1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-24 09:30:46 +00:00

Merge branch 'develop' into update-B

This commit is contained in:
justmurphy 2022-02-15 16:55:21 -05:00 committed by GitHub
commit 561a6a538f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 12280 additions and 1326 deletions

View file

@ -29,107 +29,246 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| 3M Health Information Systems | CGS | | | Unknown | [link](https://support.3mhis.com/app/account/updates/ri/5210) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | 3M Health Information Systems | CGS | | | Unknown | [link](https://support.3mhis.com/app/account/updates/ri/5210) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| 7-Zip | | | | Unknown | [link](https://sourceforge.net/p/sevenzip/discussion/45797/thread/b977bbd4d1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | 7-Zip | | | | Unknown | [link](https://sourceforge.net/p/sevenzip/discussion/45797/thread/b977bbd4d1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| 7Signal | Sapphire | | | Fixed | [link](https://www.7signal.com/info/se-release-notes) | Fix released 2021-12-14 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | 7Signal | Sapphire | | | Fixed | [link](https://www.7signal.com/info/se-release-notes) | Fix released 2021-12-14 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| ABB | | | | Unknown | [link](https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ABB | AlarmInsight Cloud | | | Not Affected | [link](https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| ABB | ABB Remote Service | ABB Remote Platform (RAP) | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ABB | B&R Products | | | Not Affected | [link](https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| ABB | AlarmInsight Cloud | AlarmInsight KPI Dashboards 1.0.0 | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ABB | Remote Service | | | Fixed | [link](https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| ABB | B&R Products | See Vendor Advisory | | Affected | [link](https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Abbott | All | | | Unknown | [link](https://www.abbott.com/policies/cybersecurity/apache-Log4j.html) | Details are shared with customers with an active RAP subscription. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Abbott | | | | Unknown | [link](https://www.abbott.com/policies/cybersecurity/apache-Log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Abbott | GLP Track System | Track Sample Manager (TSM), Track Workflow Manager (TWM) | | Affected | [link](https://www.abbott.com/policies/cybersecurity/apache-Log4j.html) | Abbott will provide a fix for this in a future update expected in January 2022. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Abnormal Security | Abnormal Security | | | Unknown | [link](https://abnormalsecurity.com/blog/attackers-use-email-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Abnormal Security | All | | | Not Affected | [link](https://abnormalsecurity.com/blog/attackers-use-email-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Accellence | | | | Unknown | [link](https://www.accellence.de/en/articles/national-vulnerability-database-62) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Accellence Technologies | EBÜS | | All | Fixed | [link](https://www.accellence.de/en/articles/cve-2021-44228-62) | EBÜS itself is not vulnerable to CVE-2021-44228. Although it includes several 3rd-party software setups, which may be affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Accellion | Kiteworks | | v7.6 release | Fixed | [link](https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/) | "As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true” to disable the possible attack vector on both CentOS 6 and CentOS 7." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | Accellence Technologies | Vimacc | | | Not Affected | [link](https://www.accellence.de/en/articles/cve-2021-44228-62) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Acquia | | | | Unknown | [link](https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Accellion | Kiteworks | | v7.6 release | Fixed | [link](https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/) | As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true" to disable the possible attack vector on both CentOS 6 and CentOS 7. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| Acronis | | | | Unknown | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Accruent | Analytics | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| ActiveState | | | | Unknown | [link](https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Accruent | Asset Enterprise | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Adaptec | | | | Unknown | [link](https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Accruent | BigCenter | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Addigy | | | | Unknown | [link](https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Accruent | EMS | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Adeptia | | | | Unknown | [link](https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Accruent | Evoco | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Adobe ColdFusion | | | | Unknown | [link](https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Accruent | Expesite | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| ADP | | | | Unknown | [link](https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Accruent | Famis 360 | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Accruent | Lucernex | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Accruent | Maintenance Connection | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Accruent | Meridian | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Accruent | Single Sign On (SSO, Central Auth) | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Accruent | SiteFM3 | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Accruent | SiteFM4 | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Accruent | Siterra | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Accruent | TMS | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Accruent | VxField | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Accruent | VxMaintain | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Accruent | VxObserve | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Accruent | VxSustain | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Acquia | All | | | Unknown | [link](https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Acronis | Backup | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Acronis | Cyber Backup | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Acronis | Cyber Files | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Acronis | Cyber Infrastructure | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Acronis | Cyber Protect | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Acronis | Cyber Protection Home Office | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Acronis | DeviceLock DLP | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Acronis | Files Connect | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Acronis | MassTransit | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Acronis | Snap Deploy | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| ActiveState | All | | | Unknown | [link](https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Acunetix | 360 | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Acunetix | Agents | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Acunetix | Application | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Acunetix | IAST - ASP.NET | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Acunetix | IAST - NodeJS | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Acunetix | IAST - PHP | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Acunetix | IAST-Java | | All | Fixed | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | AcuSensor IAST module needs attention. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Adaptec | All | | | Unknown | [link](https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Addigy | All | | | Unknown | [link](https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Adeptia | Connect | | 3.3, 3.4, 3.5 | Fixed | [link](https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Adeptia | Suite | | 6.9.9, 6.9.10, 6.9.11 | Fixed | [link](https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Adobe | Automated Forms Conversion Service | | | Affected | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Adobe | ColdFusion | | | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Adobe | Experience Manager 6.3 Forms on JEE | | All versions from 6.3 GA to 6.3.3 | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Adobe | Experience Manager 6.4 Forms Designer | | | Affected | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Adobe | Experience Manager 6.4 Forms on JEE | | All versions from 6.4 GA to 6.4.8 | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Adobe | Experience Manager 6.5 Forms Designer | | | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Adobe | Experience Manager 6.5 Forms on JEE | | All versions from 6.5 GA to 6.5.11 | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Adobe | Experience Manager Forms on OSGi | | | Not Affected | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Adobe | Experience Manager Forms Workbench | | | Not Affected | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| ADP | All | | | Unknown | [link](https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Advanced Micro Devices (AMD) | All | | | Not Affected | [link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Advanced Micro Devices (AMD) | All | | | Not Affected | [link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 |
