diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 5514bf7..a9552e2 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -29,107 +29,246 @@ NOTE: This file is automatically generated. To submit updates, please refer to | 3M Health Information Systems | CGS | | | Unknown | [link](https://support.3mhis.com/app/account/updates/ri/5210) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | 7-Zip | | | | Unknown | [link](https://sourceforge.net/p/sevenzip/discussion/45797/thread/b977bbd4d1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | 7Signal | Sapphire | | | Fixed | [link](https://www.7signal.com/info/se-release-notes) | Fix released 2021-12-14 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| ABB | | | | Unknown | [link](https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ABB | ABB Remote Service | ABB Remote Platform (RAP) | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ABB | AlarmInsight Cloud | AlarmInsight KPI Dashboards 1.0.0 | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ABB | B&R Products | See Vendor Advisory | | Affected | [link](https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Abbott | | | | Unknown | [link](https://www.abbott.com/policies/cybersecurity/apache-Log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Abnormal Security | Abnormal Security | | | Unknown | [link](https://abnormalsecurity.com/blog/attackers-use-email-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Accellence | | | | Unknown | [link](https://www.accellence.de/en/articles/national-vulnerability-database-62) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Accellion | Kiteworks | | v7.6 release | Fixed | [link](https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/) | "As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true” to disable the possible attack vector on both CentOS 6 and CentOS 7." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Acquia | | | | Unknown | [link](https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Acronis | | | | Unknown | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ActiveState | | | | Unknown | [link](https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Adaptec | | | | Unknown | [link](https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Addigy | | | | Unknown | [link](https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Adeptia | | | | Unknown | [link](https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Adobe ColdFusion | | | | Unknown | [link](https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ADP | | | | Unknown | [link](https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ABB | AlarmInsight Cloud | | | Not Affected | [link](https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ABB | B&R Products | | | Not Affected | [link](https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ABB | Remote Service | | | Fixed | [link](https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Abbott | All | | | Unknown | [link](https://www.abbott.com/policies/cybersecurity/apache-Log4j.html) | Details are shared with customers with an active RAP subscription. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Abbott | GLP Track System | Track Sample Manager (TSM), Track Workflow Manager (TWM) | | Affected | [link](https://www.abbott.com/policies/cybersecurity/apache-Log4j.html) | Abbott will provide a fix for this in a future update expected in January 2022. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Abnormal Security | All | | | Not Affected | [link](https://abnormalsecurity.com/blog/attackers-use-email-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accellence Technologies | EBÜS | | All | Fixed | [link](https://www.accellence.de/en/articles/cve-2021-44228-62) | EBÜS itself is not vulnerable to CVE-2021-44228. Although it includes several 3rd-party software setups, which may be affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accellence Technologies | Vimacc | | | Not Affected | [link](https://www.accellence.de/en/articles/cve-2021-44228-62) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accellion | Kiteworks | | v7.6 release | Fixed | [link](https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/) | As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true" to disable the possible attack vector on both CentOS 6 and CentOS 7. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Accruent | Analytics | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Asset Enterprise | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | BigCenter | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | EMS | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Evoco | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Expesite | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Famis 360 | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Lucernex | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Maintenance Connection | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Meridian | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Single Sign On (SSO, Central Auth) | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | SiteFM3 | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | SiteFM4 | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Siterra | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | TMS | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | VxField | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | VxMaintain | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | VxObserve | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | VxSustain | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acquia | All | | | Unknown | [link](https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Backup | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Cyber Backup | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Cyber Files | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Cyber Infrastructure | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Cyber Protect | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Cyber Protection Home Office | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | DeviceLock DLP | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Files Connect | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | MassTransit | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Snap Deploy | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ActiveState | All | | | Unknown | [link](https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | 360 | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | Agents | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | Application | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | IAST - ASP.NET | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | IAST - NodeJS | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | IAST - PHP | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | IAST-Java | | All | Fixed | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | AcuSensor IAST module needs attention. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adaptec | All | | | Unknown | [link](https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Addigy | All | | | Unknown | [link](https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adeptia | Connect | | 3.3, 3.4, 3.5 | Fixed | [link](https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adeptia | Suite | | 6.9.9, 6.9.10, 6.9.11 | Fixed | [link](https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Automated Forms Conversion Service | | | Affected | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | ColdFusion | | | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager 6.3 Forms on JEE | | All versions from 6.3 GA to 6.3.3 | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager 6.4 Forms Designer | | | Affected | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager 6.4 Forms on JEE | | All versions from 6.4 GA to 6.4.8 | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager 6.5 Forms Designer | | | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager 6.5 Forms on JEE | | All versions from 6.5 GA to 6.5.11 | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager Forms on OSGi | | | Not Affected | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager Forms Workbench | | | Not Affected | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ADP | All | | | Unknown | [link](https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Advanced Micro Devices (AMD) | All | | | Not Affected | [link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | -| Advanced Systems Concepts (formally Jscape) | Active MFT | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Advanced Systems Concepts (formally Jscape) | MFT | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Advanced Systems Concepts (formally Jscape) | MFT Gateway | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Advanced Systems Concepts (formally Jscape) | MFT Server | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| AFAS Software | | | | Unknown | [link](https://help.afas.nl/vraagantwoord/NL/SE/120439.htm) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Advanced Systems Concepts (formally Jscape) | Active MFT | | | Not Affected | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Advanced Systems Concepts (formally Jscape) | MFT | | | Not Affected | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Advanced Systems Concepts (formally Jscape) | MFT Gateway | | | Not Affected | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Advanced Systems Concepts (formally Jscape) | MFT Server | | | Not Affected | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | AFHCAN Global LLC | AFHCANcart | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANmobile | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANServer | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANsuite | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANupdate | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANweb | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Agilysys | | | | Unknown | [link](https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Akamai | SIEM Splunk Connector | All | | Affected | [link](https://splunkbase.splunk.com/app/4310/) | v1.4.11 is the new recommendation for mitigation of log4j vulnerabilities | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Alcatel | | | | Unknown | [link](https://dokuwiki.alu4u.com/doku.php?id=log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Alertus | | | | Unknown | [link](https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Alexion | | | | Unknown | [link](https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Alfresco | | | | Unknown | [link](https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AlienVault | | | | Unknown | [link](https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Alphatron Medical | | | | Unknown | [link](https://www.alphatronmedical.com/home.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | Athena | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | AWS | | | Not Affected | | Notes: Amazon Linux 1 had aws apitools which were Java based but these were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Amazon | AWS API Gateway | | All | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Amazon | AWS CloudHSM | < 3.4.1. | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | AWS Connect | | All | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Vendors recommend evaluating components of the environment outside of the Amazon Connect service boundary, which may require separate/additional customer mitigation | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | -| Amazon | AWS DynamoDB | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Amazon | AWS EKS, ECS, Fargate | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | To help mitigate the impact of the open-source Apache “Log4j2" utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers’ containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Amazon | AWS ElastiCache | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Amazon | AWS ELB | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Amazon | AWS Inspector | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Amazon | AWS Kinesis Data Stream | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | We are actively patching all sub-systems that use Log4j2 by applying updates. The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade to KCL version 1.14.5 (or higher) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Amazon | AWS Lambda | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | AWS Lambda | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | AWS RDS | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified in CVE-2021-44228 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Amazon | AWS S3 | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Amazon | AWS SNS | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon SNS systems that serve customer traffic are patched against the Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate separately from SNS’s systems that serve customer traffic | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Amazon | AWS SQS | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Amazon | CloudFront | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | CloudWatch | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | EC2 | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Amazon | ELB | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | KMS | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | OpenSearch | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | RDS | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | Route 53 | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | S3 | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | Translate | | | Unknown | [link](https://aws.amazon.com/translate/) | Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | VPC | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AMD | All | | | Unknown | [link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | Currently, no AMD products have been identified as affected. AMD is continuing its analysis. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Anaconda | Anaconda | | | Not Affected | [link](https://docs.conda.io/projects/conda/en/latest/index.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Agilysys | All | | | Unknown | [link](https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ahsay | Mobile | | | Not Affected | [link](https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ahsay | Other products | | | Not Affected | [link](https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ahsay | PRD | | | Not Affected | [link](https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AIL | All | | | Not Affected | [link](https://twitter.com/ail_project/status/1470373644279119875) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Akamai | Enterprise Application Access (EAA) Connector | | | Not Affected | [link](https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Akamai | SIEM Integration Connector | | <1.7.4 | Fixed | [link](https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes) | Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Akamai | SIEM Splunk Connector | | < 1.4.10 | Fixed | [link](https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes) | Akamai SIEM Integration Connector for Splunk is not vulnerable to CVE-2021-44228. Although it includes the vulnerable Log4J component, it is not used by the connector. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Alcatel | All | | | Unknown | [link](https://dokuwiki.alu4u.com/doku.php?id=log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alertus | Console | | 5.15.0 | Fixed | [link](https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alexion | Alexion CRM | | | Not Affected | [link](https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alfresco | Alfresco | | | Not Affected | [link](https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AlienVault | All | | | Unknown | [link](https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alphatron Medical | AmiSconnect | | | Not Affected | [link](https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alphatron Medical | Custo Diagnostics | 5.4, 5.6 | | Affected | [link](https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alphatron Medical | JiveX | | | Not Affected | [link](https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alphatron Medical | Zorgbericht | | | Not Affected | [link](https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AMS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Work in progress, portion of customers may still be vulnerable. Actively monitoring this issue, and are working on addressing it for any AMS services which use Log4j2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | API Gateway | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | Athena | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | Athena JDBC Driver | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | All versions vended to customers were not affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS | | | Not Affected | | Amazon Linux 1 had aws apitools which were Java based but these were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | AWS AppFlow | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS AppSync | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS Certificate Manager | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS Certificate Manager Private CA | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS CloudHSM | | < 3.4.1 | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | CloudHSM JCE SDK 3.4.1 or higher is not vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS CodeBuild | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS CodePipeline | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS Connect | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Vendors recommend evaluating components of the environment outside of the Amazon Connect service boundary, which may require separate/additional customer mitigation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Amazon | AWS Directory Service | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Amazon | AWS DynamoDB | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS ECS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers’ containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS EKS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers’ containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS Elastic Beanstalk | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Default configuration of applications usage of Log4j versions is not vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS ElastiCache | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS ELB | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS Fargate | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available as platform versions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS Glue | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Has been updated. Vulnerable only if ETL jobs load affected versions of Apache Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS Greengrass | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Updates for all Greengrass V2 components Stream Manager (2.0.14) and Secure Tunneling (1.0.6) are available. For Greengrass versions 1.10.x and 1.11.x, an update for the Stream Manager feature is included in Greengrass patch versions 1.10.5 and 1.11.5. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS Inspector | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS IoT SiteWise Edge | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Updates for all AWS IoT SiteWise Edge components that use Log4j were made available; OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher (v2.0.2). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS Kinesis Data Streams | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | We are actively patching all sub-systems that use Log4j2 by applying updates. The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade to KCL version 1.14.5 (or higher). KCL 2.x, KCL 1.14.5 or higher, and KPL are not vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Amazon | AWS KMS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS Lambda | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Vulnerable when using aws-lambda-java-log4j2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS Polly | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS QuickSight | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS RDS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified in CVE-2021-44228. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS S3 | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Amazon | AWS SDK | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Amazon | AWS Secrets Manager | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Amazon | AWS Service Catalog | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS SNS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon SNS systems that serve customer traffic are patched against the Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate separately from SNS’s systems that serve customer traffic. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Amazon | AWS SQS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | AWS Systems Manager | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | AWS Systems Manager Agent | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | AWS Textract | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | Chime | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon Chime and Chime SDK services have been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Cloud Directory | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | CloudFront | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | CloudWatch | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Cognito | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Corretto | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | 10/19 release distribution does not include Log4j. Vulnerable only if customers applications use affected versions of Apache Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | DocumentDB | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | EC2 | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux 2022 is affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | ECR Public | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon-owned images published under a Verified Account on Amazon ECR Public are not affected by the Log4j issue. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | Elastic Load Balancing | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Services have been updated. All Elastic Load Balancers, as well as Classic, Application, Network and Gateway, are not affected by this Log4j issue. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | EMR | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Many customers are estimated to be vulnerable. Vulnerable only if affected EMR releases are used and untrusted sources are configured to be processed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | EventBridge | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Fraud Detector | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Inspector | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Inspector Classic | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Kafka (MSK) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Applying updates as required, portion of customers may still be vulnerable. Some MSK-specific service components use Log4j > 2.0.0 library and are being patched where needed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Kendra | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Keyspaces (for Apache Cassandra) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Kinesis | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Kinesis Data Analytics | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Lake Formation | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Update in progress, portion of customers may still be vulnerable. AWS Lake Formation service hosts are being updated to the latest version of Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Lex | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Linux (AL1) | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM layer issue is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Linux (AL2) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | By default not vulnerable, and a new version of Amazon Kinesis Agent which is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate the Log4j issue in JVM layer is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Lookout for Equipment | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Macie | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Macie Classic | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Managed Workflows for Apache Airflow (MWAA) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | MemoryDB for Redis | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Monitron | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | MQ | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Neptune | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | NICE | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Recommended to update EnginFrame or Log4j library. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | OpenSearch | | R20211203-P2 | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Update released, customers need to update their clusters to the fixed release. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Pinpoint | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | RDS Aurora | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | RDS for Oracle | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Redshift | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Rekognition | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Route 53 | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | SageMaker | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Completed patching for the Apache Log4j2 issue (CVE-2021-44228). Vulnerable only if customers applications use affected versions of Apache Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Simple Notification Service (SNS) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Systems that serve customer traffic are patched against the Log4j2 issue. Working to apply the patch to sub-systems that operate separately from SNSs systems that serve customer traffic. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Simple Queue Service (SQS) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Simple Workflow Service (SWF) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Single Sign-On | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Step Functions | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Timestream | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Translate | | | Not Affected | [link](https://aws.amazon.com/translate/) | Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | VPC | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | WorkSpaces/AppStream 2.0 | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Not affected with default configurations. WorkDocs Sync client versions 1.2.895.1 and older within Windows WorkSpaces, which contain the Log4j component, are vulnerable; For update instruction, see source for more info. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AMD | All | | | Not Affected | [link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | Currently, no AMD products have been identified as affected. AMD is continuing its analysis. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Anaconda | All | | | Not Affected | [link](https://docs.conda.io/projects/conda/en/latest/index.