1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-23 00:50:48 +00:00

Merge pull request #405 from maurycupitt/patch-1

Update for Sonatype products
This commit is contained in:
justmurphy 2021-12-29 11:46:05 -05:00 committed by GitHub
commit 34803526b5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -2423,7 +2423,7 @@ download | | 12/20/2021 |
| SolarWinds | Orion Platform | | Not Affected | | [Apache Log4j Critical Vulnerability (CVE-2021-44228)](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228) | | | 12/23/2021 |
| SolarWinds | Server & Application Monitor (SAM) | SAM 2020.2.6 and later | Affected | Yes | [Apache Log4j Critical Vulnerability (CVE-2021-44228)](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228), [Server & Application Monitor (SAM) and the Apache Log4j Vulnerability (CVE-2021-44228)](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US) | For more information, please see the following KB article for the latest details specific to the SAM hotfix: [link](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US) | | 12/23/2021 |
| SonarSource | | | | | [SonarSource](https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721) | | | |
| Sonatype | | | | | [Sonatype Vulnerability Statement](https://blog.sonatype.com/a-new-0-day-log4j-vulnerability-discovered-in-the-wild) | | | |
| Sonatype | All Products | All Versions | Not Affected | N/A | [Sonatype Vulnerability Statement](https://help.sonatype.com/docs/important-announcements/sonatype-product-log4j-vulnerability-status) | Sonatype uses logback as the default logging solution as opposed to log4j. This means our software including Nexus Lifecycle, Nexus Firewall, Nexus Repository OSS and Nexus Repository Pro in versions 2.x and 3.x are NOT affected by the reported log4j vulnerabilities. We still advise keeping your software upgraded at the latest version. | | 12/29/2021 |
| SonicWall | Capture Client & Capture Client Portal | | Not Affected | | [Sonic Wall Security Advisory](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | Log4j2 not used in the Capture Client. | | 12/12/2021 |
| SonicWall | Access Points| | Not Affected | | [Security Advisory (sonicwall.com)](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | Log4j2 not used in the SonicWall Access Points | | 12/12/2021 |
| SonicWall | Analytics | | Under Investigation | | [Security Advisory (sonicwall.com)](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | Under Review | | 12/12/2021 |