| Advanced Systems Concepts (formally Jscape) | Active MFT | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Advanced Systems Concepts (formally Jscape) | Active MFT | | | Not Affected | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Advanced Systems Concepts (formally Jscape) | MFT | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Advanced Systems Concepts (formally Jscape) | MFT | | | Not Affected | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Advanced Systems Concepts (formally Jscape) | MFT Gateway | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Advanced Systems Concepts (formally Jscape) | MFT Gateway | | | Not Affected | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Advanced Systems Concepts (formally Jscape) | MFT Server | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Advanced Systems Concepts (formally Jscape) | MFT Server | | | Not Affected | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| AFAS Software | | | | Unknown | [link](https://help.afas.nl/vraagantwoord/NL/SE/120439.htm) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| AFHCAN Global LLC | AFHCANcart | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANcart | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| AFHCAN Global LLC | AFHCANmobile | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANmobile | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| AFHCAN Global LLC | AFHCANServer | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANServer | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| AFHCAN Global LLC | AFHCANsuite | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANsuite | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| AFHCAN Global LLC | AFHCANupdate | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANupdate | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| AFHCAN Global LLC | AFHCANweb | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANweb | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Agilysys | | | | Unknown | [link](https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Agilysys | All | | | Unknown | [link](https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Akamai | SIEM Splunk Connector | All | | Affected | [link](https://splunkbase.splunk.com/app/4310/) | v1.4.11 is the new recommendation for mitigation of log4j vulnerabilities | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Ahsay | Mobile | | | Not Affected | [link](https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Alcatel | | | | Unknown | [link](https://dokuwiki.alu4u.com/doku.php?id=log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Ahsay | Other products | | | Not Affected | [link](https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Alertus | | | | Unknown | [link](https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Ahsay | PRD | | | Not Affected | [link](https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Alexion | | | | Unknown | [link](https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AIL | All | | | Not Affected | [link](https://twitter.com/ail_project/status/1470373644279119875) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Alfresco | | | | Unknown | [link](https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Akamai | Enterprise Application Access (EAA) Connector | | | Not Affected | [link](https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| AlienVault | | | | Unknown | [link](https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Akamai | SIEM Integration Connector | | <1.7.4 | Fixed | [link](https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes) | Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Alphatron Medical | | | | Unknown | [link](https://www.alphatronmedical.com/home.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Akamai | SIEM Splunk Connector | | < 1.4.10 | Fixed | [link](https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes) | Akamai SIEM Integration Connector for Splunk is not vulnerable to CVE-2021-44228. Although it includes the vulnerable Log4J component, it is not used by the connector. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Amazon | Athena | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Alcatel | All | | | Unknown | [link](https://dokuwiki.alu4u.com/doku.php?id=log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | AWS | | | Not Affected | | Notes: Amazon Linux 1 had aws apitools which were Java based but these were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Alertus | Console | | 5.15.0 | Fixed | [link](https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | AWS API Gateway | | All | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Alexion | Alexion CRM | | | Not Affected | [link](https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | AWS CloudHSM | < 3.4.1. | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Alfresco | Alfresco | | | Not Affected | [link](https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | AWS Connect | | All | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Vendors recommend evaluating components of the environment outside of the Amazon Connect service boundary, which may require separate/additional customer mitigation | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | | AlienVault | All | | | Unknown | [link](https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | AWS DynamoDB | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Alphatron Medical | AmiSconnect | | | Not Affected | [link](https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | AWS EKS, ECS, Fargate | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | To help mitigate the impact of the open-source Apache “Log4j2" utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | Alphatron Medical | Custo Diagnostics | 5.4, 5.6 | | Affected | [link](https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | AWS ElastiCache | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Alphatron Medical | JiveX | | | Not Affected | [link](https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | AWS ELB | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | Alphatron Medical | Zorgbericht | | | Not Affected | [link](https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | AWS Inspector | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Amazon | AMS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Work in progress, portion of customers may still be vulnerable. Actively monitoring this issue, and are working on addressing it for any AMS services which use Log4j2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | AWS Kinesis Data Stream | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | We are actively patching all sub-systems that use Log4j2 by applying updates. The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade to KCL version 1.14.5 (or higher) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Amazon | API Gateway | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| Amazon | AWS Lambda | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Amazon | Athena | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| Amazon | AWS Lambda | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Amazon | Athena JDBC Driver | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | All versions vended to customers were not affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| Amazon | AWS RDS | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified in CVE-2021-44228 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Amazon | AWS | | | Not Affected | | Amazon Linux 1 had aws apitools which were Java based but these were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Amazon | AWS S3 | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Amazon | AWS AppFlow | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| Amazon | AWS SNS | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon SNS systems that serve customer traffic are patched against the Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate separately from SNSs systems that serve customer traffic | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Amazon | AWS AppSync | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| Amazon | AWS SQS | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Amazon | AWS Certificate Manager | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| Amazon | CloudFront | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Amazon | AWS Certificate Manager Private CA | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| Amazon | CloudWatch | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Amazon | AWS CloudHSM | | < 3.4.1 | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | CloudHSM JCE SDK 3.4.1 or higher is not vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | EC2 | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Amazon | AWS CodeBuild | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | ELB | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Amazon | AWS CodePipeline | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | KMS | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Amazon | AWS Connect | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Vendors recommend evaluating components of the environment outside of the Amazon Connect service boundary, which may require separate/additional customer mitigation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 |
