log4j-affected-db/README.md

#  CISA Log4j (CVE-2021-44228) Vulnerability Guidance

This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228).  CISA encourages users and administrators to review the [official Apache release](https://logging.apache.org/log4j/2.x/security.html) and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.
</br>
</br>
**Official CISA Guidance & Resources:**
</br>
CISA Director Jen Easterly's Statement: [Statement from CISA Director Easterly on “Log4j” Vulnerability](https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability).
</br> CISA Current Activity Alert: [Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce)
</br>
National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
</br>
</br>
CISA will maintain a list of all publicly available information and vendor-supplied advisories regarding the Log4j vulnerability.

# Status Descriptions

|Status| Description |
|------|-------------|
| Unknown | Status unknown.  Default choice. |
| Affected| Reported to be affected by CVE-2021-44228. |
| Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. |
| Fixed | Patch and/or mitigations available (see provided links).  |
| Under Investigation | Vendor investigating status. |

# Software List

| Vendor        | Product         | Version         | Status          | Update Available | Notes | References |  Last Updated |
|:--------------|:----------------|:---------------:|:---------------:|:-----------------|-----------------------|:-------|--------------:|
| Sample-Vendor | Product-A       | 1.15.0          | Affected        | Yes/No [Link]()  | <Statement by vendor, vuln note, etc.>| [Link Here]() | 12/11/2021|
Create sample table 2021-12-13 15:27:47 +00:00			`# CISA Log4j (CVE-2021-44228) Vulnerability Guidance`

Update sample table, change affected not affected 2021-12-13 16:37:08 +00:00			`This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and administrators to review the [official Apache release](https://logging.apache.org/log4j/2.x/security.html) and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.`
			`</br>`
			`</br>`
			`Official CISA Guidance & Resources:`
			`</br>`
			`CISA Director Jen Easterly's Statement: [Statement from CISA Director Easterly on “Log4j” Vulnerability](https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability).`
			`</br> CISA Current Activity Alert: [Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce)`
			`</br>`
Fix link 2021-12-13 16:54:29 +00:00			`National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)`
Update sample table, change affected not affected 2021-12-13 16:37:08 +00:00			`</br>`
			`</br>`
Add status descriptions, update schema of table 2021-12-13 18:42:45 +00:00			`CISA will maintain a list of all publicly available information and vendor-supplied advisories regarding the Log4j vulnerability.`

Update status description header 2021-12-13 19:00:01 +00:00			`# Status Descriptions`
Add status descriptions, update schema of table 2021-12-13 18:42:45 +00:00
			`\|Status\| Description \|`
			`\|------\|-------------\|`
			`\| Unknown \| Status unknown. Default choice. \|`
			`\| Affected\| Reported to be affected by CVE-2021-44228. \|`
Update Not Affected description 2021-12-13 18:52:25 +00:00			`\| Not Affected \| Reported to NOT be affected by CVE-2021-44228 and no further action necessary. \|`
Update language for descriptions 2021-12-13 18:44:48 +00:00			`\| Fixed \| Patch and/or mitigations available (see provided links). \|`
Add status descriptions, update schema of table 2021-12-13 18:42:45 +00:00			`\| Under Investigation \| Vendor investigating status. \|`
Create sample table 2021-12-13 15:27:47 +00:00
			`# Software List`

Add status descriptions, update schema of table 2021-12-13 18:42:45 +00:00			`\| Vendor \| Product \| Version \| Status \| Update Available \| Notes \| References \| Last Updated \|`
			`\|:--------------\|:----------------\|:---------------:\|:---------------:\|:-----------------\|-----------------------\|:-------\|--------------:\|`
			`\| Sample-Vendor \| Product-A \| 1.15.0 \| Affected \| Yes/No [Link]() \| <Statement by vendor, vuln note, etc.>\| [Link Here]() \| 12/11/2021\|`