cloud
product: Web Security Scanner
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Google Cloud
product: Workflows
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.google.com/log4j2-security-advisory
notes: Product does not use Log4j 2 and is not impacted by the issues identified
in CVE-2021-44228 and CVE-2021-45046.
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: Gradle
product: All
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://blog.gradle.org/log4j-vulnerability
notes: Gradle Scala Compiler Plugin depends upon log4j-core but it is not used.
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gradle
product: Gradle Enterprise
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- < 2021.3.6
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://security.gradle.com/advisory/2021-11
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gradle
product: Gradle Enterprise Build Cache Node
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- < 10.1
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://security.gradle.com/advisory/2021-11
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gradle
product: Gradle Enterprise Test Distribution Agent
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- < 1.6.2
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://security.gradle.com/advisory/2021-11
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Grafana
product: All
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Grandstream
product: All
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gravitee
product: Access Management
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- 3.10.x
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gravitee
product: Access Management
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- 3.5.x
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gravitee
product: Alert Engine
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- 1.5.x
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gravitee
product: Alert Engine
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- 1.4.x
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gravitee
product: API Management
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- 3.10.x
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gravitee
product: API Management
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- 3.5.x
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gravitee
product: Cockpit
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- 1.4.x
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Gravwell
product: All
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products
notes: Gravwell products do not use Java.
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Graylog
product: All
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- 3.3.15
- 4.0.14
- 4.1.9
- 4.2.3
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.graylog.org/post/graylog-update-for-log4j
notes: The vulnerable Log4j library is used to record GrayLogs own log information.
Vulnerability is not triggered when GrayLog stores exploitation vector from
an outer system.
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Graylog
product: Graylog Server
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- All versions >= 1.2.0 and <= 4.2.2
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://www.graylog.org/post/graylog-update-for-log4j
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GreenShot
product: All
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions: []
unaffected_versions:
- ''
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://greenshot.atlassian.net/browse/BUG-2871
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: GSA
product: Cloud.gov
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://cloud.gov/2021/12/14/log4j-buildpack-updates/
notes: ''
references:
- ''
last_updated: '2021-12-21T00:00:00'
- vendor: GuardedBox
product: All
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: true
affected_versions: []
fixed_versions:
- 3.1.2
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://twitter.com/GuardedBox/status/1469739834117799939
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
- vendor: Guidewire
product: All
cves:
cve-2021-4104:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-44228:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45046:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
cve-2021-45105:
investigated: false
affected_versions: []
fixed_versions: []
unaffected_versions: []
vendor_links:
- https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products
notes: ''
references:
- ''
last_updated: '2022-01-12T07:18:50+00:00'
...