| Amazon | OpenSearch | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Amazon | AWS Directory Service | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 |
| Amazon | RDS | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Amazon | AWS DynamoDB | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| Amazon | Route 53 | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Amazon | AWS ECS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| Amazon | S3 | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Amazon | AWS EKS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| Amazon | Translate | | | Unknown | [link](https://aws.amazon.com/translate/) | Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Amazon | AWS Elastic Beanstalk | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Default configuration of applications usage of Log4j versions is not vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| Amazon | VPC | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Amazon | AWS ElastiCache | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| AMD | All | | | Unknown | [link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | Currently, no AMD products have been identified as affected. AMD is continuing its analysis. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Amazon | AWS ELB | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| Anaconda | Anaconda | | | Not Affected | [link](https://docs.conda.io/projects/conda/en/latest/index.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Amazon | AWS Fargate | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available as platform versions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| Amazon | AWS Glue | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Has been updated. Vulnerable only if ETL jobs load affected versions of Apache Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| Amazon | AWS Greengrass | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Updates for all Greengrass V2 components Stream Manager (2.0.14) and Secure Tunneling (1.0.6) are available. For Greengrass versions 1.10.x and 1.11.x, an update for the Stream Manager feature is included in Greengrass patch versions 1.10.5 and 1.11.5. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| Amazon | AWS Inspector | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| Amazon | AWS IoT SiteWise Edge | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Updates for all AWS IoT SiteWise Edge components that use Log4j were made available; OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher (v2.0.2). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| Amazon | AWS Kinesis Data Streams | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | We are actively patching all sub-systems that use Log4j2 by applying updates. The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade to KCL version 1.14.5 (or higher). KCL 2.x, KCL 1.14.5 or higher, and KPL are not vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Amazon | AWS KMS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | AWS Lambda | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Vulnerable when using aws-lambda-java-log4j2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | AWS Polly | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | AWS QuickSight | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | AWS RDS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified in CVE-2021-44228. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
| Amazon | AWS S3 | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Amazon | AWS SDK | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Amazon | AWS Secrets Manager | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Amazon | AWS Service Catalog | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
| Amazon | AWS SNS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon SNS systems that serve customer traffic are patched against the Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate separately from SNSs systems that serve customer traffic. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Amazon | AWS SQS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Amazon | AWS Systems Manager | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Amazon | AWS Systems Manager Agent | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Amazon | AWS Textract | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Amazon | Chime | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon Chime and Chime SDK services have been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Cloud Directory | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | CloudFront | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | CloudWatch | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Cognito | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Corretto | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | 10/19 release distribution does not include Log4j. Vulnerable only if customers applications use affected versions of Apache Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | DocumentDB | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | EC2 | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux 2022 is affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Amazon | ECR Public | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon-owned images published under a Verified Account on Amazon ECR Public are not affected by the Log4j issue. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Amazon | Elastic Load Balancing | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Services have been updated. All Elastic Load Balancers, as well as Classic, Application, Network and Gateway, are not affected by this Log4j issue. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Amazon | EMR | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Many customers are estimated to be vulnerable. Vulnerable only if affected EMR releases are used and untrusted sources are configured to be processed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | EventBridge | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Fraud Detector | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Inspector | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Inspector Classic | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Kafka (MSK) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Applying updates as required, portion of customers may still be vulnerable. Some MSK-specific service components use Log4j > 2.0.0 library and are being patched where needed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Kendra | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Keyspaces (for Apache Cassandra) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Kinesis | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Kinesis Data Analytics | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Lake Formation | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Update in progress, portion of customers may still be vulnerable. AWS Lake Formation service hosts are being updated to the latest version of Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Lex | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Linux (AL1) | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM layer issue is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Linux (AL2) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | By default not vulnerable, and a new version of Amazon Kinesis Agent which is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate the Log4j issue in JVM layer is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Lookout for Equipment | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Macie | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Macie Classic | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Managed Workflows for Apache Airflow (MWAA) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | MemoryDB for Redis | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Monitron | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | MQ | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Neptune | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | NICE | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Recommended to update EnginFrame or Log4j library. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | OpenSearch | | R20211203-P2 | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Update released, customers need to update their clusters to the fixed release. