mirror of
https://github.com/cisagov/log4j-affected-db.git
synced 2024-11-18 06:47:54 +00:00
96 lines
15 KiB
Markdown
96 lines
15 KiB
Markdown
|
# CISA Log4j (CVE-2021-44228) Affected Vendor & Software List #
|
||
|
|
||
|
[0-9](software_list_Non-Alphabet.md) [A](software_list_A.md) [B](software_list_B.md)
|
||
|
[C](software_list_C.md) [D](software_list_D.md) [E](software_list_E.md)
|
||
|
[F](software_list_F.md) [G](software_list_G.md) [H](software_list_H.md)
|
||
|
[I](software_list_I.md) [J](software_list_J.md) [K](software_list_K.md)
|
||
|
[L](software_list_L.md) [M](software_list_M.md) [N](software_list_N.md)
|
||
|
[O](software_list_O.md) [P](software_list_P.md) [Q](software_list_Q.md)
|
||
|
[R](software_list_R.md) [S](software_list_S.md) [T](software_list_T.md)
|
||
|
[U](software_list_U.md) [V](software_list_V.md) [W](software_list_W.md)
|
||
|
[X](software_list_X.md) [Y](software_list_Y.md) [Z](software_list_Z.md)
|
||
|
|
||
|
## Status Descriptions ##
|
||
|
|
||
|
| Status | Description |
|
||
|
| ------ | ----------- |
|
||
|
| Unknown | Status unknown. Default choice. |
|
||
|
| Affected | Reported to be affected by CVE-2021-44228. |
|
||
|
| Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. |
|
||
|
| Fixed | Patch and/or mitigations available (see provided links). |
|
||
|
| Under Investigation | Vendor investigating status. |
|
||
|
|
||
|
## Software List ##
|
||
|
|
||
|
This list has been populated using information from the following sources:
|
||
|
|
||
|
- Kevin Beaumont
|
||
|
- SwitHak
|
||
|
- National Cyber Security Centre - Netherlands (NCSC-NL)
|
||
|
|
||
|
NOTE: This file is automatically generated. To submit updates, please refer to
|
||
|
[`CONTRIBUTING.md`](CONTRIBUTING.md).
|
||
|
|
||
|
| Vendor | Product | Affected Versions | Patched Versions | Status | Vendor Links | Notes | References | Reporter | Last Updated |
|
||
|
| ------ | ------- | ----------------- | ---------------- | ------ | ------------ | ----- | ---------- | -------- | ------------ |
|
||
|
| N-able | | | | Unknown | [link](https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||
|
| Nagios | | | | Unknown | [link](https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||
|
| NAKIVO | | | | Unknown | [link](https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||
|
| National Instruments | OptimalPlus | Vertica, Cloudera, Logstash | | Affected | [link](https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html) | (Limited to deployments running Vertica, Cloudera, or Logstash) Contact Technical Support | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 |
|
||
|
| Neo4j | Neo4j Graph Database | >4.2, <4..2.12 | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 |
|
||
|
| Netapp | Multiple NetApp products | | | Unknown | [link](https://security.netapp.com/advisory/ntap-20211210-0007/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||
|
| Netcup | | | | Unknown | [link](https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||
|
| NetGate PFSense | | | | Unknown | [link](https://forum.netgate.com/topic/168417/java-log4j-vulnerability-is-pfsense-affected/35) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||
|
| Netwrix | | | | Unknown | [link](https://www.netwrix.com/netwrix_statement_on_cve_2021_44228_the_apache_log4j_vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||
|
| New Relic | Containerized Private Minion (CPM) | | 3.0.57 | Fixed | [link](https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/) | New Relic is in the process of revising guidance/documentation, however the fix version remains sufficient. | [Security Bulletin NR21-04](https://docs.newrelic.com/docs/security/new-relic-security/security-bulletins/security-bulletin-nr21-04/) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 |
|
||
|
| New Relic | New Relic Java Agent | <7.4.3 | | Affected | [link](https://docs.newrelic.com/docs/release-notes/agent-release-notes/java-release-notes/java-agent-743/) | Initially fixed in 7.4.2, but additional vulnerability found | [New Relic tracking](https://github.com/newrelic/newrelic-java-agent/issues/605), covers CVE-2021-44228, CVE-2021-45046 | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| NextCloud | | | | Unknown | [link](https://help.nextcloud.com/t/apache-log4j-does-not-affect-nextcloud/129244) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||
|
| Nextflow | Nextflow | | | Not Affected | [link](https://www.nextflow.io/docs/latest/index.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
|
||
|
| Nexus Group | | | | Unknown | [link](https://doc.nexusgroup.com/pages/viewpage.action?pageId=83133294) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||
|
| Nice Software (AWS) EnginFRAME | | | | Unknown | [link](https://download.enginframe.com/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||
|
| NinjaRMM | | | | Unknown | [link](https://ninjarmm.zendesk.com/hc/en-us/articles/4416226194189-12-10-21-Security-Declaration-NinjaOne-not-affected-by-CVE-2021-44228-log4j-) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||
|
| Nomachine | | | | Unknown | [link](https://forums.nomachine.com/topic/apache-log4j-notification) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||
|
| NoviFlow | | | | Unknown | [link](https://noviflow.com/noviflow-products-and-the-log4shell-exploit-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||
|
| Nulab | Backlog | | N/A (SaaS) | Fixed | [link](https://nulab.com/blog/company-news/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||
|
| Nulab | Backlog Enterprise (On-premises) | | < 1.11.7 | Fixed | [link](https://nulab.com/blog/company-news/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||
|
| Nulab | Cacoo | | N/A (SaaS) | Fixed | [link](https://nulab.com/blog/company-news/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||
|
| Nulab | Cacoo Enterprise (On-premises) | | < 4.0.4 | Fixed | [link](https://nulab.com/blog/company-news/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||
|
| Nulab | Typetalk | | N/A (SaaS) | Fixed | [link](https://nulab.com/blog/company-news/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||
|
| Nutanix | AHV | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | AOS | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | AOS | | STS (including Prism Element) | Fixed | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Patched in 6.0.2.4, available on the Portal for download. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Beam | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | BeamGov | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Calm | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Calm Tunnel VM | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Collector | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Collector Portal | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Data Lens | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Era | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | File Analytics | 2.1.x, 2.2.x, 3.0+ | | Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Mitigated in version 3.0.1 which is available on the Portal for download. Mitigation is available [here](https://portal.nutanix.com/kb/12499) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Files | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Flow | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Flow Security Cental | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Foundation | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Frame | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | FrameGov | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | FSCVM | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Insights | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Karbon | All | | Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Mitigation is available [here](https://portal.nutanix.com/kb/12483) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Karbon Platform Service | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | LCM | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Leap | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Mine | All | | Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Mitigation is available [here](https://portal.nutanix.com/kb/12484) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Move | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | MSP | All | | Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Mitigation is available [here](https://portal.nutanix.com/kb/12482) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | NCC | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | NGT | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Objects | All | | Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Mitigation is available [here](https://portal.nutanix.com/kb/12482) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Prism Central | | All | Fixed | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Patched in 2021-9.0.3, available on the Portal for download. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Sizer | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Volumes | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | Witness VM | All | | Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Mitigation is available [here](https://portal.nutanix.com/kb/12491) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nutanix | X-Ray | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
|
||
|
| Nvidia | | | | Unknown | [link](https://nvidia.custhelp.com/app/answers/detail/a_id/5294) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|
||
|
| NXLog | | | | Unknown | [link](https://nxlog.co/news/apache-log4j-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
|