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| AOMEI | All | | | Not Affected | [link](https://www.aomeitech.com/forum/index.php?p=/discussion/7651/aomei-and-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Apache | ActiveMQ Artemis | | | Not Affected | [link](https://activemq.apache.org/news/cve-2021-44228) | ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). Although this version of Log4j is not impacted by CVE-2021-44228 future versions of Artemis will be updated so that the Log4j jar is no longer included in the web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) for more information on that task. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Apache | Airflow | | | Unknown | [link](https://github.com/apache/airflow/tree/main/airflow) | Airflow is written in Python | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apache | Camel | 3.14.1.3.11.5, 3.7.7 | | Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | Camel 2 | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Airflow | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Airflow is written in Python | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Archiva | | 2.2.6 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 2.2.6. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Camel | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Camel 2 | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | | Apache | Camel JBang | <=3.1.4 | | Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | Camel K | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | Camel Karaf | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | The Karaf team is aware of this and are working on a new Karaf 4.3.4 release with updated log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | Camel Quarkus | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | CamelKafka Connector | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | Druid | < druid 0.22.0 | | Affected | [link](https://github.com/apache/druid/releases/tag/druid-0.22.1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | -| Apache | Flink | | < 1.14.2, 1.13.5, 1.12.7, 1.11.6 | Fixed | [link](https://flink.apache.org/2021/12/10/log4j-cve.html) | To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. | [https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | -| Apache | Kafka | | | Not Affected | [link](https://kafka.apache.org/cve-list) | The current DB lists Apache Kafka as impacted. Apache Kafka uses Log4jv1, not v2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Apache | Kafka | Unknown | | Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | Only vulnerable in certain configuration(s) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apache | Log4j | < 2.15.0 | | Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apache | Solr | | 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 | Fixed | [link](https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228) | Update to 8.11.1 or apply fixes as described in Solr security advisory | [Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Apache | Struts 2 | Versions before 2.5.28.1 | | Affected | [link](https://struts.apache.org/announce-2021) | The Apache Struts group is pleased to announce that Struts 2.5.28.1 is available as a “General Availability” release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by using the latest Log4j 2.12.2 version (Java 1.7 compatible). | [Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Apache | Tomcat | 9.0.x | | Affected | [link](https://tomcat.apache.org/security-9.html) | Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications deployed on Apache Tomcat may have a dependency on log4j. You should seek support from the application vendor in this instance. It is possible to configure Apache Tomcat 9.0.x to use log4j 2.x for Tomcat's internal logging. This requires explicit configuration and the addition of the log4j 2.x library. Anyone who has switched Tomcat's internal logging to log4j 2.x is likely to need to address this vulnerability. In most cases, disabling the problematic feature will be the simplest solution. Exactly how to do that depends on the exact version of log4j 2.x being used. Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Apache | Camel K | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Camel Kafka Connector | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Camel Karaf | | | Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | The Karaf team is aware of this and are working on a new Karaf 4.3.4 release with updated log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Camel Quarkus | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Cassandra | | | Not Affected | [link](https://lists.apache.org/thread/2rngylxw8bjos6xbo1krp29m9wn2hhdr) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Druid | | 0.22.1 | Fixed | [link](https://github.com/apache/druid/releases/tag/druid-0.22.1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | +| Apache | Dubbo | | All | Fixed | [link](https://github.com/apache/dubbo/issues/9380) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | +| Apache | Flink | | 1.15.0, 1.14.2, 1.13.5, 1.12.7, 1.11.6 | Fixed | [link](https://flink.apache.org/2021/12/10/log4j-cve.html) | To clarify and avoid confusion, the 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. | [https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | +| Apache | Fortress | | < 2.0.7 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 2.0.7. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Geode | | 1.14.0 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 1.12.6, 1.13.5, 1.14.1. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Guacamole | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Hadoop | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | HBase | | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Hive | | 4.x | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | James | 3.6.0 | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Jena | | < 4.3.1 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | JMeter | All | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | JSPWiki | | 2.11.1 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Kafka | | | Not Affected | [link](https://kafka.apache.org/cve-list) | Uses Log4j 1.2.17. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Log4j 1.x | | | Not Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Log4j 2.x | 2.17.1 | | Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | Fixed in Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Maven | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | NiFi | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 1.15.1, 1.16.0. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | OFBiz | | < 18.12.03 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Ozone | | < 1.2.1 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 1.15.1, 1.16.0. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | SkyWalking | | < 8.9.1 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | SOLR | | 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 | Fixed | [link](https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228) | Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several configurations. | [Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Apache | Spark | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Uses log4j 1.x | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Struts | 2.5.28 | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Struts 2 | | Versions before 2.5.28.1 | Fixed | [link](https://struts.apache.org/announce-2021) | The Apache Struts group is pleased to announce that Struts 2.5.28.1 is available as a General Availability release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by using the latest Log4j 2.12.2 version (Java 1.7 compatible). | [Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Apache | Tapestry | 5.7.3 | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Tika | 2.0.0 and up | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Tomcat | | | Unknown | [link](https://tomcat.apache.org/security-9.html) | Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications deployed on Apache Tomcat may have a dependency on log4j. You should seek support from the application vendor in this instance. It is possible to configure Apache Tomcat 9.0.x to use log4j 2.x for Tomcats internal logging. This requires explicit configuration and the addition of the log4j 2.x library. Anyone who has switched Tomcats internal logging to log4j 2.x is likely to need to address this vulnerability. In most cases, disabling the problematic feature will be the simplest solution. Exactly how to do that depends on the exact version of log4j 2.x being used. Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Apache | TrafficControl | | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | ZooKeeper | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | APC by Schneider Electric | Powerchute Business Edition | | v9.5, v10.0.1, v10.0.2, v10.0.3, v10.0.4 | Fixed | [link](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | APC by Schneider Electric | Powerchute Network Shutdown | | 4.2, 4.3, 4.4, 4.4.1 | Fixed | [link](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Apereo | CAS | 6.3.x & 6.4.x | | Affected | [link](https://apereo.github.io/2021/12/11/log4j-vuln/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apereo | Opencast | < 9.10, < 10.6 | | Affected | [link](https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apigee | | | | Unknown | [link](https://status.apigee.com/incidents/3cgzb0q2r10p) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apollo | | | | Unknown | [link](https://community.apollographql.com/t/log4j-vulnerability/2214) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Appdynamics | | | | Unknown | [link](https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Appeon | PowerBuilder | Appeon PowerBuilder 2017-2021 regardless of product edition | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| AppGate | | | | Unknown | [link](https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apereo | CAS | | 6.3.x, 6.4.x | Fixed | [link](https://apereo.github.io/2021/12/11/log4j-vuln/) | Other versions still in active maintainance might need manual inspection. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apereo | Opencast | | < 9.10, < 10.6 | Fixed | [link](https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apigee | Edge and OPDK products | | | Not Affected | [link](https://status.apigee.com/incidents/3cgzb0q2r10p) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apollo | All | | | Unknown | [link](https://community.apollographql.com/t/log4j-vulnerability/2214) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Appdynamics | All | | | Unknown | [link](https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Appeon | PowerBuilder | Appeon PowerBuilder 2017-2021 regardless of product edition | | Affected | [link](https://community.appeon.com/index.php/qna/q-a/apache-log4j-security-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| AppGate | All | | | Unknown | [link](https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Appian | Appian Platform | | All | Fixed | [link](https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Application Performance Ltd | DBMarlin | Not Affected | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Application Performance Ltd | DBMarlin | | | Unknown | [link](https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| APPSHEET | | | | Unknown | [link](https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Aptible | Aptible | ElasticSearch 5.x | | Affected | [link](https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Aqua Security | | | | Unknown | [link](https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Arbiter Systems | All | | | Unknown | [link](https://www.arbiter.com/news/index.php?id=4403) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| APPSHEET | All | | | Unknown | [link](https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aptible | All | | Search 5.x | Fixed | [link](https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aqua Security | All | | | Unknown | [link](https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arbiter Systems | All | | | Not Affected | [link](https://www.arbiter.com/news/index.php?id=4403) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | ARC Informatique | All | | | Not Affected | [link](https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | -| Arca Noae | | | | Unknown | [link](https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arca Noae | All | | | Unknown | [link](https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Arcserve | Arcserve Backup | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | Arcserve Continuous Availability | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | Arcserve Email Archiving | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | @@ -138,64 +277,102 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Arcserve | ShadowXafe | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | Solo | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | StorageCraft OneXafe | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| ArcticWolf | | | | Unknown | [link](https://arcticwolf.com/resources/blog/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Arduino | | | | Unknown | [link](https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Ariba | | | | Unknown | [link](https://connectsupport.ariba.com/sites#announcements-display&/Event/908469) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Arista | | | | Unknown | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Aruba Networks | | | | Unknown | [link](https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjEwMTQ0;notificationCategory=Security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Ataccama | | | | Unknown | [link](https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atera | | | | Unknown | [link](https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Bamboo Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Bitbucket Server & Data Center | All | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product is not vulnerable to remote code execution but may leak information due to the bundled Elasticsearch component being vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Confluence Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Crowd Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Crucible | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Fisheye | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Jira Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Attivo networks | | | | Unknown | [link](https://www.attivonetworks.com/wp-content/uploads/2021/12/Log4j_Vulnerability-Advisory-211213-4.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ArcticWolf | All | | | Unknown | [link](https://arcticwolf.com/resources/blog/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arduino | IDE | | 1.8.17 | Fixed | [link](https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ariba | All | | | Unknown | [link](https://connectsupport.ariba.com/sites#announcements-display&/Event/908469) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arista | Analytics Node for Converged Cloud Fabric | >7.0.0 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | Formerly Big Cloud Fabric | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arista | Analytics Node for DANZ Monitoring Fabric | >7.0.0 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | Formerly Big Monitoring Fabric | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arista | CloudVision Portal | >2019.1.0 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arista | CloudVision Wi-Fi, virtual or physical appliance | >8.8 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arista | Embedded Analytics for Converged Cloud Fabric | >5.3.0 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | Formerly Big Cloud Fabric | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | AirWave Management Platform | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Analytics and Location Engine | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | ArubaOS SD-WAN Gateways | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | ArubaOS Wi-Fi Controllers and Gateways | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | ArubaOS-CX Switches | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | ArubaOS-S Switches | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Central | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Central On-Prem | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | ClearPass Policy Manager | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | EdgeConnect | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Fabric Composer (AFC) | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | HP ProCurve Switches | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Instant | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Instant Access Points | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Instant On | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | IntroSpect | | Versions 2.5.0.0 to 2.5.0.6 | Fixed | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Legacy GMS Products | | | Fixed | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Legacy NX | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Legacy VRX | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Legacy VX | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | NetEdit | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Plexxi Composable Fabric Manager (CFM) | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Silver Peak Orchestrator | | | Fixed | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | User Experience Insight (UXI) | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | VIA Clients | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ataccama | All | | | Unknown | [link](https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atera | All | | | Unknown | [link](https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Bamboo Server & Data Center | On Prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | Only vulnerable when using non-default config, cloud version fixed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Bitbucket Server & Data Center | | On prem | Fixed | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product is not vulnerable to remote code execution but may leak information due to the bundled Elasticsearch component being vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence Server & Data Center | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | Only vulnerable when using non-default config, cloud version fixed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS CSAT Pro | v1.7.1 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS WorkBench | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-CAT Lite | v4.13.0 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-CAT Pro Assessor v3 Full and Dissolvable | v3.0.77 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-CAT Pro Assessor v4 | v4.13.0 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-CAT Pro Assessor v4 Service | v1.13.0 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-CAT Pro Dashboard | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-Hosted CSAT | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Crowd Server & Data Center | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Crucible | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Fisheye | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Jira Server & Data Center | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Attivo Networks | All | | | Unknown | [link](https://www.attivonetworks.com/wp-content/uploads/2021/12/Log4j_Vulnerability-Advisory-211213-4.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Atvise | All | | | Not Affected | [link](https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen) | The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise solutions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | -| AudioCodes | | | | Unknown | [link](https://services.audiocodes.com/app/answers/kbdetail/a_id/2225) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Autodesk | | | | Unknown | [link](https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html) | Autodesk is continuing to perform a thorough investigation in relation to the recently discovered Apache Log4j security vulnerabilities. We continue to implement several mitigating factors for our products including patching, network firewall blocks, and updated detection signatures to reduce the threat of this vulnerability and enhance our ability to quickly respond to potential malicious activity. We have not identified any compromised systems in the Autodesk environment due to this vulnerability, at this time. This is an ongoing investigation and we will provide updates on the [Autodesk Trust Center as we learn more](https://www.autodesk.com/trust/overview). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Automox | | | | Unknown | [link](https://blog.automox.com/log4j-critical-vulnerability-scores-a-10) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Autopsy | | | | Unknown | [link](https://www.autopsy.com/autopsy-and-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Auvik | | | | Unknown | [link](https://status.auvik.com/incidents/58bfngkz69mj) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Avantra SYSLINK | | | | Unknown | [link](https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AudioCodes | All | | | Unknown | [link](https://services.audiocodes.com/app/answers/kbdetail/a_id/2225) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Autodesk | All | | | Unknown | [link](https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html) | Autodesk is continuing to perform a thorough investigation in relation to the recently discovered Apache Log4j security vulnerabilities. We continue to implement several mitigating factors for our products including patching, network firewall blocks, and updated detection signatures to reduce the threat of this vulnerability and enhance our ability to quickly respond to potential malicious activity. We have not identified any compromised systems in the Autodesk environment due to this vulnerability, at this time. This is an ongoing investigation and we will provide updates on the [Autodesk Trust Center as we learn more](https://www.autodesk.com/trust/overview). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Automation Anywhere | Automation 360 Cloud | | | Fixed | [link](https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Automation Anywhere | Automation 360 On Premise | | | Fixed | [link](https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Automation Anywhere | Automation Anywhere | | 11.x, <11.3x | Fixed | [link](https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Automox | All | | | Unknown | [link](https://blog.automox.com/log4j-critical-vulnerability-scores-a-10) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Autopsy | All | | | Unknown | [link](https://www.autopsy.com/autopsy-and-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Auvik | All | | | Unknown | [link](https://status.auvik.com/incidents/58bfngkz69mj) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Avantra SYSLINK | All | | | Unknown | [link](https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Avaya | Avaya Analytics | 3.5, 3.6, 3.6.1, 3.7, 4 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura for OneCloud Private | | | Unknown | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | Avaya is scanning and monitoring its OneCloud Private environments as part of its management activities. Avaya will continue to monitor this fluid situation and remediations will be made as patches become available, in accordance with appropriate change processes. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Application Enablement Services | 8.1.3.2, 8.1.3.3, 10.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020551u](https://download.avaya.com/css/public/documents/101079386) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Contact Center | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Device Services | 8, 8.1, 8.1.4, 8.1.5 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Device Services | 8.0.1, 8.0.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Media Server | 8.0.0, 8.0.1, 8.0.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020549u](https://download.avaya.com/css/secure/documents/101079316) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Presence Services | 10.1, 7.1.2, 8, 8.0.1, 8.0.2, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Session Manager | 10.1, 7.1.3, 8, 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020550u](https://download.avaya.com/css/public/documents/101079384) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® System Manager | 10.1, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN005565u](https://download.avaya.com/css/secure/documents/101079390) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Web Gateway | 3.11[P], 3.8.1[P], 3.8[P], 3.9.1 [P], 3.9[P] | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Breeze™ | 3.7, 3.8, 3.8.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Application Enablement Services | 8.1.3.2, 8.1.3.3, 10.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020551u](https://download.avaya.com/css/public/documents/101079386) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Contact Center | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Device Services | 8, 8.0.1, 8.0.2, 8.1, 8.1.3, 8.1.4, 8.1.5 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura for OneCloud Private | | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | Avaya is scanning and monitoring its OneCloud Private environments as part of its management activities. Avaya will continue to monitor this fluid situation and remediations will be made as patches become available, in accordance with appropriate change processes. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Media Server | 8.0.0, 8.0.1, 8.0.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020549u](https://download.avaya.com/css/secure/documents/101079316) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Presence Services | 10.1, 7.1.2, 8, 8.0.1, 8.0.2, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Session Manager | 10.1, 7.1.3, 8, 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020550u](https://download.avaya.com/css/public/documents/101079384) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura System Manager | 10.1, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN005565u](https://download.avaya.com/css/secure/documents/101079390) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Web Gateway | 3.11[P], 3.8.1[P], 3.8[P], 3.9.1[P], 3.9[P] | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Breeze | 3.7, 3.8, 3.8.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Contact Center Select | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya CRM Connector - Connected Desktop | 2.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Device Enablement Service | 3.1.22 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Meetings | 9.1.10, 9.1.11, 9.1.12 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya one cloud private -UCaaS - Mid Market Aura | 1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya OneCloud-Private | 2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya OneCloud-Private-UCaaS - Mid Market Aura | 1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Session Border Controller for Enterprise | 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020554u](https://download.avaya.com/css/public/documents/101079394) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Social Media Hub | | | Unknown | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Social Media Hub | | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Workforce Engagement | 5.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Business Rules Engine | 3.4, 3.5, 3.6, 3.7 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Callback Assist | 5, 5.0.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Control Manager | 9.0.2, 9.0.2.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Device Enrollment Service | 3.