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Pinpoint | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | RDS Aurora | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | RDS for Oracle | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Redshift | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Rekognition | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Route 53 | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | SageMaker | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Completed patching for the Apache Log4j2 issue (CVE-2021-44228). Vulnerable only if customers applications use affected versions of Apache Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Simple Notification Service (SNS) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Systems that serve customer traffic are patched against the Log4j2 issue. Working to apply the patch to sub-systems that operate separately from SNSs systems that serve customer traffic. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Simple Queue Service (SQS) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Simple Workflow Service (SWF) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Single Sign-On | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Step Functions | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Timestream | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | Translate | | | Not Affected | [link](https://aws.amazon.com/translate/) | Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | VPC | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Amazon | WorkSpaces/AppStream 2.0 | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Not affected with default configurations. WorkDocs Sync client versions 1.2.895.1 and older within Windows WorkSpaces, which contain the Log4j component, are vulnerable; For update instruction, see source for more info. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| AMD | All | | | Not Affected | [link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | Currently, no AMD products have been identified as affected. AMD is continuing its analysis. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| Anaconda | All | | | Not Affected | [link](https://docs.conda.io/projects/conda/en/latest/index.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| AOMEI | All | | | Not Affected | [link](https://www.aomeitech.com/forum/index.php?p=/discussion/7651/aomei-and-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Apache | ActiveMQ Artemis | | | Not Affected | [link](https://activemq.apache.org/news/cve-2021-44228) | ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). Although this version of Log4j is not impacted by CVE-2021-44228 future versions of Artemis will be updated so that the Log4j jar is no longer included in the web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) for more information on that task. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Apache | ActiveMQ Artemis | | | Not Affected | [link](https://activemq.apache.org/news/cve-2021-44228) | ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). Although this version of Log4j is not impacted by CVE-2021-44228 future versions of Artemis will be updated so that the Log4j jar is no longer included in the web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) for more information on that task. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Apache | Airflow | | | Unknown | [link](https://github.com/apache/airflow/tree/main/airflow) | Airflow is written in Python | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Apache | Airflow | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Airflow is written in Python | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Apache | Camel | 3.14.1.3.11.5, 3.7.7 | | Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | | Apache | Archiva | | 2.2.6 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 2.2.6. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Apache | Camel 2 | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | | Apache | Camel | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 |
| Apache | Camel 2 | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 |
| Apache | Camel JBang | <=3.1.4 | | Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | | Apache | Camel JBang | <=3.1.4 | | Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 |
| Apache | Camel K | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | | Apache | Camel K | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 |
| Apache | Camel Karaf | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | The Karaf team is aware of this and are working on a new Karaf 4.3.4 release with updated log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | | Apache | Camel Kafka Connector | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 |
| Apache | Camel Quarkus | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | | Apache | Camel Karaf | | | Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | The Karaf team is aware of this and are working on a new Karaf 4.3.4 release with updated log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 |
| Apache | CamelKafka Connector | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | | Apache | Camel Quarkus | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 |
| Apache | Druid | < druid 0.22.0 | | Affected | [link](https://github.com/apache/druid/releases/tag/druid-0.22.1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | Apache | Cassandra | | | Not Affected | [link](https://lists.apache.org/thread/2rngylxw8bjos6xbo1krp29m9wn2hhdr) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 |
| Apache | Flink | | < 1.14.2, 1.13.5, 1.12.7, 1.11.6 | Fixed | [link](https://flink.apache.org/2021/12/10/log4j-cve.html) | To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. | [https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | Apache | Druid | | 0.22.1 | Fixed | [link](https://github.com/apache/druid/releases/tag/druid-0.22.1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
| Apache | Kafka | | | Not Affected | [link](https://kafka.apache.org/cve-list) | The current DB lists Apache Kafka as impacted. Apache Kafka uses Log4jv1, not v2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Apache | Dubbo | | All | Fixed | [link](https://github.com/apache/dubbo/issues/9380) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
| Apache | Kafka | Unknown | | Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | Only vulnerable in certain configuration(s) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Apache | Flink | | 1.15.0, 1.14.2, 1.13.5, 1.12.7, 1.11.6 | Fixed | [link](https://flink.apache.org/2021/12/10/log4j-cve.html) | To clarify and avoid confusion, the 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. | [https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
| Apache | Log4j | < 2.15.0 | | Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Apache | Fortress | | < 2.0.7 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 2.0.7. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Apache | Solr | | 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 | Fixed | [link](https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228) | Update to 8.11.1 or apply fixes as described in Solr security advisory | [Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | Apache | Geode | | 1.14.0 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 1.12.6, 1.13.5, 1.14.1. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Apache | Struts 2 | Versions before 2.5.28.1 | | Affected | [link](https://struts.apache.org/announce-2021) | The Apache Struts group is pleased to announce that Struts 2.5.28.1 is available as a “General Availability” release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by using the latest Log4j 2.12.2 version (Java 1.7 compatible). | [Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Apache | Guacamole | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Apache | Tomcat | 9.0.x | | Affected | [link](https://tomcat.apache.org/security-9.html) | Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications deployed on Apache Tomcat may have a dependency on log4j. You should seek support from the application vendor in this instance. It is possible to configure Apache Tomcat 9.0.x to use log4j 2.x for Tomcat's internal logging. This requires explicit configuration and the addition of the log4j 2.x library. Anyone who has switched Tomcat's internal logging to log4j 2.x is likely to need to address this vulnerability. In most cases, disabling the problematic feature will be the simplest solution. Exactly how to do that depends on the exact version of log4j 2.x being used. Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Apache | Hadoop | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Apache | HBase | | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Apache | Hive | | 4.x | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Apache | James | 3.6.0 | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Apache | Jena | | < 4.3.1 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Apache | JMeter | All | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Apache | JSPWiki | | 2.11.1 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Apache | Kafka | | | Not Affected | [link](https://kafka.apache.org/cve-list) | Uses Log4j 1.2.17. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Apache | Log4j 1.x | | | Not Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Apache | Log4j 2.x | 2.17.1 | | Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | Fixed in Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Apache | Maven | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Apache | NiFi | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 1.15.1, 1.16.0. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Apache | OFBiz | | < 18.12.03 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Apache | Ozone | | < 1.2.1 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 1.15.1, 1.16.0. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Apache | SkyWalking | | < 8.9.1 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Apache | SOLR | | 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 | Fixed | [link](https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228) | Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several configurations. | [Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| Apache | Spark | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Uses log4j 1.x | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Apache | Struts | 2.5.28 | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Apache | Struts 2 | | Versions before 2.5.28.1 | Fixed | [link](https://struts.apache.org/announce-2021) | The Apache Struts group is pleased to announce that Struts 2.5.28.1 is available as a General Availability release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by using the latest Log4j 2.12.2 version (Java 1.7 compatible). | [Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Apache | Tapestry | 5.7.3 | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Apache | Tika | 2.0.0 and up | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Apache | Tomcat | | | Unknown | [link](https://tomcat.apache.org/security-9.html) | Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications deployed on Apache Tomcat may have a dependency on log4j. You should seek support from the application vendor in this instance. It is possible to configure Apache Tomcat 9.0.x to use log4j 2.x for Tomcats internal logging. This requires explicit configuration and the addition of the log4j 2.x library. Anyone who has switched Tomcats internal logging to log4j 2.x is likely to need to address this vulnerability. In most cases, disabling the problematic feature will be the simplest solution. Exactly how to do that depends on the exact version of log4j 2.x being used. Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Apache | TrafficControl | | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Apache | ZooKeeper | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| APC by Schneider Electric | Powerchute Business Edition | | v9.5, v10.0.1, v10.0.2, v10.0.3, v10.0.4 | Fixed | [link](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | APC by Schneider Electric | Powerchute Business Edition | | v9.5, v10.0.1, v10.0.2, v10.0.3, v10.0.4 | Fixed | [link](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| APC by Schneider Electric | Powerchute Network Shutdown | | 4.2, 4.3, 4.4, 4.4.1 | Fixed | [link](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | APC by Schneider Electric | Powerchute Network Shutdown | | 4.2, 4.3, 4.4, 4.4.1 | Fixed | [link](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Apereo | CAS | 6.3.x & 6.4.x | | Affected | [link](https://apereo.github.io/2021/12/11/log4j-vuln/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Apereo | CAS | | 6.3.x, 6.4.x | Fixed | [link](https://apereo.github.io/2021/12/11/log4j-vuln/) | Other versions still in active maintainance might need manual inspection. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Apereo | Opencast | < 9.10, < 10.6 | | Affected | [link](https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Apereo | Opencast | | < 9.10, < 10.6 | Fixed | [link](https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Apigee | | | | Unknown | [link](https://status.apigee.com/incidents/3cgzb0q2r10p) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Apigee | Edge and OPDK products | | | Not Affected | [link](https://status.apigee.com/incidents/3cgzb0q2r10p) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Apollo | | | | Unknown | [link](https://community.apollographql.com/t/log4j-vulnerability/2214) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Apollo | All | | | Unknown | [link](https://community.apollographql.com/t/log4j-vulnerability/2214) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Appdynamics | | | | Unknown | [link](https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Appdynamics | All | | | Unknown | [link](https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Appeon | PowerBuilder | Appeon PowerBuilder 2017-2021 regardless of product edition | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Appeon | PowerBuilder | Appeon PowerBuilder 2017-2021 regardless of product edition | | Affected | [link](https://community.appeon.com/index.php/qna/q-a/apache-log4j-security-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| AppGate | | | | Unknown | [link](https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AppGate | All | | | Unknown | [link](https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Appian | Appian Platform | | All | Fixed | [link](https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Appian | Appian Platform | | All | Fixed | [link](https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| Application Performance Ltd | DBMarlin | Not Affected | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| Application Performance Ltd | DBMarlin | | | Unknown | [link](https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Application Performance Ltd | DBMarlin | | | Unknown | [link](https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
| APPSHEET | | | | Unknown | [link](https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | APPSHEET | All | | | Unknown | [link](https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Aptible | Aptible | ElasticSearch 5.x | | Affected | [link](https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Aptible | All | | Search 5.x | Fixed | [link](https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Aqua Security | | | | Unknown | [link](https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Aqua Security | All | | | Unknown | [link](https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Arbiter Systems | All | | | Unknown | [link](https://www.arbiter.com/news/index.php?id=4403) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Arbiter Systems | All | | | Not Affected | [link](https://www.arbiter.com/news/index.php?id=4403) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
| ARC Informatique | All | | | Not Affected | [link](https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | | ARC Informatique | All | | | Not Affected | [link](https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 |
| Arca Noae | | | | Unknown | [link](https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Arca Noae | All | | | Unknown | [link](https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Arcserve | Arcserve Backup | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | Arcserve Backup | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Arcserve | Arcserve Continuous Availability | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | Arcserve Continuous Availability | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Arcserve | Arcserve Email Archiving | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | Arcserve Email Archiving | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
@ -138,64 +277,102 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| Arcserve | ShadowXafe | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | ShadowXafe | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Arcserve | Solo | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | Solo | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Arcserve | StorageCraft OneXafe | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | StorageCraft OneXafe | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| ArcticWolf | | | | Unknown | [link](https://arcticwolf.com/resources/blog/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ArcticWolf | All | | | Unknown | [link](https://arcticwolf.com/resources/blog/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Arduino | | | | Unknown | [link](https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Arduino | IDE | | 1.8.17 | Fixed | [link](https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Ariba | | | | Unknown | [link](https://connectsupport.ariba.com/sites#announcements-display&/Event/908469) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Ariba | All | | | Unknown | [link](https://connectsupport.ariba.com/sites#announcements-display&/Event/908469) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Arista | | | | Unknown | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Arista | Analytics Node for Converged Cloud Fabric | >7.0.0 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | Formerly Big Cloud Fabric | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Aruba Networks | | | | Unknown | [link](https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjEwMTQ0;notificationCategory=Security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Arista | Analytics Node for DANZ Monitoring Fabric | >7.0.0 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | Formerly Big Monitoring Fabric | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Ataccama | | | | Unknown | [link](https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Arista | CloudVision Portal | >2019.1.0 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atera | | | | Unknown | [link](https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Arista | CloudVision Wi-Fi, virtual or physical appliance | >8.8 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Bamboo Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Arista | Embedded Analytics for Converged Cloud Fabric | >5.3.0 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | Formerly Big Cloud Fabric | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Bitbucket Server & Data Center | All | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product is not vulnerable to remote code execution but may leak information due to the bundled Elasticsearch component being vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Aruba Networks | AirWave Management Platform | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Confluence Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Aruba Networks | Analytics and Location Engine | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Crowd Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Aruba Networks | ArubaOS SD-WAN Gateways | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Crucible | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Aruba Networks | ArubaOS Wi-Fi Controllers and Gateways | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Fisheye | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Aruba Networks | ArubaOS-CX Switches | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Jira Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Aruba Networks | ArubaOS-S Switches | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Attivo networks | | | | Unknown | [link](https://www.attivonetworks.com/wp-content/uploads/2021/12/Log4j_Vulnerability-Advisory-211213-4.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Aruba Networks | Central | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Aruba Networks | Central On-Prem | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Aruba Networks | ClearPass Policy Manager | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Aruba Networks | EdgeConnect | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Aruba Networks | Fabric Composer (AFC) | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Aruba Networks | HP ProCurve Switches | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Aruba Networks | Instant | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Aruba Networks | Instant Access Points | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Aruba Networks | Instant On | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Aruba Networks | IntroSpect | | Versions 2.5.0.0 to 2.5.0.6 | Fixed | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Aruba Networks | Legacy GMS Products | | | Fixed | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Aruba Networks | Legacy NX | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Aruba Networks | Legacy VRX | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Aruba Networks | Legacy VX | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Aruba Networks | NetEdit | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Aruba Networks | Plexxi Composable Fabric Manager (CFM) | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Aruba Networks | Silver Peak Orchestrator | | | Fixed | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Aruba Networks | User Experience Insight (UXI) | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Aruba Networks | VIA Clients | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Ataccama | All | | | Unknown | [link](https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atera | All | | | Unknown | [link](https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Bamboo Server & Data Center | On Prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | Only vulnerable when using non-default config, cloud version fixed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Bitbucket Server & Data Center | | On prem | Fixed | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product is not vulnerable to remote code execution but may leak information due to the bundled Elasticsearch component being vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Confluence Server & Data Center | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | Only vulnerable when using non-default config, cloud version fixed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Confluence-CIS CSAT Pro | v1.7.1 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Confluence-CIS WorkBench | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Confluence-CIS-CAT Lite | v4.13.0 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Confluence-CIS-CAT Pro Assessor v3 Full and Dissolvable | v3.0.77 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Confluence-CIS-CAT Pro Assessor v4 | v4.13.0 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Confluence-CIS-CAT Pro Assessor v4 Service | v1.13.0 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Confluence-CIS-CAT Pro Dashboard | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Confluence-CIS-Hosted CSAT | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Crowd Server & Data Center | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Crucible | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Fisheye | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atlassian | Jira Server & Data Center | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Attivo Networks | All | | | Unknown | [link](https://www.attivonetworks.com/wp-content/uploads/2021/12/Log4j_Vulnerability-Advisory-211213-4.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Atvise | All | | | Not Affected | [link](https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen) | The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise solutions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | | Atvise | All | | | Not Affected | [link](https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen) | The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise solutions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 |
| AudioCodes | | | | Unknown | [link](https://services.audiocodes.com/app/answers/kbdetail/a_id/2225) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AudioCodes | All | | | Unknown | [link](https://services.audiocodes.com/app/answers/kbdetail/a_id/2225) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Autodesk | | | | Unknown | [link](https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html) | Autodesk is continuing to perform a thorough investigation in relation to the recently discovered Apache Log4j security vulnerabilities. We continue to implement several mitigating factors for our products including patching, network firewall blocks, and updated detection signatures to reduce the threat of this vulnerability and enhance our ability to quickly respond to potential malicious activity. We have not identified any compromised systems in the Autodesk environment due to this vulnerability, at this time. This is an ongoing investigation and we will provide updates on the [Autodesk Trust Center as we learn more](https://www.autodesk.com/trust/overview). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Autodesk | All | | | Unknown | [link](https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html) | Autodesk is continuing to perform a thorough investigation in relation to the recently discovered Apache Log4j security vulnerabilities. We continue to implement several mitigating factors for our products including patching, network firewall blocks, and updated detection signatures to reduce the threat of this vulnerability and enhance our ability to quickly respond to potential malicious activity. We have not identified any compromised systems in the Autodesk environment due to this vulnerability, at this time. This is an ongoing investigation and we will provide updates on the [Autodesk Trust Center as we learn more](https://www.autodesk.com/trust/overview). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Automox | | | | Unknown | [link](https://blog.automox.com/log4j-critical-vulnerability-scores-a-10) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Automation Anywhere | Automation 360 Cloud | | | Fixed | [link](https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Autopsy | | | | Unknown | [link](https://www.autopsy.com/autopsy-and-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Automation Anywhere | Automation 360 On Premise | | | Fixed | [link](https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Auvik | | | | Unknown | [link](https://status.auvik.com/incidents/58bfngkz69mj) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Automation Anywhere | Automation Anywhere | | 11.x, <11.3x | Fixed | [link](https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Avantra SYSLINK | | | | Unknown | [link](https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Automox | All | | | Unknown | [link](https://blog.automox.com/log4j-critical-vulnerability-scores-a-10) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Autopsy | All | | | Unknown | [link](https://www.autopsy.com/autopsy-and-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Auvik | All | | | Unknown | [link](https://status.auvik.com/incidents/58bfngkz69mj) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Avantra SYSLINK | All | | | Unknown | [link](https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Avaya | Avaya Analytics | 3.5, 3.6, 3.6.1, 3.7, 4 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Analytics | 3.5, 3.6, 3.6.1, 3.7, 4 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Avaya Aura for OneCloud Private | | | Unknown | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | Avaya is scanning and monitoring its OneCloud Private environments as part of its management activities. Avaya will continue to monitor this fluid situation and remediations will be made as patches become available, in accordance with appropriate change processes. