1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-23 00:50:48 +00:00

Update sample table, change affected not affected

This commit is contained in:
justmurphy 2021-12-13 11:37:08 -05:00 committed by GitHub
parent 36b5e6f200
commit 52fe5ebf13
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -1,9 +1,20 @@
# CISA Log4j (CVE-2021-44228) Vulnerability Guidance
CISA will maintain a list of all known vulnerable and not vulnerable software for any related software regarding the Log4j vulnerability.
This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and administrators to review the [official Apache release](https://logging.apache.org/log4j/2.x/security.html) and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.
</br>
</br>
**Official CISA Guidance & Resources:**
</br>
CISA Director Jen Easterly's Statement: [Statement from CISA Director Easterly on “Log4j” Vulnerability](https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability).
</br> CISA Current Activity Alert: [Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce)
</br>
National Vulnerability Database (NVD) Information: [CVE-2021-4428](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
</br>
</br>
CISA will maintain a list of all known affected and not affected software regarding the Log4j vulnerability.
# Software List
| Vendor | Product | Version | Status | Notes | Links | Date Last Updated |
|:--------------|:----------------|:---------------:|:---------------:|:----------------|:------|-------------------:|
| Sample-Vendor | Product-A | 1.15.0, 1.14.0, 1.13.0 | Vulnerable | <Statement by vendor, vuln note, etc.>|[source](https://fakelink.com) | 12/11/2021|
| Vendor | Product | Version | Status | Patch Available | Mitigation Available | Vulnerability Notes | Related Links | Date Last Updated |
|:--------------|:----------------|:---------------:|:---------------:|:----------------|----------------------|:--------------------|---------------|-------------------:|
| Sample-Vendor | Product-A | 1.15.0, 1.14.0, 1.13.0 | Affected | Yes/No [Link]()| Yes/No [Link]() | <Statement by vendor, vuln note, etc.>|[Link Here]() | 12/11/2021|