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Equinox™ Conferencing | 9.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Equinox Conferencing | 9.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Interaction Center | 7.3.9 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | IP Office™ Platform | 11.0.4, 11.1, 11.1.1, 11.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | IP Office Platform | 11.0.4, 11.1, 11.1.1, 11.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Proactive Outreach Manager | 3.1.2, 3.1.3, 4, 4.0.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| AVEPOINT | | | | Unknown | [link](https://www.avepoint.com/company/java-zero-day-vulnerability-notification) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AVM | | | | Unknown | [link](https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AvTech RoomAlert | | | | Unknown | [link](https://avtech.com/articles/23124/java-exploit-room-alert-link/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AWS New | | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AXON | | | | Unknown | [link](https://my.axon.com/s/trust/response-to-log4j2-vuln?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AXS Guard | | | | Unknown | [link](https://www.axsguard.com/en_US/blog/security-news-4/log4j-vulnerability-77) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Axways Applications | | | | Unknown | [link](https://support.axway.com/news/1331/lang/en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AVEPOINT | All | | | Unknown | [link](https://www.avepoint.com/company/java-zero-day-vulnerability-notification) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AVM | All | | | Not Affected | [link](https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C) | devices, firmware, software incl. MyFritz Service. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AvTech RoomAlert | All | | | Unknown | [link](https://avtech.com/articles/23124/java-exploit-room-alert-link/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AXIS | OS | | | Not Affected | [link](https://help.axis.com/axis-os) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AXON | All | | | Unknown | [link](https://my.axon.com/s/trust/response-to-log4j2-vuln?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AXS Guard | All | | | Unknown | [link](https://www.axsguard.com/en_US/blog/security-news-4/log4j-vulnerability-77) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Axways Applications | All | | | Unknown | [link](https://support.axway.com/news/1331/lang/en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | B&R Industrial Automation | APROL | | | Unknown | [link](https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | BackBox | | | | Unknown | [link](https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Balbix | | | | Unknown | [link](https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -568,18 +745,18 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Cisco | duo network gateway (on-prem/self-hosted) | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cisco | Exony Virtualized Interaction Manager (VIM) | | | Unknown | [link](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cisco | Managed Services Accelerator (MSX) Network Access Control Service | | | Unknown | [link](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Citrix | Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Application Delivery Management (NetScaler MAS) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Cloud Connector | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Connector Appliance for Cloud Services | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Content Collaboration (ShareFile Integration) – Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Endpoint Management (Citrix XenMobile Server) | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised to apply the latest CEM rolling patch updates listed below as soon as possible to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). Note: Customers who have upgraded their XenMobile Server to the updated versions are recommended not to apply the responder policy mentioned in the blog listed below to the Citrix ADC vserver in front of the XenMobile Server as it may impact the enrollment of Android devices. For CVE-2021-45105: Investigation in progress. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Hypervisor (XenServer) | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix License Server | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix SD-WAN | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Virtual Apps and Desktops (XenApp & XenDesktop) | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: Customers are advised to apply the latest update as soon as possible to reduce the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for additional mitigations. For CVE-2021-45105: Investigation has shown that Linux VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: Linux VDA LTSR all versions; All other CVAD components. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Workspace App | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | ShareFile Storage Zones Controller | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Application Delivery Management (NetScaler MAS) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Cloud Connector | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Connector Appliance for Cloud Services | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Content Collaboration (ShareFile Integration)–Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Endpoint Management (Citrix XenMobile Server) | | 10.14 RP2, 10.13 RP5, 10.12 RP10 | Fixed | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Hypervisor (XenServer) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix License Server | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix SD-WAN | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Virtual Apps and Desktops (XenApp & XenDesktop) | | Linux Virtual Delivery Agent 2112 | Fixed | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Workspace App | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | ShareFile Storage Zones Controller | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Claris | | | | Unknown | [link](https://support.claris.com/s/article/CVE-2021-44228-Apache-Log4j-Vulnerability-and-Claris-products?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cloudera | AM2CM Tool | | | Unknown | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cloudera | Ambari | Only versions 2.x, 1.x | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 54e5782..6f63573 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -186,7 +186,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: ABB - product: '' + product: AlarmInsight Cloud cves: cve-2021-4104: investigated: false @@ -194,10 +194,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -209,13 +210,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ABB - product: ABB Remote Service + product: B&R Products cves: cve-2021-4104: investigated: false @@ -224,10 +225,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - ABB Remote Platform (RAP) + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -238,13 +239,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ABB - product: AlarmInsight Cloud + product: Remote Service cves: cve-2021-4104: investigated: false @@ -252,10 +254,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - AlarmInsight KPI Dashboards 1.0.0 - fixed_versions: [] + investigated: true + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -267,13 +269,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ABB - product: B&R Products + - vendor: Abbott + product: All cves: cve-2021-4104: investigated: false @@ -282,8 +285,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - See Vendor Advisory + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -297,13 +299,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf - notes: '' + - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html + notes: Details are shared with customers with an active RAP subscription. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: Abbott - product: '' + product: GLP Track System cves: cve-2021-4104: investigated: false @@ -311,8 +313,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Track Sample Manager (TSM) + - Track Workflow Manager (TWM) fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -327,12 +331,13 @@ software: unaffected_versions: [] vendor_links: - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html - notes: '' + notes: Abbott will provide a fix for this in a future update expected in January + 2022. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Abnormal Security - product: Abnormal Security + product: All cves: cve-2021-4104: investigated: false @@ -340,10 +345,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -360,8 +366,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Accellence - product: '' + - vendor: Accellence Technologies + product: EBÜS cves: cve-2021-4104: investigated: false @@ -369,10 +375,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accellence.de/en/articles/cve-2021-44228-62 + notes: EBÜS itself is not vulnerable to CVE-2021-44228. Although it includes several + 3rd-party software setups, which may be affected. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accellence Technologies + product: Vimacc + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -384,7 +422,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.accellence.de/en/articles/national-vulnerability-database-62 + - https://www.accellence.de/en/articles/cve-2021-44228-62 notes: '' references: - '' @@ -415,17 +453,17 @@ software: unaffected_versions: [] vendor_links: - https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/ - notes: '"As a precaution, Kiteworks released a 7.6.1 Hotfix software update to - address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 + notes: As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address + the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems - as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true” - to disable the possible attack vector on both CentOS 6 and CentOS 7."' + as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true" + to disable the possible attack vector on both CentOS 6 and CentOS 7. references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: Acquia - product: '' + - vendor: Accruent + product: Analytics cves: cve-2021-4104: investigated: false @@ -433,9 +471,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -448,13 +487,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228 + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Acronis - product: '' + - vendor: Accruent + product: Asset Enterprise cves: cve-2021-4104: investigated: false @@ -462,10 +501,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -477,13 +517,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security-advisory.acronis.com/advisories/SEC-3859 + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ActiveState - product: '' + - vendor: Accruent + product: BigCenter cves: cve-2021-4104: investigated: false @@ -491,9 +531,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -506,13 +547,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/ + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Adaptec - product: '' + - vendor: Accruent + product: EMS cves: cve-2021-4104: investigated: false @@ -520,10 +561,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -535,13 +577,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Addigy - product: '' + - vendor: Accruent + product: Evoco cves: cve-2021-4104: investigated: false @@ -549,9 +591,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -564,13 +607,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/ + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Adeptia - product: '' + - vendor: Accruent + product: Expesite cves: cve-2021-4104: investigated: false @@ -578,9 +621,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -593,13 +637,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Adobe ColdFusion - product: '' + - vendor: Accruent + product: Famis 360 cves: cve-2021-4104: investigated: false @@ -607,9 +651,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -622,13 +667,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ADP - product: '' + - vendor: Accruent + product: Lucernex cves: cve-2021-4104: investigated: false @@ -636,9 +681,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -651,16 +697,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Advanced Micro Devices (AMD) - product: All + - vendor: Accruent + product: Maintenance Connection cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -669,25 +715,25 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 + - https://www.accruent.com/apache_log4j notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: Active MFT + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Meridian cves: cve-2021-4104: investigated: false @@ -695,9 +741,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -710,14 +757,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Single Sign On (SSO, Central Auth) cves: cve-2021-4104: investigated: false @@ -725,10 +771,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -740,14 +787,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: SiteFM3 cves: cve-2021-4104: investigated: false @@ -755,9 +801,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -770,14 +817,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: SiteFM4 cves: cve-2021-4104: investigated: false @@ -785,9 +831,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -800,14 +847,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: AFAS Software - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Siterra cves: cve-2021-4104: investigated: false @@ -815,9 +861,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -830,13 +877,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.afas.nl/vraagantwoord/NL/SE/120439.htm + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANcart + - vendor: Accruent + product: TMS cves: cve-2021-4104: investigated: false @@ -848,7 +895,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -860,13 +907,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANmobile + - vendor: Accruent + product: VxField cves: cve-2021-4104: investigated: false @@ -878,7 +925,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -890,13 +937,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANServer + - vendor: Accruent + product: VxMaintain cves: cve-2021-4104: investigated: false @@ -906,9 +953,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -920,13 +967,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANsuite + - vendor: Accruent + product: VxObserve cves: cve-2021-4104: investigated: false @@ -936,9 +983,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -950,13 +997,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANupdate + - vendor: Accruent + product: VxSustain cves: cve-2021-4104: investigated: false @@ -966,9 +1013,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -980,13 +1027,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANweb + - vendor: Acquia + product: All cves: cve-2021-4104: investigated: false @@ -994,11 +1041,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1010,13 +1056,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Agilysys - product: '' + - vendor: Acronis + product: Backup cves: cve-2021-4104: investigated: false @@ -1024,10 +1070,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '11.7' cve-2021-45046: investigated: false affected_versions: [] @@ -1039,13 +1086,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Akamai - product: SIEM Splunk Connector + - vendor: Acronis + product: Cyber Backup cves: cve-2021-4104: investigated: false @@ -1054,10 +1101,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '12.5' cve-2021-45046: investigated: false affected_versions: [] @@ -1069,13 +1116,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://splunkbase.splunk.com/app/4310/ - notes: v1.4.11 is the new recommendation for mitigation of log4j vulnerabilities + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Alcatel - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Cyber Files cves: cve-2021-4104: investigated: false @@ -1083,10 +1130,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.6.2 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -1098,13 +1146,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dokuwiki.alu4u.com/doku.php?id=log4j + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alertus - product: '' + - vendor: Acronis + product: Cyber Infrastructure cves: cve-2021-4104: investigated: false @@ -1112,10 +1160,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '3.5' + - 4.x cve-2021-45046: investigated: false affected_versions: [] @@ -1127,13 +1177,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alexion - product: '' + - vendor: Acronis + product: Cyber Protect cves: cve-2021-4104: investigated: false @@ -1141,10 +1191,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '15' cve-2021-45046: investigated: false affected_versions: [] @@ -1156,13 +1207,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alfresco - product: '' + - vendor: Acronis + product: Cyber Protection Home Office cves: cve-2021-4104: investigated: false @@ -1170,10 +1221,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2017 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -1185,13 +1237,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717 + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AlienVault - product: '' + - vendor: Acronis + product: DeviceLock DLP cves: cve-2021-4104: investigated: false @@ -1199,10 +1251,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '9.0' cve-2021-45046: investigated: false affected_versions: [] @@ -1214,13 +1267,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228 + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alphatron Medical - product: '' + - vendor: Acronis + product: Files Connect cves: cve-2021-4104: investigated: false @@ -1228,10 +1281,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 10.7 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -1243,13 +1297,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.alphatronmedical.com/home.html + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: Athena + - vendor: Acronis + product: MassTransit cves: cve-2021-4104: investigated: false @@ -1257,10 +1311,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '8.1' + - '8.2' cve-2021-45046: investigated: false affected_versions: [] @@ -1272,13 +1328,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS + - vendor: Acronis + product: Snap Deploy cves: cve-2021-4104: investigated: false @@ -1290,8 +1346,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Linux 1 - - '2' + - '5' + - '6' cve-2021-45046: investigated: false affected_versions: [] @@ -1302,16 +1358,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: 'Notes: Amazon Linux 1 had aws apitools which were Java based but these - were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). - AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 - and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2' + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Amazon - product: AWS API Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ActiveState + product: All cves: cve-2021-4104: investigated: false @@ -1319,10 +1373,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1335,13 +1388,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Amazon - product: AWS CloudHSM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: '360' cves: cve-2021-4104: investigated: false @@ -1350,10 +1403,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 3.4.1. + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1365,13 +1418,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS Connect + - vendor: Acunetix + product: Agents cves: cve-2021-4104: investigated: false @@ -1381,9 +1434,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - All - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1395,15 +1448,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Vendors recommend evaluating components of the environment outside of the - Amazon Connect service boundary, which may require separate/additional customer - mitigation + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Amazon - product: AWS DynamoDB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: Application cves: cve-2021-4104: investigated: false @@ -1413,9 +1464,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1427,13 +1478,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS EKS, ECS, Fargate + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - ASP.NET cves: cve-2021-4104: investigated: false @@ -1442,10 +1493,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1457,19 +1508,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: To help mitigate the impact of the open-source Apache “Log4j2" utility - (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, - Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). - This hot-patch will require customer opt-in to use, and disables JNDI lookups - from the Log4J2 library in customers’ containers. These updates are available - as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes - users on AWS, and will be in supported AWS Fargate platform versions + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Amazon - product: AWS ElastiCache + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - NodeJS cves: cve-2021-4104: investigated: false @@ -1479,9 +1524,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1493,13 +1538,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS ELB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - PHP cves: cve-2021-4104: investigated: false @@ -1509,9 +1554,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1523,13 +1568,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Amazon - product: AWS Inspector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST-Java cves: cve-2021-4104: investigated: false @@ -1540,7 +1585,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -1553,13 +1598,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: AcuSensor IAST module needs attention. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS Kinesis Data Stream + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adaptec + product: All cves: cve-2021-4104: investigated: false @@ -1567,9 +1612,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Unknown + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1583,17 +1627,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: We are actively patching all sub-systems that use Log4j2 by applying updates. - The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library - (KPL) are not impacted. For customers using KCL 1.x, we have released an updated - version and we strongly recommend that all KCL version 1.x customers upgrade - to KCL version 1.14.5 (or higher) + - https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Amazon - product: AWS Lambda + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Addigy + product: All cves: cve-2021-4104: investigated: false @@ -1601,9 +1641,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Unknown + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1617,13 +1656,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS Lambda + - vendor: Adeptia + product: Connect cves: cve-2021-4104: investigated: false @@ -1632,9 +1671,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '3.3' + - '3.4' + - '3.5' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1647,13 +1688,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS RDS + - vendor: Adeptia + product: Suite cves: cve-2021-4104: investigated: false @@ -1664,7 +1705,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - 6.9.9 + - 6.9.10 + - 6.9.11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1677,14 +1720,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified - in CVE-2021-44228 + - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS S3 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Automated Forms Conversion Service cves: cve-2021-4104: investigated: false @@ -1693,9 +1735,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - Unknown + affected_versions: + - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1708,13 +1750,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Amazon - product: AWS SNS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: ColdFusion cves: cve-2021-4104: investigated: false @@ -1725,7 +1767,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1738,15 +1780,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon SNS systems that serve customer traffic are patched against the - Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate - separately from SNS’s systems that serve customer traffic + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Amazon - product: AWS SQS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.3 Forms on JEE cves: cve-2021-4104: investigated: false @@ -1757,7 +1797,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - All versions from 6.3 GA to 6.3.