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Aura Application Enablement Services | 8.1.3.2, 8.1.3.3, 10.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020551u](https://download.avaya.com/css/public/documents/101079386) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Avaya Aura® Application Enablement Services | 8.1.3.2, 8.1.3.3, 10.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020551u](https://download.avaya.com/css/public/documents/101079386) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Aura Contact Center | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Avaya Aura® Contact Center | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Aura Device Services | 8, 8.0.1, 8.0.2, 8.1, 8.1.3, 8.1.4, 8.1.5 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Avaya Aura® Device Services | 8, 8.1, 8.1.4, 8.1.5 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Aura for OneCloud Private | | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | Avaya is scanning and monitoring its OneCloud Private environments as part of its management activities. Avaya will continue to monitor this fluid situation and remediations will be made as patches become available, in accordance with appropriate change processes. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Avaya Aura® Device Services | 8.0.1, 8.0.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Aura Media Server | 8.0.0, 8.0.1, 8.0.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020549u](https://download.avaya.com/css/secure/documents/101079316) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Avaya Aura® Media Server | 8.0.0, 8.0.1, 8.0.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020549u](https://download.avaya.com/css/secure/documents/101079316) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Aura Presence Services | 10.1, 7.1.2, 8, 8.0.1, 8.0.2, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Avaya Aura® Presence Services | 10.1, 7.1.2, 8, 8.0.1, 8.0.2, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Aura Session Manager | 10.1, 7.1.3, 8, 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020550u](https://download.avaya.com/css/public/documents/101079384) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Avaya Aura® Session Manager | 10.1, 7.1.3, 8, 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020550u](https://download.avaya.com/css/public/documents/101079384) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Aura System Manager | 10.1, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN005565u](https://download.avaya.com/css/secure/documents/101079390) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Avaya Aura® System Manager | 10.1, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN005565u](https://download.avaya.com/css/secure/documents/101079390) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Aura Web Gateway | 3.11[P], 3.8.1[P], 3.8[P], 3.9.1[P], 3.9[P] | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Avaya Aura® Web Gateway | 3.11[P], 3.8.1[P], 3.8[P], 3.9.1 [P], 3.9[P] | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Breeze | 3.7, 3.8, 3.8.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Avaya Breeze™ | 3.7, 3.8, 3.8.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Avaya Contact Center Select | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Contact Center Select | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Avaya CRM Connector - Connected Desktop | 2.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya CRM Connector - Connected Desktop | 2.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Avaya Device Enablement Service | 3.1.22 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Device Enablement Service | 3.1.22 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Avaya Meetings | 9.1.10, 9.1.11, 9.1.12 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Meetings | 9.1.10, 9.1.11, 9.1.12 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Avaya one cloud private -UCaaS - Mid Market Aura | 1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Avaya OneCloud-Private | 2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya OneCloud-Private | 2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Avaya OneCloud-Private-UCaaS - Mid Market Aura | 1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Avaya Session Border Controller for Enterprise | 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020554u](https://download.avaya.com/css/public/documents/101079394) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Session Border Controller for Enterprise | 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020554u](https://download.avaya.com/css/public/documents/101079394) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Avaya Social Media Hub | | | Unknown | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Social Media Hub | | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Avaya Workforce Engagement | 5.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Workforce Engagement | 5.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Business Rules Engine | 3.4, 3.5, 3.6, 3.7 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Business Rules Engine | 3.4, 3.5, 3.6, 3.7 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Callback Assist | 5, 5.0.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Callback Assist | 5, 5.0.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Control Manager | 9.0.2, 9.0.2.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Control Manager | 9.0.2, 9.0.2.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Device Enrollment Service | 3.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Device Enrollment Service | 3.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Equinox™ Conferencing | 9.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Equinox Conferencing | 9.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Interaction Center | 7.3.9 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Interaction Center | 7.3.9 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | IP Office™ Platform | 11.0.4, 11.1, 11.1.1, 11.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | IP Office Platform | 11.0.4, 11.1, 11.1.1, 11.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| Avaya | Proactive Outreach Manager | 3.1.2, 3.1.3, 4, 4.0.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Proactive Outreach Manager | 3.1.2, 3.1.3, 4, 4.0.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
| AVEPOINT | | | | Unknown | [link](https://www.avepoint.com/company/java-zero-day-vulnerability-notification) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AVEPOINT | All | | | Unknown | [link](https://www.avepoint.com/company/java-zero-day-vulnerability-notification) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| AVM | | | | Unknown | [link](https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AVM | All | | | Not Affected | [link](https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C) | devices, firmware, software incl. MyFritz Service. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| AvTech RoomAlert | | | | Unknown | [link](https://avtech.com/articles/23124/java-exploit-room-alert-link/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AvTech RoomAlert | All | | | Unknown | [link](https://avtech.com/articles/23124/java-exploit-room-alert-link/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| AWS New | | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AXIS | OS | | | Not Affected | [link](https://help.axis.com/axis-os) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| AXON | | | | Unknown | [link](https://my.axon.com/s/trust/response-to-log4j2-vuln?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AXON | All | | | Unknown | [link](https://my.axon.com/s/trust/response-to-log4j2-vuln?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| AXS Guard | | | | Unknown | [link](https://www.axsguard.com/en_US/blog/security-news-4/log4j-vulnerability-77) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AXS Guard | All | | | Unknown | [link](https://www.axsguard.com/en_US/blog/security-news-4/log4j-vulnerability-77) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Axways Applications | | | | Unknown | [link](https://support.axway.com/news/1331/lang/en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Axways Applications | All | | | Unknown | [link](https://support.axway.com/news/1331/lang/en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| B&R Industrial Automation | APROL | | | Unknown | [link](https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | B&R Industrial Automation | APROL | | | Unknown | [link](https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
