| Google | Chrome | | | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 |
| Google Cloud | Access Transparency | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Google Cloud | Actifio | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) for the full statement and to obtain the hotfix (available to Actifio customers only). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Google Cloud | AI Platform Data Labeling | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
@ -1309,14 +1310,12 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| Google Cloud | Virtual Private Cloud | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| Google Cloud | Web Security Scanner | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Google Cloud | Workflows | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Google | Chrome | | | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 |
| Gradle | Gradle | | | Unknown | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
@ -1396,7 +1396,11 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| HOLOGIC | Unifi Workspace | | | Unknown | [link](https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity) | While the Hologic software itself does not utilize Java/Log4J, the installed APC PowerChute UPS with Business Edition v9.5 software installed may. APC is still assessing its PowerChute software to determine if it is vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| HOLOGIC | Windows Selenia Mammography System | | | Unknown | [link](https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| MathWorks | All MathWorks general release desktop or server products | | | Not Affected | [link](https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 |
| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 |
| Siemens Energy | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Siemens Energy | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| Siemens Energy | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
@ -2356,8 +2358,6 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| Siemens Healthineers | syngo.via WebViewer VA13B / VA20A / VA20B | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| Siemens Healthineers | X.Ceed Somaris 10 VA40* | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| Siemens Healthineers | X.Cite Somaris 10 VA30*/VA40* | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 |
| Sierra Wireless | AirVantage and Octave cloud platforms | | | Unknown | [link](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs) | These systems do not operate with the specific non-standard configuration required for CVE-2021-25046 and hence were not vulnerable to it. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 |
| Spring | Spring Boot | | | Unknown | [link](https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot) | Spring Boot users are only affected by this vulnerability if they have switched the default logging system to Log4J2 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
product:Cisco Unified Contact Center Enterprise - Live Data server
product:Cisco Unified Contact Center Enterprise
cves:
cve-2021-4104:
investigated:false
@ -3985,7 +3957,7 @@ software:
- ''
last_updated:'2022-01-12T07:18:51+00:00'
- vendor:Cisco
product:Cisco Unified Contact Center Enterprise
product:Cisco Unified Contact Center Enterprise - Live Data server
cves:
cve-2021-4104:
investigated:false
@ -4419,6 +4391,34 @@ software:
references:
- ''
last_updated:'2022-01-12T07:18:51+00:00'
- vendor:Cisco
product:DUO network gateway (on-prem/self-hosted)
cves:
cve-2021-4104:
investigated:false
affected_versions:[]
fixed_versions:[]
unaffected_versions:[]
cve-2021-44228:
investigated:false
affected_versions:[]
fixed_versions:[]
unaffected_versions:[]
cve-2021-45046:
investigated:false
affected_versions:[]
fixed_versions:[]
unaffected_versions:[]
cve-2021-45105:
investigated:false
affected_versions:[]
fixed_versions:[]
unaffected_versions:[]
vendor_links:[]
notes:''
references:
- ''
last_updated:'2022-01-12T07:18:51+00:00'
- vendor:Cisco
product:duo network gateway (on-prem/self-hosted)
cves:
@ -4811,7 +4811,7 @@ software:
- ''
last_updated:'2021-12-21T00:00:00'
- vendor:Citrix
product:ShareFile Storage Zones Controller
product:Citrix Virtual Apps and Desktops (XenApp & XenDesktop)
cves:
cve-2021-4104:
investigated:false
@ -4835,16 +4835,19 @@ software:
unaffected_versions:[]
vendor_links:
- https://support.citrix.com/article/CTX335705
notes:Citrix continues to investigate any potential impact on Citrix-managed
cloud services. If, as the investigation continues, any Citrix-managed services
are found to be affected by this issue, Citrix will take immediate action to
remediate the problem. Customers using Citrix-managed cloud services do not
need to take any action.
notes: 'IMPACTED:Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046:
Customers are advised to apply the latest update as soon as possible to reduce
the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html).
See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for
additional mitigations. For CVE-2021-45105:Investigation has shown that Linux
VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30,
released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED:
Linux VDA LTSR all versions; All other CVAD components.'
references:
- ''
last_updated:'2021-12-21T00:00:00'
- vendor:Citrix
product:Citrix Virtual Apps and Desktops (XenApp & XenDesktop)
product:Citrix Workspace App
cves:
cve-2021-4104:
investigated:false
@ -4852,10 +4855,11 @@ software:
fixed_versions:[]
unaffected_versions:[]
cve-2021-44228:
investigated:false
investigated:true
affected_versions:[]
fixed_versions:[]
unaffected_versions:[]
unaffected_versions:
- All Platforms
cve-2021-45046:
investigated:false
affected_versions:[]
@ -4868,19 +4872,16 @@ software:
unaffected_versions:[]
vendor_links:
- https://support.citrix.com/article/CTX335705
notes: 'IMPACTED:Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046:
Customers are advised to apply the latest update as soon as possible to reduce
the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html).
See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for
additional mitigations. For CVE-2021-45105:Investigation has shown that Linux
VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30,
released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED:
Linux VDA LTSR all versions; All other CVAD components.'
notes:Citrix continues to investigate any potential impact on Citrix-managed
cloud services. If, as the investigation continues, any Citrix-managed services
are found to be affected by this issue, Citrix will take immediate action to
remediate the problem. Customers using Citrix-managed cloud services do not
notes:Moxa is investigating to determine if any of our products are affected by this vulnerability. At the time of publication, none of Moxa's products are affected.
notes:Moxa is investigating to determine if any of our products are affected
by this vulnerability. At the time of publication, none of Moxa's products are