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1770,13 +1810,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Amazon - product: CloudFront + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.4 Forms Designer cves: cve-2021-4104: investigated: false @@ -1784,8 +1824,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1799,13 +1840,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: CloudWatch + - vendor: Adobe + product: Experience Manager 6.4 Forms on JEE cves: cve-2021-4104: investigated: false @@ -1813,9 +1854,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All versions from 6.4 GA to 6.4.8 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1828,13 +1870,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: EC2 + - vendor: Adobe + product: Experience Manager 6.5 Forms Designer cves: cve-2021-4104: investigated: false @@ -1844,9 +1886,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Amazon Linux 1 & 2 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1858,13 +1900,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Amazon - product: ELB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.5 Forms on JEE cves: cve-2021-4104: investigated: false @@ -1872,9 +1914,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All versions from 6.5 GA to 6.5.11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1887,13 +1930,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: KMS + - vendor: Adobe + product: Experience Manager Forms on OSGi cves: cve-2021-4104: investigated: false @@ -1901,10 +1944,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1916,13 +1960,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: OpenSearch + - vendor: Adobe + product: Experience Manager Forms Workbench cves: cve-2021-4104: investigated: false @@ -1931,10 +1975,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1946,13 +1990,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: RDS + - vendor: ADP + product: All cves: cve-2021-4104: investigated: false @@ -1975,42 +2019,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: Route 53 + - vendor: Advanced Micro Devices (AMD) + product: All cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: S3 + last_updated: '2022-02-02T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: Active MFT cves: cve-2021-4104: investigated: false @@ -2018,10 +2063,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2033,13 +2079,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: Translate + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT cves: cve-2021-4104: investigated: false @@ -2047,10 +2094,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2062,13 +2110,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/translate/ - notes: Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: VPC + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT Gateway cves: cve-2021-4104: investigated: false @@ -2076,10 +2125,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2091,13 +2141,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AMD - product: All + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT Server cves: cve-2021-4104: investigated: false @@ -2105,10 +2156,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2120,14 +2172,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 - notes: Currently, no AMD products have been identified as affected. AMD is continuing - its analysis. + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Anaconda - product: Anaconda + last_updated: '2021-12-14T00:00:00' + - vendor: AFHCAN Global LLC + product: AFHCANcart cves: cve-2021-4104: investigated: false @@ -2139,7 +2191,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 4.10.3 + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2151,13 +2203,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.conda.io/projects/conda/en/latest/index.html + - https://afhcan.org/support.aspx notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Apache - product: ActiveMQ Artemis + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANmobile cves: cve-2021-4104: investigated: false @@ -2169,7 +2221,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2181,18 +2233,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://activemq.apache.org/news/cve-2021-44228 - notes: ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 - is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). - Although this version of Log4j is not impacted by CVE-2021-44228 future versions - of Artemis will be updated so that the Log4j jar is no longer included in the - web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) - for more information on that task. + - https://afhcan.org/support.aspx + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Apache - product: Airflow + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANServer cves: cve-2021-4104: investigated: false @@ -2200,10 +2247,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2215,13 +2263,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/apache/airflow/tree/main/airflow - notes: Airflow is written in Python + - https://afhcan.org/support.aspx + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apache - product: Camel + - vendor: AFHCAN Global LLC + product: AFHCANsuite cves: cve-2021-4104: investigated: false @@ -2230,11 +2278,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.14.1.3.11.5 - - 3.7.7 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2246,17 +2293,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ - notes: Apache Camel does not directly depend on Log4j 2, so we are not affected - by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own - applications, make sure to upgrade.Apache Camel does use log4j during testing - itself, and therefore you can find that we have been using log4j v2.13.3 release - in our latest LTS releases Camel 3.7.6, 3.11.4. + - https://afhcan.org/support.aspx + notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel 2 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANupdate cves: cve-2021-4104: investigated: false @@ -2264,10 +2307,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2279,13 +2323,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://afhcan.org/support.aspx notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel JBang + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANweb cves: cve-2021-4104: investigated: false @@ -2294,10 +2338,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <=3.1.4 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2309,13 +2353,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://afhcan.org/support.aspx notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel K + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Agilysys + product: All cves: cve-2021-4104: investigated: false @@ -2338,13 +2382,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel Karaf + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: Mobile cves: cve-2021-4104: investigated: false @@ -2352,10 +2396,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.6+ cve-2021-45046: investigated: false affected_versions: [] @@ -2367,14 +2412,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ - notes: The Karaf team is aware of this and are working on a new Karaf 4.3.4 release - with updated log4j. + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j + notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel Quarkus + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: Other products cves: cve-2021-4104: investigated: false @@ -2382,10 +2426,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - version 8.5.4.86 (and above) cve-2021-45046: investigated: false affected_versions: [] @@ -2397,13 +2442,5169 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: PRD + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '2.0' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AIL + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/ail_project/status/1470373644279119875 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Akamai + product: Enterprise Application Access (EAA) Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Akamai + product: SIEM Integration Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - <1.7.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, CVE-2021-45046 + and CVE-2021-45105. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Akamai + product: SIEM Splunk Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 1.4.10 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: Akamai SIEM Integration Connector for Splunk is not vulnerable to CVE-2021-44228. + Although it includes the vulnerable Log4J component, it is not used by the connector. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Alcatel + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://dokuwiki.alu4u.com/doku.php?id=log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alertus + product: Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.15.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alexion + product: Alexion CRM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alfresco + product: Alfresco + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AlienVault + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: AmiSconnect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: Custo Diagnostics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '5.4' + - '5.6' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: JiveX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: Zorgbericht + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Work in progress, portion of customers may still be vulnerable. Actively + monitoring this issue, and are working on addressing it for any AMS services + which use Log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: API Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: Athena + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: Athena JDBC Driver + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: All versions vended to customers were not affected. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Linux 1 + - '2' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: Amazon Linux 1 had aws apitools which were Java based but these were deprecated + in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). + AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 + and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS AppFlow + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS AppSync + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS Certificate Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS Certificate Manager Private CA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS CloudHSM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 3.4.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: CloudHSM JCE SDK 3.4.1 or higher is not vulnerable. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS CodeBuild + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS CodePipeline + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Vendors recommend evaluating components of the environment outside of the + Amazon Connect service boundary, which may require separate/additional customer + mitigation. + references: + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: Amazon + product: AWS Directory Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: Amazon + product: AWS DynamoDB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ECS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 + and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon + ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch + will require customer opt-in to use, and disables JNDI lookups from the Log4J2 + library in customers’ containers. These updates are available as an Amazon Linux + package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, + and will be in supported AWS Fargate platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS EKS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 + and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon + ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch + will require customer opt-in to use, and disables JNDI lookups from the Log4J2 + library in customers’ containers. These updates are available as an Amazon Linux + package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, + and will be in supported AWS Fargate platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Elastic Beanstalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Default configuration of applications usage of Log4j versions is not vulnerable. + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ElastiCache + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ELB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Fargate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available + as platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Has been updated. Vulnerable only if ETL jobs load affected versions of + Apache Log4j. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Greengrass + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updates for all Greengrass V2 components Stream Manager (2.0.14) and Secure + Tunneling (1.0.6) are available. For Greengrass versions 1.10.x and 1.11.x, + an update for the Stream Manager feature is included in Greengrass patch versions + 1.10.5 and 1.11.5. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Inspector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS IoT SiteWise Edge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updates for all AWS IoT SiteWise Edge components that use Log4j were made + available; OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher + (v2.0.2). + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS Kinesis Data Streams + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: We are actively patching all sub-systems that use Log4j2 by applying updates. + The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library + (KPL) are not impacted. For customers using KCL 1.x, we have released an updated + version and we strongly recommend that all KCL version 1.x customers upgrade + to KCL version 1.14.5 (or higher). KCL 2.x, KCL 1.14.5 or higher, and KPL are + not vulnerable. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS KMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Lambda + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Vulnerable when using aws-lambda-java-log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Polly + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS QuickSight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS RDS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified + in CVE-2021-44228. + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS S3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS SDK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS Secrets Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS Service Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS SNS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon SNS systems that serve customer traffic are patched against the + Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate + separately from SNS’s systems that serve customer traffic. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS SQS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Systems Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Systems Manager Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Textract + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: Chime + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon Chime and Chime SDK services have been updated to mitigate the issues + identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Cloud Directory + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: CloudFront + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: CloudWatch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Cognito + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Corretto + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: 10/19 release distribution does not include Log4j. Vulnerable only if customers + applications use affected versions of Apache Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: DocumentDB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: EC2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux + 2022 is affected. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: ECR Public + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon-owned images published under a Verified Account on Amazon ECR Public + are not affected by the Log4j issue. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: Elastic Load Balancing + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Services have been updated. All Elastic Load Balancers, as well as Classic, + Application, Network and Gateway, are not affected by this Log4j issue. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: EMR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Many customers are estimated to be vulnerable. Vulnerable only if affected + EMR releases are used and untrusted sources are configured to be processed. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: EventBridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Fraud Detector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Inspector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Inspector Classic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kafka (MSK) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Applying updates as required, portion of customers may still be vulnerable. + Some MSK-specific service components use Log4j > 2.0.0 library and are being + patched where needed. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kendra + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Keyspaces (for Apache Cassandra) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kinesis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kinesis Data Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lake Formation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Update in progress, portion of customers may still be vulnerable. AWS Lake + Formation service hosts are being updated to the latest version of Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lex + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Linux (AL1) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM + layer issue is available. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Linux (AL2) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: By default not vulnerable, and a new version of Amazon Kinesis Agent which + is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate the Log4j + issue in JVM layer is available. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lookout for Equipment + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Macie + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Macie Classic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Managed Workflows for Apache Airflow (MWAA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: MemoryDB for Redis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Monitron + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: MQ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Neptune + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: NICE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Recommended to update EnginFrame or Log4j library. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: OpenSearch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - R20211203-P2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Update released, customers need to update their clusters to the fixed release. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Pinpoint + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: RDS Aurora + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: RDS for Oracle + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Redshift + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Rekognition + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Route 53 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: SageMaker + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Completed patching for the Apache Log4j2 issue (CVE-2021-44228). Vulnerable + only if customers applications use affected versions of Apache Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Simple Notification Service (SNS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Systems that serve customer traffic are patched against the Log4j2 issue. + Working to apply the patch to sub-systems that operate separately from SNSs + systems that serve customer traffic. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Simple Queue Service (SQS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Simple Workflow Service (SWF) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Single Sign-On + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Step Functions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Timestream + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Translate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/translate/ + notes: Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: VPC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: WorkSpaces/AppStream 2.0 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Not affected with default configurations. WorkDocs Sync client versions + 1.2.895.1 and older within Windows WorkSpaces, which contain the Log4j component, + are vulnerable; For update instruction, see source for more info. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AMD + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 + notes: Currently, no AMD products have been identified as affected. AMD is continuing + its analysis. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Anaconda + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 4.10.3 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.conda.io/projects/conda/en/latest/index.html + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: AOMEI + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.aomeitech.com/forum/index.php?p=/discussion/7651/aomei-and-log4j + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: ActiveMQ Artemis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://activemq.apache.org/news/cve-2021-44228 + notes: ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 + is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). + Although this version of Log4j is not impacted by CVE-2021-44228 future versions + of Artemis will be updated so that the Log4j jar is no longer included in the + web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) + for more information on that task. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: Airflow + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Airflow is written in Python + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Archiva + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.2.6 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 2.2.6. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Camel + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: Apache Camel does not directly depend on Log4j 2, so we are not affected + by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own + applications, make sure to upgrade.Apache Camel does use log4j during testing + itself, and therefore you can find that we have been using log4j v2.13.3 release + in our latest LTS releases Camel 3.7.6, 3.11.4. + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel 2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel JBang + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <=3.1.4 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel K + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel Kafka Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel Karaf + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: The Karaf team is aware of this and are working on a new Karaf 4.3.4 release + with updated log4j. + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel Quarkus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Cassandra + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://lists.apache.org/thread/2rngylxw8bjos6xbo1krp29m9wn2hhdr + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Druid + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 0.22.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/apache/druid/releases/tag/druid-0.22.1 + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Dubbo + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/apache/dubbo/issues/9380 + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Flink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.15.0 + - 1.14.2 + - 1.13.5 + - 1.12.7 + - 1.11.6 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://flink.apache.org/2021/12/10/log4j-cve.html + notes: To clarify and avoid confusion, the 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, + which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped + because CVE-2021-45046 was discovered during the release publication. The new + 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j + to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. + references: + - '[https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html)' + last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Fortress + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 2.0.7 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 2.0.7. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Geode + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.14.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.12.6, 1.13.5, 1.14.1. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Guacamole + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Hadoop + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: HBase + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Hive + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: James + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 3.6.0 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Jena + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 4.3.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: JMeter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: JSPWiki + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.11.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Kafka + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kafka.apache.org/cve-list + notes: Uses Log4j 1.2.17. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Log4j 1.x + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://logging.apache.org/log4j/2.x/security.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Log4j 2.x + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.17.1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://logging.apache.org/log4j/2.x/security.html + notes: Fixed in Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6). + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Maven + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: NiFi + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.15.1, 1.16.0. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: OFBiz + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 18.12.03 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Ozone + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 1.2.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.15.1, 1.16.0. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: SkyWalking + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 8.9.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: SOLR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 7.4.0 to 7.7.3 + - 8.0.0 to 8.11.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 + notes: Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several + configurations. + references: + - '[Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html)' + last_updated: '2021-12-16T00:00:00' + - vendor: Apache + product: Spark + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Uses log4j 1.x + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Struts + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.5.28 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Struts 2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Versions before 2.5.28.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://struts.apache.org/announce-2021 + notes: The Apache Struts group is pleased to announce that Struts 2.5.28.1 is + available as a General Availability release. The GA designation is our highest + quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by + using the latest Log4j 2.12.2 version (Java 1.7 compatible). + references: + - '[Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga)' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: Tapestry + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 5.7.3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Tika + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.0.0 and up + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Tomcat + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://tomcat.apache.org/security-9.html + notes: Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications + deployed on Apache Tomcat may have a dependency on log4j. You should seek support + from the application vendor in this instance. It is possible to configure Apache + Tomcat 9.0.x to use log4j 2.x for Tomcats internal logging. This requires explicit + configuration and the addition of the log4j 2.x library. Anyone who has switched + Tomcats internal logging to log4j 2.x is likely to need to address this vulnerability. + In most cases, disabling the problematic feature will be the simplest solution. + Exactly how to do that depends on the exact version of log4j 2.x being used. + Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: TrafficControl + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache - product: CamelKafka Connector + product: ZooKeeper + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: APC by Schneider Electric + product: Powerchute Business Edition + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v9.5 + - v10.0.1 + - v10.0.2 + - v10.0.3 + - v10.0.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 + notes: Mitigation instructions to remove the affected class. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: APC by Schneider Electric + product: Powerchute Network Shutdown + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4.2' + - '4.3' + - '4.4' + - 4.4.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 + notes: Mitigation instructions to remove the affected class. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Apereo + product: CAS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 6.3.x + - 6.4.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apereo.github.io/2021/12/11/log4j-vuln/ + notes: Other versions still in active maintainance might need manual inspection. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apereo + product: Opencast + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 9.10 + - < 10.6 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apigee + product: Edge and OPDK products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://status.apigee.com/incidents/3cgzb0q2r10p + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apollo + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.apollographql.com/t/log4j-vulnerability/2214 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Appdynamics + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Appeon + product: PowerBuilder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Appeon PowerBuilder 2017-2021 regardless of product edition + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.appeon.com/index.php/qna/q-a/apache-log4j-security-vulnerabilities + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: AppGate + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Appian + product: Appian Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046 + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Application Performance Ltd + product: DBMarlin + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: APPSHEET + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aptible + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Search 5.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aqua Security + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arbiter Systems + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arbiter.com/news/index.php?id=4403 + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: ARC Informatique + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1 + notes: '' + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Arca Noae + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arcserve + product: Arcserve Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Arcserve Continuous Availability + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Arcserve Email Archiving + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Arcserve UDP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 6.5-8.3 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: ShadowProtect cves: cve-2021-4104: investigated: false @@ -2411,10 +7612,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: ShadowXafe + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2426,13 +7658,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Druid + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Solo cves: cve-2021-4104: investigated: false @@ -2441,10 +7673,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < druid 0.22.0 + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: StorageCraft OneXafe + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2456,13 +7718,42 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/apache/druid/releases/tag/druid-0.22.1 + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: ArcticWolf + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://arcticwolf.com/resources/blog/log4j notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Apache - product: Flink + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arduino + product: IDE cves: cve-2021-4104: investigated: false @@ -2473,10 +7764,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 1.14.2 - - 1.13.5 - - 1.12.7 - - 1.11.6 + - 1.8.17 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2489,17 +7777,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://flink.apache.org/2021/12/10/log4j-cve.html - notes: 'To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 - releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were - skipped because CVE-2021-45046 was discovered during the release publication. - The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade - for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046.' + - https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228 + notes: '' references: - - '[https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html)' - last_updated: '2021-12-12T00:00:00' - - vendor: Apache - product: Kafka + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ariba + product: All cves: cve-2021-4104: investigated: false @@ -2507,11 +7791,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2523,14 +7806,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kafka.apache.org/cve-list - notes: The current DB lists Apache Kafka as impacted. Apache Kafka uses Log4jv1, - not v2. + - https://connectsupport.ariba.com/sites#announcements-display&/Event/908469 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Apache - product: Kafka + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: Analytics Node for Converged Cloud Fabric cves: cve-2021-4104: investigated: false @@ -2540,7 +7822,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Unknown + - '>7.0.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2554,13 +7836,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://logging.apache.org/log4j/2.x/security.html - notes: Only vulnerable in certain configuration(s) + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Cloud Fabric references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apache - product: Log4j + - vendor: Arista + product: Analytics Node for DANZ Monitoring Fabric cves: cve-2021-4104: investigated: false @@ -2570,7 +7852,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.15.0 + - '>7.0.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2584,13 +7866,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://logging.apache.org/log4j/2.x/security.html - notes: '' + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Monitoring Fabric references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apache - product: Solr + - vendor: Arista + product: CloudVision Portal cves: cve-2021-4104: investigated: false @@ -2599,10 +7881,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - 7.4.0 to 7.7.3 - - 8.0.0 to 8.11.0 + affected_versions: + - '>2019.1.0' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -2615,13 +7896,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 - notes: Update to 8.11.1 or apply fixes as described in Solr security advisory + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: '' references: - - '[Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html)' - last_updated: '2021-12-16T00:00:00' - - vendor: Apache - product: Struts 2 + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: CloudVision Wi-Fi, virtual or physical appliance cves: cve-2021-4104: investigated: false @@ -2629,9 +7910,39 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - '>8.8' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: Embedded Analytics for Converged Cloud Fabric + cves: + cve-2021-4104: investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true affected_versions: - - Versions before 2.5.28.1 + - '>5.3.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2645,16 +7956,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://struts.apache.org/announce-2021 - notes: The Apache Struts group is pleased to announce that Struts 2.5.28.1 is - available as a “General Availability” release. The GA designation is our highest - quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by - using the latest Log4j 2.12.2 version (Java 1.7 compatible). + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Cloud Fabric references: - - '[Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga)' - last_updated: '2021-12-21T00:00:00' - - vendor: Apache - product: Tomcat + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: AirWave Management Platform cves: cve-2021-4104: investigated: false @@ -2662,11 +7970,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false - affected_versions: - - 9.0.x + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Analytics and Location Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2678,21 +8016,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tomcat.apache.org/security-9.html - notes: Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications - deployed on Apache Tomcat may have a dependency on log4j. You should seek support - from the application vendor in this instance. It is possible to configure Apache - Tomcat 9.0.x to use log4j 2.x for Tomcat's internal logging. This requires explicit - configuration and the addition of the log4j 2.x library. Anyone who has switched - Tomcat's internal logging to log4j 2.x is likely to need to address this vulnerability. - In most cases, disabling the problematic feature will be the simplest solution. - Exactly how to do that depends on the exact version of log4j 2.x being used. - Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: APC by Schneider Electric - product: Powerchute Business Edition + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS SD-WAN Gateways cves: cve-2021-4104: investigated: false @@ -2702,13 +8032,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - v9.5 - - v10.0.1 - - v10.0.2 - - v10.0.3 - - v10.0.4 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2720,13 +8046,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 - notes: Mitigation instructions to remove the affected class. + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: APC by Schneider Electric - product: Powerchute Network Shutdown + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS Wi-Fi Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -2736,12 +8062,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '4.2' - - '4.3' - - '4.4' - - 4.4.1 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2753,13 +8076,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 - notes: Mitigation instructions to remove the affected class. + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Apereo - product: CAS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS-CX Switches cves: cve-2021-4104: investigated: false @@ -2768,10 +8091,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.3.x & 6.4.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2783,13 +8106,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://apereo.github.io/2021/12/11/log4j-vuln/ + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apereo - product: Opencast + - vendor: Aruba Networks + product: ArubaOS-S Switches cves: cve-2021-4104: investigated: false @@ -2798,11 +8121,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 9.10 - - < 10.6 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2814,13 +8136,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apigee - product: '' + - vendor: Aruba Networks + product: Central cves: cve-2021-4104: investigated: false @@ -2828,10 +8150,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2843,13 +8166,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.apigee.com/incidents/3cgzb0q2r10p + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apollo - product: '' + - vendor: Aruba Networks + product: Central On-Prem cves: cve-2021-4104: investigated: false @@ -2857,10 +8180,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2872,13 +8196,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.apollographql.com/t/log4j-vulnerability/2214 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Appdynamics - product: '' + - vendor: Aruba Networks + product: ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -2886,10 +8210,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2901,13 +8226,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Appeon - product: PowerBuilder + - vendor: Aruba Networks + product: EdgeConnect cves: cve-2021-4104: investigated: false @@ -2916,10 +8241,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Appeon PowerBuilder 2017-2021 regardless of product edition + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2930,13 +8255,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: AppGate - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Fabric Composer (AFC) cves: cve-2021-4104: investigated: false @@ -2944,10 +8270,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2959,13 +8286,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Appian - product: Appian Platform + - vendor: Aruba Networks + product: HP ProCurve Switches cves: cve-2021-4104: investigated: false @@ -2975,9 +8302,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2989,13 +8316,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Application Performance Ltd - product: DBMarlin + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant cves: cve-2021-4104: investigated: false @@ -3003,11 +8330,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - Not Affected + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3018,13 +8345,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Application Performance Ltd - product: DBMarlin + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant Access Points cves: cve-2021-4104: investigated: false @@ -3032,10 +8360,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3047,13 +8376,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: APPSHEET - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant On cves: cve-2021-4104: investigated: false @@ -3061,10 +8390,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3076,13 +8406,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Aptible - product: Aptible + - vendor: Aruba Networks + product: IntroSpect cves: cve-2021-4104: investigated: false @@ -3091,9 +8421,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - ElasticSearch 5.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Versions 2.5.0.0 to 2.5.0.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -3106,13 +8436,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Aqua Security - product: '' + - vendor: Aruba Networks + product: Legacy GMS Products cves: cve-2021-4104: investigated: false @@ -3120,9 +8450,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3135,13 +8466,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arbiter Systems - product: All + - vendor: Aruba Networks + product: Legacy NX cves: cve-2021-4104: investigated: false @@ -3149,10 +8480,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3164,13 +8496,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arbiter.com/news/index.php?id=4403 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: ARC Informatique - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy VRX cves: cve-2021-4104: investigated: false @@ -3181,7 +8513,8 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3193,13 +8526,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Arca Noae - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy VX cves: cve-2021-4104: investigated: false @@ -3207,10 +8540,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3222,13 +8556,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/ + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arcserve - product: Arcserve Backup + - vendor: Aruba Networks + product: NetEdit cves: cve-2021-4104: investigated: false @@ -3240,7 +8574,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3252,13 +8586,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Arcserve Continuous Availability + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Plexxi Composable Fabric Manager (CFM) cves: cve-2021-4104: investigated: false @@ -3270,7 +8604,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3282,13 +8616,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Arcserve Email Archiving + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Silver Peak Orchestrator cves: cve-2021-4104: investigated: false @@ -3298,9 +8632,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3312,13 +8646,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Arcserve UDP + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: User Experience Insight (UXI) cves: cve-2021-4104: investigated: false @@ -3330,7 +8664,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 6.5-8.3 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3342,13 +8676,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: ShadowProtect + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: VIA Clients cves: cve-2021-4104: investigated: false @@ -3360,7 +8694,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3372,13 +8706,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: ShadowXafe + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ataccama + product: All cves: cve-2021-4104: investigated: false @@ -3386,11 +8720,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3402,13 +8735,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Solo + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atera + product: All cves: cve-2021-4104: investigated: false @@ -3416,11 +8749,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3432,13 +8764,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/ notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: StorageCraft OneXafe + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Bamboo Server & Data Center cves: cve-2021-4104: investigated: false @@ -3447,10 +8779,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On Prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3462,13 +8794,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: Only vulnerable when using non-default config, cloud version fixed. references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: ArcticWolf - product: '' + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Bitbucket Server & Data Center cves: cve-2021-4104: investigated: false @@ -3476,9 +8808,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - On prem unaffected_versions: [] cve-2021-45046: investigated: false @@ -3491,13 +8824,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://arcticwolf.com/resources/blog/log4j - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: This product is not vulnerable to remote code execution but may leak information + due to the bundled Elasticsearch component being vulnerable. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arduino - product: '' + - vendor: Atlassian + product: Confluence Server & Data Center cves: cve-2021-4104: investigated: false @@ -3505,8 +8839,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - On prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3520,13 +8855,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228 - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: Only vulnerable when using non-default config, cloud version fixed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ariba - product: '' + - vendor: Atlassian + product: Confluence-CIS CSAT Pro cves: cve-2021-4104: investigated: false @@ -3534,8 +8869,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v1.7.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3549,13 +8885,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://connectsupport.ariba.com/sites#announcements-display&/Event/908469 + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arista - product: '' + - vendor: Atlassian + product: Confluence-CIS WorkBench cves: cve-2021-4104: investigated: false @@ -3563,10 +8899,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3578,13 +8915,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Aruba Networks - product: '' + - vendor: Atlassian + product: Confluence-CIS-CAT Lite cves: cve-2021-4104: investigated: false @@ -3592,8 +8929,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v4.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3607,13 +8945,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjEwMTQ0;notificationCategory=Security + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ataccama - product: '' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v3 Full and Dissolvable cves: cve-2021-4104: investigated: false @@ -3621,8 +8959,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v3.0.77 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3636,13 +8975,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Atera - product: '' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v4 cves: cve-2021-4104: investigated: false @@ -3650,8 +8989,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v4.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3665,13 +9005,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/ + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian - product: Bamboo Server & Data Center + product: Confluence-CIS-CAT Pro Assessor v4 Service cves: cve-2021-4104: investigated: false @@ -3680,10 +9020,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - v1.13.0 fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3696,13 +9036,12 @@ software: unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian - product: Bitbucket Server & Data Center + product: Confluence-CIS-CAT Pro Dashboard cves: cve-2021-4104: investigated: false @@ -3711,10 +9050,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3727,13 +9066,12 @@ software: unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product is not vulnerable to remote code execution but may leak information - due to the bundled Elasticsearch component being vulnerable. + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian - product: Confluence Server & Data Center + product: Confluence-CIS-Hosted CSAT cves: cve-2021-4104: investigated: false @@ -3745,7 +9083,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3758,8 +9096,7 @@ software: unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -3773,10 +9110,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3804,10 +9141,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3835,10 +9172,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3866,10 +9203,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3887,8 +9224,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Attivo networks - product: '' + - vendor: Attivo Networks + product: All cves: cve-2021-4104: investigated: false @@ -3949,7 +9286,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: AudioCodes - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3978,7 +9315,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Autodesk - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4013,8 +9350,102 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: Automation Anywhere + product: Automation 360 Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Automation Anywhere + product: Automation 360 On Premise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Automation Anywhere + product: Automation Anywhere + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 11.x + - <11.3x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Automox - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4043,7 +9474,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Autopsy - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4072,7 +9503,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Auvik - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4101,7 +9532,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Avantra SYSLINK - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4164,39 +9595,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura for OneCloud Private - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: Avaya is scanning and monitoring its OneCloud Private environments as part - of its management activities. Avaya will continue to monitor this fluid situation - and remediations will be made as patches become available, in accordance with - appropriate change processes. - references: - - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Aura® Application Enablement Services + product: Avaya Aura Application Enablement Services cves: cve-2021-4104: investigated: false @@ -4228,7 +9627,7 @@ software: - '[PSN020551u](https://download.avaya.com/css/public/documents/101079386)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Contact Center + product: Avaya Aura Contact Center cves: cve-2021-4104: investigated: false @@ -4262,7 +9661,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Device Services + product: Avaya Aura Device Services cves: cve-2021-4104: investigated: false @@ -4273,7 +9672,10 @@ software: investigated: true affected_versions: - '8' + - 8.0.1 + - 8.0.2 - '8.1' + - 8.1.3 - 8.1.4 - 8.1.5 fixed_versions: [] @@ -4295,7 +9697,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Device Services + product: Avaya Aura for OneCloud Private cves: cve-2021-4104: investigated: false @@ -4305,9 +9707,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 8.0.1 - - 8.0.2 - - 8.1.3 + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4322,12 +9722,15 @@ software: unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' + notes: Avaya is scanning and monitoring its OneCloud Private environments as part + of its management activities. Avaya will continue to monitor this fluid situation + and remediations will be made as patches become available, in accordance with + appropriate change processes. references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Media Server + product: Avaya Aura Media Server cves: cve-2021-4104: investigated: false @@ -4359,7 +9762,7 @@ software: - '[PSN020549u](https://download.avaya.com/css/secure/documents/101079316)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Presence Services + product: Avaya Aura Presence Services cves: cve-2021-4104: investigated: false @@ -4398,7 +9801,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Session Manager + product: Avaya Aura Session Manager cves: cve-2021-4104: investigated: false @@ -4435,7 +9838,7 @@ software: - '[PSN020550u](https://download.avaya.com/css/public/documents/101079384)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® System Manager + product: Avaya Aura System Manager cves: cve-2021-4104: investigated: false @@ -4466,7 +9869,7 @@ software: - '[PSN005565u](https://download.avaya.com/css/secure/documents/101079390)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Web Gateway + product: Avaya Aura Web Gateway cves: cve-2021-4104: investigated: false @@ -4479,7 +9882,7 @@ software: - 3.11[P] - 3.8.1[P] - 3.8[P] - - 3.9.1 [P] + - 3.9.1[P] - 3.9[P] fixed_versions: [] unaffected_versions: [] @@ -4500,7 +9903,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Breeze™ + product: Avaya Breeze cves: cve-2021-4104: investigated: false @@ -4658,7 +10061,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya one cloud private -UCaaS - Mid Market Aura + product: Avaya OneCloud-Private cves: cve-2021-4104: investigated: false @@ -4668,7 +10071,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '1' + - '2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4688,7 +10091,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya OneCloud-Private + product: Avaya OneCloud-Private-UCaaS - Mid Market Aura cves: cve-2021-4104: investigated: false @@ -4698,7 +10101,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2' + - '1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4760,8 +10163,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4936,7 +10340,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Equinox™ Conferencing + product: Equinox Conferencing cves: cve-2021-4104: investigated: false @@ -4996,7 +10400,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: IP Office™ Platform + product: IP Office Platform cves: cve-2021-4104: investigated: false @@ -5062,7 +10466,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: AVEPOINT - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5091,7 +10495,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AVM - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5099,10 +10503,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5115,12 +10520,12 @@ software: unaffected_versions: [] vendor_links: - https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C - notes: '' + notes: devices, firmware, software incl. MyFritz Service. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AvTech RoomAlert - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5148,8 +10553,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AWS New - product: '' + - vendor: AXIS + product: OS cves: cve-2021-4104: investigated: false @@ -5157,10 +10562,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5172,13 +10578,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://help.axis.com/axis-os notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AXON - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5207,7 +10613,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AXS Guard - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5236,7 +10642,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Axways Applications - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -16163,22 +21569,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -16197,22 +21601,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -16225,27 +21627,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -16258,32 +21659,31 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Content Collaboration (ShareFile Integration) – Citrix Files for + product: Citrix Content Collaboration (ShareFile Integration)–Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook cves: cve-2021-4104: @@ -16292,27 +21692,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -16325,31 +21724,32 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 10.14 RP2 + - 10.13 RP5 + - 10.12 RP10 unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 10.14 RP2 + - 10.13 RP5 + - 10.12 RP10 unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 10.14 RP3 + - 10.13 RP6 + - 10.12 RP11 unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised - to apply the latest CEM rolling patch updates listed below as soon as possible - to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); - [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); - and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). - Note: Customers who have upgraded their XenMobile Server to the updated versions - are recommended not to apply the responder policy mentioned in the blog listed - below to the Citrix ADC vserver in front of the XenMobile Server as it may impact - the enrollment of Android devices. For CVE-2021-45105: Investigation in progress.' + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -16362,27 +21762,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -16395,27 +21794,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -16434,22 +21832,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -16462,30 +21858,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Linux Virtual Delivery Agent 2112 unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Linux Virtual Delivery Agent 2112 unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: - Customers are advised to apply the latest update as soon as possible to reduce - the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). - See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for - additional mitigations. For CVE-2021-45105: Investigation has shown that Linux - VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, - released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: - Linux VDA LTSR all versions; All other CVAD components.' + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -16504,22 +21896,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -16532,27 +21922,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 56c19b8..f15fbf7 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: ABB - product: '' + product: AlarmInsight Cloud cves: cve-2021-4104: investigated: false @@ -13,10 +13,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28,13 +29,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ABB - product: ABB Remote Service + product: B&R Products cves: cve-2021-4104: investigated: false @@ -43,10 +44,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - ABB Remote Platform (RAP) + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -57,13 +58,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ABB - product: AlarmInsight Cloud + product: Remote Service cves: cve-2021-4104: investigated: false @@ -71,10 +73,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - AlarmInsight KPI Dashboards 1.0.0 - fixed_versions: [] + investigated: true + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -86,13 +88,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ABB - product: B&R Products + - vendor: Abbott + product: All cves: cve-2021-4104: investigated: false @@ -101,8 +104,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - See Vendor Advisory + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -116,13 +118,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf - notes: '' + - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html + notes: Details are shared with customers with an active RAP subscription. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: Abbott - product: '' + product: GLP Track System cves: cve-2021-4104: investigated: false @@ -130,8 +132,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Track Sample Manager (TSM) + - Track Workflow Manager (TWM) fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -146,12 +150,13 @@ software: unaffected_versions: [] vendor_links: - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html - notes: '' + notes: Abbott will provide a fix for this in a future update expected in January + 2022. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Abnormal Security - product: Abnormal Security + product: All cves: cve-2021-4104: investigated: false @@ -159,10 +164,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -179,8 +185,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Accellence - product: '' + - vendor: Accellence Technologies + product: EBÜS cves: cve-2021-4104: investigated: false @@ -188,10 +194,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accellence.de/en/articles/cve-2021-44228-62 + notes: EBÜS itself is not vulnerable to CVE-2021-44228. Although it includes several + 3rd-party software setups, which may be affected. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accellence Technologies + product: Vimacc + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -203,7 +241,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.accellence.de/en/articles/national-vulnerability-database-62 + - https://www.accellence.de/en/articles/cve-2021-44228-62 notes: '' references: - '' @@ -234,17 +272,17 @@ software: unaffected_versions: [] vendor_links: - https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/ - notes: '"As a precaution, Kiteworks released a 7.6.1 Hotfix software update to - address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 + notes: As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address + the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems - as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true” - to disable the possible attack vector on both CentOS 6 and CentOS 7."' + as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true" + to disable the possible attack vector on both CentOS 6 and CentOS 7. references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: Acquia - product: '' + - vendor: Accruent + product: Analytics cves: cve-2021-4104: investigated: false @@ -252,9 +290,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -267,13 +306,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228 + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Acronis - product: '' + - vendor: Accruent + product: Asset Enterprise cves: cve-2021-4104: investigated: false @@ -281,10 +320,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -296,13 +336,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security-advisory.acronis.com/advisories/SEC-3859 + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ActiveState - product: '' + - vendor: Accruent + product: BigCenter cves: cve-2021-4104: investigated: false @@ -310,9 +350,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -325,13 +366,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/ + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Adaptec - product: '' + - vendor: Accruent + product: EMS cves: cve-2021-4104: investigated: false @@ -339,10 +380,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -354,13 +396,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Addigy - product: '' + - vendor: Accruent + product: Evoco cves: cve-2021-4104: investigated: false @@ -368,9 +410,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -383,13 +426,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/ + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Adeptia - product: '' + - vendor: Accruent + product: Expesite cves: cve-2021-4104: investigated: false @@ -397,9 +440,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -412,13 +456,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Adobe ColdFusion - product: '' + - vendor: Accruent + product: Famis 360 cves: cve-2021-4104: investigated: false @@ -426,9 +470,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -441,13 +486,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ADP - product: '' + - vendor: Accruent + product: Lucernex cves: cve-2021-4104: investigated: false @@ -455,9 +500,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -470,16 +516,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Advanced Micro Devices (AMD) - product: All + - vendor: Accruent + product: Maintenance Connection cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -488,25 +534,25 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 + - https://www.accruent.com/apache_log4j notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: Active MFT + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Meridian cves: cve-2021-4104: investigated: false @@ -514,9 +560,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -529,14 +576,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Single Sign On (SSO, Central Auth) cves: cve-2021-4104: investigated: false @@ -544,10 +590,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -559,14 +606,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: SiteFM3 cves: cve-2021-4104: investigated: false @@ -574,9 +620,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -589,14 +636,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: SiteFM4 cves: cve-2021-4104: investigated: false @@ -604,9 +650,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -619,14 +666,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: AFAS Software - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Siterra cves: cve-2021-4104: investigated: false @@ -634,9 +680,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -649,13 +696,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.afas.nl/vraagantwoord/NL/SE/120439.htm + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANcart + - vendor: Accruent + product: TMS cves: cve-2021-4104: investigated: false @@ -667,7 +714,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -679,13 +726,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANmobile + - vendor: Accruent + product: VxField cves: cve-2021-4104: investigated: false @@ -697,7 +744,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -709,13 +756,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANServer + - vendor: Accruent + product: VxMaintain cves: cve-2021-4104: investigated: false @@ -725,9 +772,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -739,13 +786,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANsuite + - vendor: Accruent + product: VxObserve cves: cve-2021-4104: investigated: false @@ -755,9 +802,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -769,13 +816,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANupdate + - vendor: Accruent + product: VxSustain cves: cve-2021-4104: investigated: false @@ -785,9 +832,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -799,13 +846,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANweb + - vendor: Acquia + product: All cves: cve-2021-4104: investigated: false @@ -813,11 +860,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -829,13 +875,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Agilysys - product: '' + - vendor: Acronis + product: Backup cves: cve-2021-4104: investigated: false @@ -843,10 +889,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '11.7' cve-2021-45046: investigated: false affected_versions: [] @@ -858,13 +905,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Akamai - product: SIEM Splunk Connector + - vendor: Acronis + product: Cyber Backup cves: cve-2021-4104: investigated: false @@ -873,10 +920,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '12.5' cve-2021-45046: investigated: false affected_versions: [] @@ -888,13 +935,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://splunkbase.splunk.com/app/4310/ - notes: v1.4.11 is the new recommendation for mitigation of log4j vulnerabilities + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Alcatel - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Cyber Files cves: cve-2021-4104: investigated: false @@ -902,10 +949,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.6.2 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -917,13 +965,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dokuwiki.alu4u.com/doku.php?id=log4j + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alertus - product: '' + - vendor: Acronis + product: Cyber Infrastructure cves: cve-2021-4104: investigated: false @@ -931,10 +979,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '3.5' + - 4.x cve-2021-45046: investigated: false affected_versions: [] @@ -946,13 +996,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alexion - product: '' + - vendor: Acronis + product: Cyber Protect cves: cve-2021-4104: investigated: false @@ -960,10 +1010,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '15' cve-2021-45046: investigated: false affected_versions: [] @@ -975,13 +1026,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alfresco - product: '' + - vendor: Acronis + product: Cyber Protection Home Office cves: cve-2021-4104: investigated: false @@ -989,10 +1040,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2017 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -1004,13 +1056,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717 + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AlienVault - product: '' + - vendor: Acronis + product: DeviceLock DLP cves: cve-2021-4104: investigated: false @@ -1018,10 +1070,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '9.0' cve-2021-45046: investigated: false affected_versions: [] @@ -1033,13 +1086,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228 + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alphatron Medical - product: '' + - vendor: Acronis + product: Files Connect cves: cve-2021-4104: investigated: false @@ -1047,10 +1100,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 10.7 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -1062,13 +1116,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.alphatronmedical.com/home.html + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: Athena + - vendor: Acronis + product: MassTransit cves: cve-2021-4104: investigated: false @@ -1076,10 +1130,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '8.1' + - '8.2' cve-2021-45046: investigated: false affected_versions: [] @@ -1091,13 +1147,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS + - vendor: Acronis + product: Snap Deploy cves: cve-2021-4104: investigated: false @@ -1109,8 +1165,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Linux 1 - - '2' + - '5' + - '6' cve-2021-45046: investigated: false affected_versions: [] @@ -1122,16 +1178,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: 'Notes- Amazon Linux 1 had aws apitools which were Java based but these - were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). - AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 - and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2' + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Amazon - product: AWS API Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ActiveState + product: All cves: cve-2021-4104: investigated: false @@ -1139,10 +1192,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1155,13 +1207,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Amazon - product: AWS CloudHSM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: '360' cves: cve-2021-4104: investigated: false @@ -1170,10 +1222,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 3.4.1. + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1185,13 +1237,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS Connect + - vendor: Acunetix + product: Agents cves: cve-2021-4104: investigated: false @@ -1201,9 +1253,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - All - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1215,15 +1267,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Vendors recommend evaluating components of the environment outside of the - Amazon Connect service boundary, which may require separate/additional customer - mitigation + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Amazon - product: AWS DynamoDB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: Application cves: cve-2021-4104: investigated: false @@ -1233,9 +1283,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1247,13 +1297,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS EKS, ECS, Fargate + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - ASP.NET cves: cve-2021-4104: investigated: false @@ -1262,10 +1312,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1277,19 +1327,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: To help mitigate the impact of the open-source Apache “Log4j2" utility - (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, - Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). - This hot-patch will require customer opt-in to use, and disables JNDI lookups - from the Log4J2 library in customers’ containers. These updates are available - as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes - users on AWS, and will be in supported AWS Fargate platform versions + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Amazon - product: AWS ElastiCache + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - NodeJS cves: cve-2021-4104: investigated: false @@ -1299,9 +1343,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1313,13 +1357,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS ELB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - PHP cves: cve-2021-4104: investigated: false @@ -1329,9 +1373,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1343,13 +1387,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Amazon - product: AWS Inspector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST-Java cves: cve-2021-4104: investigated: false @@ -1360,7 +1404,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -1373,13 +1417,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: AcuSensor IAST module needs attention. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS Kinesis Data Stream + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adaptec + product: All cves: cve-2021-4104: investigated: false @@ -1387,9 +1431,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Unknown + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1403,17 +1446,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: We are actively patching all sub-systems that use Log4j2 by applying updates. - The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library - (KPL) are not impacted. For customers using KCL 1.x, we have released an updated - version and we strongly recommend that all KCL version 1.x customers upgrade - to KCL version 1.14.5 (or higher) + - https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Amazon - product: AWS Lambda + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Addigy + product: All cves: cve-2021-4104: investigated: false @@ -1421,9 +1460,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Unknown + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1437,13 +1475,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS Lambda + - vendor: Adeptia + product: Connect cves: cve-2021-4104: investigated: false @@ -1452,9 +1490,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '3.3' + - '3.4' + - '3.5' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1467,13 +1507,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS RDS + - vendor: Adeptia + product: Suite cves: cve-2021-4104: investigated: false @@ -1484,7 +1524,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - 6.9.9 + - 6.9.10 + - 6.9.11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1497,14 +1539,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified - in CVE-2021-44228 + - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS S3 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Automated Forms Conversion Service cves: cve-2021-4104: investigated: false @@ -1513,9 +1554,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - Unknown + affected_versions: + - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1528,13 +1569,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Amazon - product: AWS SNS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: ColdFusion cves: cve-2021-4104: investigated: false @@ -1545,7 +1586,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1558,15 +1599,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon SNS systems that serve customer traffic are patched against the - Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate - separately from SNS’s systems that serve customer traffic + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Amazon - product: AWS SQS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.3 Forms on JEE cves: cve-2021-4104: investigated: false @@ -1577,7 +1616,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - All versions from 6.3 GA to 6.3.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1590,13 +1629,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Amazon - product: CloudFront + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.4 Forms Designer cves: cve-2021-4104: investigated: false @@ -1604,8 +1643,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1619,13 +1659,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: CloudWatch + - vendor: Adobe + product: Experience Manager 6.4 Forms on JEE cves: cve-2021-4104: investigated: false @@ -1633,9 +1673,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All versions from 6.4 GA to 6.4.8 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1648,13 +1689,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: EC2 + - vendor: Adobe + product: Experience Manager 6.5 Forms Designer cves: cve-2021-4104: investigated: false @@ -1664,9 +1705,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Amazon Linux 1 & 2 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1678,13 +1719,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Amazon - product: ELB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.5 Forms on JEE cves: cve-2021-4104: investigated: false @@ -1692,9 +1733,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All versions from 6.5 GA to 6.5.11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1707,13 +1749,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: KMS + - vendor: Adobe + product: Experience Manager Forms on OSGi cves: cve-2021-4104: investigated: false @@ -1721,10 +1763,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1736,13 +1779,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: OpenSearch + - vendor: Adobe + product: Experience Manager Forms Workbench cves: cve-2021-4104: investigated: false @@ -1751,10 +1794,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1766,13 +1809,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: RDS + - vendor: ADP + product: All cves: cve-2021-4104: investigated: false @@ -1795,42 +1838,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: Route 53 + - vendor: Advanced Micro Devices (AMD) + product: All cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: S3 + last_updated: '2022-02-02T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: Active MFT cves: cve-2021-4104: investigated: false @@ -1838,10 +1882,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1853,13 +1898,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: Translate + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT cves: cve-2021-4104: investigated: false @@ -1867,10 +1913,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1882,13 +1929,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/translate/ - notes: Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: VPC + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT Gateway cves: cve-2021-4104: investigated: false @@ -1896,10 +1944,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1911,13 +1960,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AMD - product: All + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT Server cves: cve-2021-4104: investigated: false @@ -1925,10 +1975,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1940,14 +1991,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 - notes: Currently, no AMD products have been identified as affected. AMD is continuing - its analysis. + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Anaconda - product: Anaconda + last_updated: '2021-12-14T00:00:00' + - vendor: AFHCAN Global LLC + product: AFHCANcart cves: cve-2021-4104: investigated: false @@ -1959,7 +2010,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 4.10.3 + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -1971,13 +2022,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.conda.io/projects/conda/en/latest/index.html + - https://afhcan.org/support.aspx notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Apache - product: ActiveMQ Artemis + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANmobile cves: cve-2021-4104: investigated: false @@ -1989,7 +2040,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2001,18 +2052,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://activemq.apache.org/news/cve-2021-44228 - notes: ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 - is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). - Although this version of Log4j is not impacted by CVE-2021-44228 future versions - of Artemis will be updated so that the Log4j jar is no longer included in the - web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) - for more information on that task. + - https://afhcan.org/support.aspx + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Apache - product: Airflow + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANServer cves: cve-2021-4104: investigated: false @@ -2020,10 +2066,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2035,13 +2082,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/apache/airflow/tree/main/airflow - notes: Airflow is written in Python + - https://afhcan.org/support.aspx + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apache - product: Camel + - vendor: AFHCAN Global LLC + product: AFHCANsuite cves: cve-2021-4104: investigated: false @@ -2050,11 +2097,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.14.1.3.11.5 - - 3.7.7 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2066,17 +2112,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ - notes: Apache Camel does not directly depend on Log4j 2, so we are not affected - by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own - applications, make sure to upgrade.Apache Camel does use log4j during testing - itself, and therefore you can find that we have been using log4j v2.13.3 release - in our latest LTS releases Camel 3.7.6, 3.11.4. + - https://afhcan.org/support.aspx + notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel 2 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANupdate cves: cve-2021-4104: investigated: false @@ -2084,10 +2126,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2099,13 +2142,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://afhcan.org/support.aspx notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel JBang + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANweb cves: cve-2021-4104: investigated: false @@ -2114,10 +2157,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <=3.1.4 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2129,13 +2172,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://afhcan.org/support.aspx notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel K + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Agilysys + product: All cves: cve-2021-4104: investigated: false @@ -2158,13 +2201,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel Karaf + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: Mobile cves: cve-2021-4104: investigated: false @@ -2172,10 +2215,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.6+ cve-2021-45046: investigated: false affected_versions: [] @@ -2187,14 +2231,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ - notes: The Karaf team is aware of this and are working on a new Karaf 4.3.4 release - with updated log4j. + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j + notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel Quarkus + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: Other products cves: cve-2021-4104: investigated: false @@ -2202,10 +2245,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - version 8.5.4.86 (and above) cve-2021-45046: investigated: false affected_versions: [] @@ -2217,13 +2261,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: CamelKafka Connector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: PRD cves: cve-2021-4104: investigated: false @@ -2231,10 +2275,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '2.0' cve-2021-45046: investigated: false affected_versions: [] @@ -2246,13 +2291,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Druid + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AIL + product: All cves: cve-2021-4104: investigated: false @@ -2261,10 +2306,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < druid 0.22.0 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2276,13 +2321,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/apache/druid/releases/tag/druid-0.22.1 + - https://twitter.com/ail_project/status/1470373644279119875 notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Apache - product: Flink + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Akamai + product: Enterprise Application Access (EAA) Connector cves: cve-2021-4104: investigated: false @@ -2292,12 +2337,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - < 1.14.2 - - 1.13.5 - - 1.12.7 - - 1.11.6 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2309,17 +2351,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://flink.apache.org/2021/12/10/log4j-cve.html - notes: 'To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 - releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were - skipped because CVE-2021-45046 was discovered during the release publication. - The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade - for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046.' + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: '' references: - - '[https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html)' - last_updated: '2021-12-12T00:00:00' - - vendor: Apache - product: Kafka + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Akamai + product: SIEM Integration Connector cves: cve-2021-4104: investigated: false @@ -2329,9 +2367,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - <1.7.4 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2343,14 +2381,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kafka.apache.org/cve-list - notes: The current DB lists Apache Kafka as impacted. Apache Kafka uses Log4jv1, - not v2. + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, CVE-2021-45046 + and CVE-2021-45105. references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Apache - product: Kafka + last_updated: '2021-12-15T00:00:00' + - vendor: Akamai + product: SIEM Splunk Connector cves: cve-2021-4104: investigated: false @@ -2359,9 +2397,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] + affected_versions: [] + fixed_versions: + - < 1.4.10 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2374,13 +2412,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://logging.apache.org/log4j/2.x/security.html - notes: Only vulnerable in certain configuration(s) + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: Akamai SIEM Integration Connector for Splunk is not vulnerable to CVE-2021-44228. + Although it includes the vulnerable Log4J component, it is not used by the connector. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apache - product: Log4j + last_updated: '2021-12-15T00:00:00' + - vendor: Alcatel + product: All cves: cve-2021-4104: investigated: false @@ -2388,9 +2427,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 2.15.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2404,13 +2442,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://logging.apache.org/log4j/2.x/security.html + - https://dokuwiki.alu4u.com/doku.php?id=log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apache - product: Solr + - vendor: Alertus + product: Console cves: cve-2021-4104: investigated: false @@ -2421,8 +2459,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 7.4.0 to 7.7.3 - - 8.0.0 to 8.11.0 + - 5.15.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2435,13 +2472,5137 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 - notes: Update to 8.11.1 or apply fixes as described in Solr security advisory + - https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alexion + product: Alexion CRM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alfresco + product: Alfresco + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AlienVault + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: AmiSconnect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: Custo Diagnostics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '5.4' + - '5.6' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: JiveX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: Zorgbericht + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Work in progress, portion of customers may still be vulnerable. Actively + monitoring this issue, and are working on addressing it for any AMS services + which use Log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: API Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: Athena + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: Athena JDBC Driver + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: All versions vended to customers were not affected. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Linux 1 + - '2' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: Amazon Linux 1 had aws apitools which were Java based but these were deprecated + in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). + AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 + and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS AppFlow + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS AppSync + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS Certificate Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS Certificate Manager Private CA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS CloudHSM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 3.4.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: CloudHSM JCE SDK 3.4.1 or higher is not vulnerable. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS CodeBuild + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS CodePipeline + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Vendors recommend evaluating components of the environment outside of the + Amazon Connect service boundary, which may require separate/additional customer + mitigation. + references: + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: Amazon + product: AWS Directory Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: Amazon + product: AWS DynamoDB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ECS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 + and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon + ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch + will require customer opt-in to use, and disables JNDI lookups from the Log4J2 + library in customers’ containers. These updates are available as an Amazon Linux + package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, + and will be in supported AWS Fargate platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS EKS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 + and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon + ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch + will require customer opt-in to use, and disables JNDI lookups from the Log4J2 + library in customers’ containers. These updates are available as an Amazon Linux + package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, + and will be in supported AWS Fargate platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Elastic Beanstalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Default configuration of applications usage of Log4j versions is not vulnerable. + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ElastiCache + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ELB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Fargate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available + as platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Has been updated. Vulnerable only if ETL jobs load affected versions of + Apache Log4j. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Greengrass + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updates for all Greengrass V2 components Stream Manager (2.0.14) and Secure + Tunneling (1.0.6) are available. For Greengrass versions 1.10.x and 1.11.x, + an update for the Stream Manager feature is included in Greengrass patch versions + 1.10.5 and 1.11.5. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Inspector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS IoT SiteWise Edge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updates for all AWS IoT SiteWise Edge components that use Log4j were made + available; OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher + (v2.0.2). + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS Kinesis Data Streams + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: We are actively patching all sub-systems that use Log4j2 by applying updates. + The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library + (KPL) are not impacted. For customers using KCL 1.x, we have released an updated + version and we strongly recommend that all KCL version 1.x customers upgrade + to KCL version 1.14.5 (or higher). KCL 2.x, KCL 1.14.5 or higher, and KPL are + not vulnerable. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS KMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Lambda + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Vulnerable when using aws-lambda-java-log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Polly + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS QuickSight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS RDS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified + in CVE-2021-44228. + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS S3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS SDK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS Secrets Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS Service Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS SNS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon SNS systems that serve customer traffic are patched against the + Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate + separately from SNS’s systems that serve customer traffic. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS SQS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Systems Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Systems Manager Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Textract + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: Chime + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon Chime and Chime SDK services have been updated to mitigate the issues + identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Cloud Directory + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: CloudFront + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: CloudWatch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Cognito + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Corretto + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: 10/19 release distribution does not include Log4j. Vulnerable only if customers + applications use affected versions of Apache Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: DocumentDB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: EC2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux + 2022 is affected. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: ECR Public + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon-owned images published under a Verified Account on Amazon ECR Public + are not affected by the Log4j issue. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: Elastic Load Balancing + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Services have been updated. All Elastic Load Balancers, as well as Classic, + Application, Network and Gateway, are not affected by this Log4j issue. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: EMR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Many customers are estimated to be vulnerable. Vulnerable only if affected + EMR releases are used and untrusted sources are configured to be processed. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: EventBridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Fraud Detector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Inspector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Inspector Classic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kafka (MSK) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Applying updates as required, portion of customers may still be vulnerable. + Some MSK-specific service components use Log4j > 2.0.0 library and are being + patched where needed. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kendra + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Keyspaces (for Apache Cassandra) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kinesis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kinesis Data Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lake Formation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Update in progress, portion of customers may still be vulnerable. AWS Lake + Formation service hosts are being updated to the latest version of Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lex + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Linux (AL1) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM + layer issue is available. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Linux (AL2) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: By default not vulnerable, and a new version of Amazon Kinesis Agent which + is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate the Log4j + issue in JVM layer is available. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lookout for Equipment + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Macie + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Macie Classic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Managed Workflows for Apache Airflow (MWAA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: MemoryDB for Redis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Monitron + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: MQ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Neptune + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: NICE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Recommended to update EnginFrame or Log4j library. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: OpenSearch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - R20211203-P2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Update released, customers need to update their clusters to the fixed release. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Pinpoint + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: RDS Aurora + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: RDS for Oracle + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Redshift + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Rekognition + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Route 53 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: SageMaker + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Completed patching for the Apache Log4j2 issue (CVE-2021-44228). Vulnerable + only if customers applications use affected versions of Apache Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Simple Notification Service (SNS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Systems that serve customer traffic are patched against the Log4j2 issue. + Working to apply the patch to sub-systems that operate separately from SNSs + systems that serve customer traffic. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Simple Queue Service (SQS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Simple Workflow Service (SWF) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Single Sign-On + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Step Functions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Timestream + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Translate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/translate/ + notes: Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: VPC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: WorkSpaces/AppStream 2.0 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Not affected with default configurations. WorkDocs Sync client versions + 1.2.895.1 and older within Windows WorkSpaces, which contain the Log4j component, + are vulnerable; For update instruction, see source for more info. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AMD + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 + notes: Currently, no AMD products have been identified as affected. AMD is continuing + its analysis. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Anaconda + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 4.10.3 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.conda.io/projects/conda/en/latest/index.html + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: AOMEI + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.aomeitech.com/forum/index.php?p=/discussion/7651/aomei-and-log4j + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: ActiveMQ Artemis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://activemq.apache.org/news/cve-2021-44228 + notes: ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 + is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). + Although this version of Log4j is not impacted by CVE-2021-44228 future versions + of Artemis will be updated so that the Log4j jar is no longer included in the + web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) + for more information on that task. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: Airflow + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Airflow is written in Python + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Archiva + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.2.6 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 2.2.6. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Camel + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: Apache Camel does not directly depend on Log4j 2, so we are not affected + by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own + applications, make sure to upgrade.Apache Camel does use log4j during testing + itself, and therefore you can find that we have been using log4j v2.13.3 release + in our latest LTS releases Camel 3.7.6, 3.11.4. + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel 2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel JBang + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <=3.1.4 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel K + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel Kafka Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel Karaf + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: The Karaf team is aware of this and are working on a new Karaf 4.3.4 release + with updated log4j. + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel Quarkus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Cassandra + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://lists.apache.org/thread/2rngylxw8bjos6xbo1krp29m9wn2hhdr + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Druid + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 0.22.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/apache/druid/releases/tag/druid-0.22.1 + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Dubbo + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/apache/dubbo/issues/9380 + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Flink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.15.0 + - 1.14.2 + - 1.13.5 + - 1.12.7 + - 1.11.6 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://flink.apache.org/2021/12/10/log4j-cve.html + notes: To clarify and avoid confusion, the 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, + which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped + because CVE-2021-45046 was discovered during the release publication. The new + 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j + to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. + references: + - '[https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html)' + last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Fortress + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 2.0.7 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 2.0.7. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Geode + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.14.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.12.6, 1.13.5, 1.14.1. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Guacamole + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Hadoop + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: HBase + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Hive + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: James + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 3.6.0 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Jena + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 4.3.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: JMeter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: JSPWiki + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.11.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Kafka + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kafka.apache.org/cve-list + notes: Uses Log4j 1.2.17. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Log4j 1.x + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://logging.apache.org/log4j/2.x/security.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Log4j 2.x + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.17.1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://logging.apache.org/log4j/2.x/security.html + notes: Fixed in Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6). + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Maven + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: NiFi + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.15.1, 1.16.0. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: OFBiz + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 18.12.03 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Ozone + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 1.2.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.15.1, 1.16.0. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: SkyWalking + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 8.9.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: SOLR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 7.4.0 to 7.7.3 + - 8.0.0 to 8.11.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 + notes: Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several + configurations. + references: + - '[Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html)' + last_updated: '2021-12-16T00:00:00' + - vendor: Apache + product: Spark + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Uses log4j 1.x + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Struts + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.5.28 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Struts 2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Versions before 2.5.28.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://struts.apache.org/announce-2021 + notes: The Apache Struts group is pleased to announce that Struts 2.5.28.1 is + available as a General Availability release. The GA designation is our highest + quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by + using the latest Log4j 2.12.2 version (Java 1.7 compatible). + references: + - '[Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga)' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: Tapestry + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 5.7.3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Tika + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.0.0 and up + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Tomcat + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://tomcat.apache.org/security-9.html + notes: Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications + deployed on Apache Tomcat may have a dependency on log4j. You should seek support + from the application vendor in this instance. It is possible to configure Apache + Tomcat 9.0.x to use log4j 2.x for Tomcats internal logging. This requires explicit + configuration and the addition of the log4j 2.x library. Anyone who has switched + Tomcats internal logging to log4j 2.x is likely to need to address this vulnerability. + In most cases, disabling the problematic feature will be the simplest solution. + Exactly how to do that depends on the exact version of log4j 2.x being used. + Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: TrafficControl + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: ZooKeeper + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: APC by Schneider Electric + product: Powerchute Business Edition + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v9.5 + - v10.0.1 + - v10.0.2 + - v10.0.3 + - v10.0.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 + notes: Mitigation instructions to remove the affected class. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: APC by Schneider Electric + product: Powerchute Network Shutdown + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4.2' + - '4.3' + - '4.4' + - 4.4.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 + notes: Mitigation instructions to remove the affected class. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Apereo + product: CAS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 6.3.x + - 6.4.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apereo.github.io/2021/12/11/log4j-vuln/ + notes: Other versions still in active maintainance might need manual inspection. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apereo + product: Opencast + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 9.10 + - < 10.6 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apigee + product: Edge and OPDK products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://status.apigee.com/incidents/3cgzb0q2r10p + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apollo + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.apollographql.com/t/log4j-vulnerability/2214 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Appdynamics + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Appeon + product: PowerBuilder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Appeon PowerBuilder 2017-2021 regardless of product edition + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.appeon.com/index.php/qna/q-a/apache-log4j-security-vulnerabilities + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: AppGate + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Appian + product: Appian Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046 + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Application Performance Ltd + product: DBMarlin + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: APPSHEET + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aptible + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Search 5.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aqua Security + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arbiter Systems + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arbiter.com/news/index.php?id=4403 + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: ARC Informatique + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1 + notes: '' + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Arca Noae + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arcserve + product: Arcserve Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Arcserve Continuous Availability + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Arcserve Email Archiving + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Arcserve UDP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 6.5-8.3 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: ShadowProtect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: ShadowXafe + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Solo + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: StorageCraft OneXafe + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: ArcticWolf + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://arcticwolf.com/resources/blog/log4j + notes: '' references: - - '[Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html)' - last_updated: '2021-12-16T00:00:00' - - vendor: Apache - product: Struts 2 + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arduino + product: IDE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.8.17 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ariba + product: All cves: cve-2021-4104: investigated: false @@ -2450,8 +7611,37 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://connectsupport.ariba.com/sites#announcements-display&/Event/908469 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: Analytics Node for Converged Cloud Fabric + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true affected_versions: - - Versions before 2.5.28.1 + - '>7.0.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2465,16 +7655,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://struts.apache.org/announce-2021 - notes: The Apache Struts group is pleased to announce that Struts 2.5.28.1 is - available as a “General Availability” release. The GA designation is our highest - quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by - using the latest Log4j 2.12.2 version (Java 1.7 compatible). + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Cloud Fabric references: - - '[Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga)' - last_updated: '2021-12-21T00:00:00' - - vendor: Apache - product: Tomcat + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: Analytics Node for DANZ Monitoring Fabric + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>7.0.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Monitoring Fabric + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: CloudVision Portal cves: cve-2021-4104: investigated: false @@ -2482,9 +7699,39 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - '>2019.1.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: CloudVision Wi-Fi, virtual or physical appliance + cves: + cve-2021-4104: investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true affected_versions: - - 9.0.x + - '>8.8' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2498,21 +7745,103 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tomcat.apache.org/security-9.html - notes: Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications - deployed on Apache Tomcat may have a dependency on log4j. You should seek support - from the application vendor in this instance. It is possible to configure Apache - Tomcat 9.0.x to use log4j 2.x for Tomcat's internal logging. This requires explicit - configuration and the addition of the log4j 2.x library. Anyone who has switched - Tomcat's internal logging to log4j 2.x is likely to need to address this vulnerability. - In most cases, disabling the problematic feature will be the simplest solution. - Exactly how to do that depends on the exact version of log4j 2.x being used. - Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: APC by Schneider Electric - product: Powerchute Business Edition + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: Embedded Analytics for Converged Cloud Fabric + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>5.3.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Cloud Fabric + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: AirWave Management Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Analytics and Location Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS SD-WAN Gateways cves: cve-2021-4104: investigated: false @@ -2522,13 +7851,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - v9.5 - - v10.0.1 - - v10.0.2 - - v10.0.3 - - v10.0.4 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2540,13 +7865,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 - notes: Mitigation instructions to remove the affected class. + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: APC by Schneider Electric - product: Powerchute Network Shutdown + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS Wi-Fi Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -2556,12 +7881,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '4.2' - - '4.3' - - '4.4' - - 4.4.1 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2573,13 +7895,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 - notes: Mitigation instructions to remove the affected class. + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Apereo - product: CAS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS-CX Switches cves: cve-2021-4104: investigated: false @@ -2588,10 +7910,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.3.x & 6.4.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2603,13 +7925,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://apereo.github.io/2021/12/11/log4j-vuln/ + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apereo - product: Opencast + - vendor: Aruba Networks + product: ArubaOS-S Switches cves: cve-2021-4104: investigated: false @@ -2618,11 +7940,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 9.10 - - < 10.6 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2634,13 +7955,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apigee - product: '' + - vendor: Aruba Networks + product: Central cves: cve-2021-4104: investigated: false @@ -2648,10 +7969,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2663,13 +7985,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.apigee.com/incidents/3cgzb0q2r10p + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apollo - product: '' + - vendor: Aruba Networks + product: Central On-Prem cves: cve-2021-4104: investigated: false @@ -2677,10 +7999,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2692,13 +8015,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.apollographql.com/t/log4j-vulnerability/2214 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Appdynamics - product: '' + - vendor: Aruba Networks + product: ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -2706,10 +8029,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2721,13 +8045,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Appeon - product: PowerBuilder + - vendor: Aruba Networks + product: EdgeConnect cves: cve-2021-4104: investigated: false @@ -2736,10 +8060,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Appeon PowerBuilder 2017-2021 regardless of product edition + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2750,13 +8074,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: AppGate - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Fabric Composer (AFC) cves: cve-2021-4104: investigated: false @@ -2764,10 +8089,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2779,13 +8105,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Appian - product: Appian Platform + - vendor: Aruba Networks + product: HP ProCurve Switches cves: cve-2021-4104: investigated: false @@ -2795,9 +8121,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2809,13 +8135,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Application Performance Ltd - product: DBMarlin + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant cves: cve-2021-4104: investigated: false @@ -2823,11 +8149,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - Not Affected + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2838,13 +8164,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Application Performance Ltd - product: DBMarlin + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant Access Points cves: cve-2021-4104: investigated: false @@ -2852,10 +8179,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2867,13 +8195,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: APPSHEET - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant On cves: cve-2021-4104: investigated: false @@ -2881,10 +8209,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2896,13 +8225,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Aptible - product: Aptible + - vendor: Aruba Networks + product: IntroSpect cves: cve-2021-4104: investigated: false @@ -2911,9 +8240,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - ElasticSearch 5.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Versions 2.5.0.0 to 2.5.0.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2926,13 +8255,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Aqua Security - product: '' + - vendor: Aruba Networks + product: Legacy GMS Products cves: cve-2021-4104: investigated: false @@ -2940,9 +8269,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2955,13 +8285,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arbiter Systems - product: All + - vendor: Aruba Networks + product: Legacy NX cves: cve-2021-4104: investigated: false @@ -2969,10 +8299,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2984,13 +8315,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arbiter.com/news/index.php?id=4403 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: ARC Informatique - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy VRX cves: cve-2021-4104: investigated: false @@ -3001,7 +8332,8 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3013,13 +8345,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Arca Noae - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy VX cves: cve-2021-4104: investigated: false @@ -3027,10 +8359,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3042,13 +8375,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/ + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arcserve - product: Arcserve Backup + - vendor: Aruba Networks + product: NetEdit cves: cve-2021-4104: investigated: false @@ -3060,7 +8393,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3072,13 +8405,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Arcserve Continuous Availability + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Plexxi Composable Fabric Manager (CFM) cves: cve-2021-4104: investigated: false @@ -3090,7 +8423,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3102,13 +8435,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Arcserve Email Archiving + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Silver Peak Orchestrator cves: cve-2021-4104: investigated: false @@ -3118,9 +8451,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3132,13 +8465,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Arcserve UDP + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: User Experience Insight (UXI) cves: cve-2021-4104: investigated: false @@ -3150,7 +8483,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 6.5-8.3 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3162,13 +8495,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: ShadowProtect + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: VIA Clients cves: cve-2021-4104: investigated: false @@ -3180,7 +8513,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3192,13 +8525,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: ShadowXafe + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ataccama + product: All cves: cve-2021-4104: investigated: false @@ -3206,11 +8539,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3222,13 +8554,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Solo + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atera + product: All cves: cve-2021-4104: investigated: false @@ -3236,11 +8568,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3252,13 +8583,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/ notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: StorageCraft OneXafe + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Bamboo Server & Data Center cves: cve-2021-4104: investigated: false @@ -3267,10 +8598,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + affected_versions: + - On Prem + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3282,13 +8613,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: Only vulnerable when using non-default config, cloud version fixed. references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: ArcticWolf - product: '' + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Bitbucket Server & Data Center cves: cve-2021-4104: investigated: false @@ -3296,9 +8627,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - On prem unaffected_versions: [] cve-2021-45046: investigated: false @@ -3311,13 +8643,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://arcticwolf.com/resources/blog/log4j - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: This product is not vulnerable to remote code execution but may leak information + due to the bundled Elasticsearch component being vulnerable. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arduino - product: '' + - vendor: Atlassian + product: Confluence Server & Data Center cves: cve-2021-4104: investigated: false @@ -3325,8 +8658,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - On prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3340,13 +8674,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228 - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: Only vulnerable when using non-default config, cloud version fixed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ariba - product: '' + - vendor: Atlassian + product: Confluence-CIS CSAT Pro cves: cve-2021-4104: investigated: false @@ -3354,8 +8688,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v1.7.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3369,13 +8704,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://connectsupport.ariba.com/sites#announcements-display&/Event/908469 + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arista - product: '' + - vendor: Atlassian + product: Confluence-CIS WorkBench cves: cve-2021-4104: investigated: false @@ -3383,10 +8718,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3398,13 +8734,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Aruba Networks - product: '' + - vendor: Atlassian + product: Confluence-CIS-CAT Lite cves: cve-2021-4104: investigated: false @@ -3412,8 +8748,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v4.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3427,13 +8764,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjEwMTQ0;notificationCategory=Security + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ataccama - product: '' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v3 Full and Dissolvable cves: cve-2021-4104: investigated: false @@ -3441,8 +8778,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v3.0.77 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3456,13 +8794,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Atera - product: '' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v4 cves: cve-2021-4104: investigated: false @@ -3470,8 +8808,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v4.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3485,13 +8824,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/ + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian - product: Bamboo Server & Data Center + product: Confluence-CIS-CAT Pro Assessor v4 Service cves: cve-2021-4104: investigated: false @@ -3500,10 +8839,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - v1.13.0 fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3516,13 +8855,12 @@ software: unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian - product: Bitbucket Server & Data Center + product: Confluence-CIS-CAT Pro Dashboard cves: cve-2021-4104: investigated: false @@ -3531,10 +8869,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3547,13 +8885,12 @@ software: unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product is not vulnerable to remote code execution but may leak information - due to the bundled Elasticsearch component being vulnerable. + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian - product: Confluence Server & Data Center + product: Confluence-CIS-Hosted CSAT cves: cve-2021-4104: investigated: false @@ -3565,7 +8902,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3578,8 +8915,7 @@ software: unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -3593,10 +8929,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3624,10 +8960,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3655,10 +8991,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3686,10 +9022,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3707,8 +9043,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Attivo networks - product: '' + - vendor: Attivo Networks + product: All cves: cve-2021-4104: investigated: false @@ -3769,7 +9105,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: AudioCodes - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3798,7 +9134,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Autodesk - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3833,8 +9169,39 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Automox - product: '' + - vendor: Automation Anywhere + product: Automation 360 Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Automation Anywhere + product: Automation 360 On Premise cves: cve-2021-4104: investigated: false @@ -3842,10 +9209,43 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Automation Anywhere + product: Automation Anywhere + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 11.x + - <11.3x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3857,13 +9257,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.automox.com/log4j-critical-vulnerability-scores-a-10 - notes: '' + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Autopsy - product: '' + - vendor: Automox + product: All cves: cve-2021-4104: investigated: false @@ -3886,13 +9287,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.autopsy.com/autopsy-and-log4j-vulnerability/ + - https://blog.automox.com/log4j-critical-vulnerability-scores-a-10 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Auvik - product: '' + - vendor: Autopsy + product: All cves: cve-2021-4104: investigated: false @@ -3915,13 +9316,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.auvik.com/incidents/58bfngkz69mj + - https://www.autopsy.com/autopsy-and-log4j-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Avantra SYSLINK - product: '' + - vendor: Auvik + product: All cves: cve-2021-4104: investigated: false @@ -3944,13 +9345,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability + - https://status.auvik.com/incidents/58bfngkz69mj notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Avaya - product: Avaya Analytics + - vendor: Avantra SYSLINK + product: All cves: cve-2021-4104: investigated: false @@ -3958,13 +9359,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '3.5' - - '3.6' - - 3.6.1 - - '3.7' - - '4' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3978,13 +9374,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + - https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Avaya - product: Avaya Aura for OneCloud Private + product: Avaya Analytics cves: cve-2021-4104: investigated: false @@ -3992,8 +9388,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '3.5' + - '3.6' + - 3.6.1 + - '3.7' + - '4' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4008,15 +9409,12 @@ software: unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: Avaya is scanning and monitoring its OneCloud Private environments as part - of its management activities. Avaya will continue to monitor this fluid situation - and remediations will be made as patches become available, in accordance with - appropriate change processes. + notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Application Enablement Services + product: Avaya Aura Application Enablement Services cves: cve-2021-4104: investigated: false @@ -4048,7 +9446,7 @@ software: - '[PSN020551u](https://download.avaya.com/css/public/documents/101079386)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Contact Center + product: Avaya Aura Contact Center cves: cve-2021-4104: investigated: false @@ -4082,7 +9480,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Device Services + product: Avaya Aura Device Services cves: cve-2021-4104: investigated: false @@ -4093,7 +9491,10 @@ software: investigated: true affected_versions: - '8' + - 8.0.1 + - 8.0.2 - '8.1' + - 8.1.3 - 8.1.4 - 8.1.5 fixed_versions: [] @@ -4115,7 +9516,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Device Services + product: Avaya Aura for OneCloud Private cves: cve-2021-4104: investigated: false @@ -4125,9 +9526,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 8.0.1 - - 8.0.2 - - 8.1.3 + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4142,12 +9541,15 @@ software: unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' + notes: Avaya is scanning and monitoring its OneCloud Private environments as part + of its management activities. Avaya will continue to monitor this fluid situation + and remediations will be made as patches become available, in accordance with + appropriate change processes. references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Media Server + product: Avaya Aura Media Server cves: cve-2021-4104: investigated: false @@ -4179,7 +9581,7 @@ software: - '[PSN020549u](https://download.avaya.com/css/secure/documents/101079316)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Presence Services + product: Avaya Aura Presence Services cves: cve-2021-4104: investigated: false @@ -4218,7 +9620,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Session Manager + product: Avaya Aura Session Manager cves: cve-2021-4104: investigated: false @@ -4255,7 +9657,7 @@ software: - '[PSN020550u](https://download.avaya.com/css/public/documents/101079384)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® System Manager + product: Avaya Aura System Manager cves: cve-2021-4104: investigated: false @@ -4286,7 +9688,7 @@ software: - '[PSN005565u](https://download.avaya.com/css/secure/documents/101079390)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Web Gateway + product: Avaya Aura Web Gateway cves: cve-2021-4104: investigated: false @@ -4299,7 +9701,7 @@ software: - 3.11[P] - 3.8.1[P] - 3.8[P] - - 3.9.1 [P] + - 3.9.1[P] - 3.9[P] fixed_versions: [] unaffected_versions: [] @@ -4320,7 +9722,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Breeze™ + product: Avaya Breeze cves: cve-2021-4104: investigated: false @@ -4478,7 +9880,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya one cloud private -UCaaS - Mid Market Aura + product: Avaya OneCloud-Private cves: cve-2021-4104: investigated: false @@ -4488,7 +9890,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '1' + - '2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4508,7 +9910,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya OneCloud-Private + product: Avaya OneCloud-Private-UCaaS - Mid Market Aura cves: cve-2021-4104: investigated: false @@ -4518,7 +9920,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2' + - '1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4580,8 +9982,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4756,7 +10159,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Equinox™ Conferencing + product: Equinox Conferencing cves: cve-2021-4104: investigated: false @@ -4816,7 +10219,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: IP Office™ Platform + product: IP Office Platform cves: cve-2021-4104: investigated: false @@ -4882,7 +10285,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: AVEPOINT - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4911,7 +10314,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AVM - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4919,10 +10322,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4935,12 +10339,12 @@ software: unaffected_versions: [] vendor_links: - https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C - notes: '' + notes: devices, firmware, software incl. MyFritz Service. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AvTech RoomAlert - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4968,8 +10372,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AWS New - product: '' + - vendor: AXIS + product: OS cves: cve-2021-4104: investigated: false @@ -4977,10 +10381,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4992,13 +10397,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://help.axis.com/axis-os notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AXON - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5027,7 +10432,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AXS Guard - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5056,7 +10461,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Axways Applications - product: '' + product: All cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index ab59ef7..a17ca4c 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -4588,22 +4588,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4622,22 +4620,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4650,27 +4646,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4683,32 +4678,31 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Content Collaboration (ShareFile Integration) – Citrix Files for + product: Citrix Content Collaboration (ShareFile Integration)–Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook cves: cve-2021-4104: @@ -4717,27 +4711,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4750,31 +4743,32 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 10.14 RP2 + - 10.13 RP5 + - 10.12 RP10 unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 10.14 RP2 + - 10.13 RP5 + - 10.12 RP10 unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 10.14 RP3 + - 10.13 RP6 + - 10.12 RP11 unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised - to apply the latest CEM rolling patch updates listed below as soon as possible - to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); - [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); - and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). - Note: Customers who have upgraded their XenMobile Server to the updated versions - are recommended not to apply the responder policy mentioned in the blog listed - below to the Citrix ADC vserver in front of the XenMobile Server as it may impact - the enrollment of Android devices. For CVE-2021-45105: Investigation in progress.' + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4787,27 +4781,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4820,27 +4813,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4859,22 +4851,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4887,30 +4877,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Linux Virtual Delivery Agent 2112 unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Linux Virtual Delivery Agent 2112 unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: - Customers are advised to apply the latest update as soon as possible to reduce - the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). - See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for - additional mitigations. For CVE-2021-45105: Investigation has shown that Linux - VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, - released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: - Linux VDA LTSR all versions; All other CVAD components.' + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4929,22 +4915,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4957,27 +4941,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00'