| BackBox | | | | Unknown | [link](https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | BackBox | | | | Unknown | [link](https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Balbix | | | | Unknown | [link](https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Balbix | | | | Unknown | [link](https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
@ -568,18 +745,18 @@ NOTE: This file is automatically generated. To submit updates, please refer to
| Cisco | duo network gateway (on-prem/self-hosted) | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cisco | duo network gateway (on-prem/self-hosted) | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Cisco | Exony Virtualized Interaction Manager (VIM) | | | Unknown | [link](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cisco | Exony Virtualized Interaction Manager (VIM) | | | Unknown | [link](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Cisco | Managed Services Accelerator (MSX) Network Access Control Service | | | Unknown | [link](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cisco | Managed Services Accelerator (MSX) Network Access Control Service | | | Unknown | [link](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Citrix | Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Citrix | Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Citrix | Citrix Application Delivery Management (NetScaler MAS) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Citrix | Citrix Application Delivery Management (NetScaler MAS) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Citrix | Citrix Cloud Connector | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Citrix | Citrix Cloud Connector | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Citrix | Citrix Connector Appliance for Cloud Services | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Citrix | Citrix Connector Appliance for Cloud Services | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Citrix | Citrix Content Collaboration (ShareFile Integration) Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Citrix | Citrix Content Collaboration (ShareFile Integration)Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Citrix | Citrix Endpoint Management (Citrix XenMobile Server) | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | For CVE-2021-44228 and CVE-2021-45046: ImpactedCustomers are advised to apply the latest CEM rolling patch updates listed below as soon as possible to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). Note: Customers who have upgraded their XenMobile Server to the updated versions are recommended not to apply the responder policy mentioned in the blog listed below to the Citrix ADC vserver in front of the XenMobile Server as it may impact the enrollment of Android devices. For CVE-2021-45105: Investigation in progress. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Citrix | Citrix Endpoint Management (Citrix XenMobile Server) | | 10.14 RP2, 10.13 RP5, 10.12 RP10 | Fixed | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Citrix | Citrix Hypervisor (XenServer) | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Citrix | Citrix Hypervisor (XenServer) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Citrix | Citrix License Server | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Citrix | Citrix License Server | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Citrix | Citrix SD-WAN | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Citrix | Citrix SD-WAN | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Citrix | Citrix Virtual Apps and Desktops (XenApp & XenDesktop) | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: Customers are advised to apply the latest update as soon as possible to reduce the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for additional mitigations. For CVE-2021-45105: Investigation has shown that Linux VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: Linux VDA LTSR all versions; All other CVAD components. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Citrix | Citrix Virtual Apps and Desktops (XenApp & XenDesktop) | | Linux Virtual Delivery Agent 2112 | Fixed | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Citrix | Citrix Workspace App | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Citrix | Citrix Workspace App | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Citrix | ShareFile Storage Zones Controller | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Citrix | ShareFile Storage Zones Controller | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
| Claris | | | | Unknown | [link](https://support.claris.com/s/article/CVE-2021-44228-Apache-Log4j-Vulnerability-and-Claris-products?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Claris | | | | Unknown | [link](https://support.claris.com/s/article/CVE-2021-44228-Apache-Log4j-Vulnerability-and-Claris-products?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Cloudera | AM2CM Tool | | | Unknown | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cloudera | AM2CM Tool | | | Unknown | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
| Cloudera | Ambari | Only versions 2.x, 1.x | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cloudera | Ambari | Only versions 2.x, 1.x | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

View file

@ -4588,22 +4588,20 @@ software:
unaffected_versions: unaffected_versions:
- All Platforms - All Platforms
cve-2021-45046: cve-2021-45046:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
cve-2021-45105: cve-2021-45105:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
vendor_links: vendor_links:
- https://support.citrix.com/article/CTX335705 - https://support.citrix.com/article/CTX335705
notes: Citrix continues to investigate any potential impact on Citrix-managed notes: ''
cloud services. If, as the investigation continues, any Citrix-managed services
are found to be affected by this issue, Citrix will take immediate action to
remediate the problem. Customers using Citrix-managed cloud services do not
need to take any action.
references: references:
- '' - ''
last_updated: '2021-12-21T00:00:00' last_updated: '2021-12-21T00:00:00'
@ -4622,22 +4620,20 @@ software:
unaffected_versions: unaffected_versions:
- All Platforms - All Platforms
cve-2021-45046: cve-2021-45046:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
cve-2021-45105: cve-2021-45105:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
vendor_links: vendor_links:
- https://support.citrix.com/article/CTX335705 - https://support.citrix.com/article/CTX335705
notes: Citrix continues to investigate any potential impact on Citrix-managed notes: ''
cloud services. If, as the investigation continues, any Citrix-managed services
are found to be affected by this issue, Citrix will take immediate action to
remediate the problem. Customers using Citrix-managed cloud services do not
need to take any action.
references: references:
- '' - ''
last_updated: '2021-12-21T00:00:00' last_updated: '2021-12-21T00:00:00'
@ -4650,27 +4646,26 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
cve-2021-45046: cve-2021-45046:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
cve-2021-45105: cve-2021-45105:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
vendor_links: vendor_links:
- https://support.citrix.com/article/CTX335705 - https://support.citrix.com/article/CTX335705
notes: Citrix continues to investigate any potential impact on Citrix-managed notes: ''
cloud services. If, as the investigation continues, any Citrix-managed services
are found to be affected by this issue, Citrix will take immediate action to
remediate the problem. Customers using Citrix-managed cloud services do not
need to take any action.
references: references:
- '' - ''
last_updated: '2021-12-21T00:00:00' last_updated: '2021-12-21T00:00:00'
@ -4683,32 +4678,31 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
cve-2021-45046: cve-2021-45046:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
cve-2021-45105: cve-2021-45105:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
vendor_links: vendor_links:
- https://support.citrix.com/article/CTX335705 - https://support.citrix.com/article/CTX335705
notes: Citrix continues to investigate any potential impact on Citrix-managed notes: ''
cloud services. If, as the investigation continues, any Citrix-managed services
are found to be affected by this issue, Citrix will take immediate action to
remediate the problem. Customers using Citrix-managed cloud services do not
need to take any action.
references: references:
- '' - ''
last_updated: '2021-12-21T00:00:00' last_updated: '2021-12-21T00:00:00'
- vendor: Citrix - vendor: Citrix
product: Citrix Content Collaboration (ShareFile Integration) Citrix Files for product: Citrix Content Collaboration (ShareFile Integration)Citrix Files for
Windows, Citrix Files for Mac, Citrix Files for Outlook Windows, Citrix Files for Mac, Citrix Files for Outlook
cves: cves:
cve-2021-4104: cve-2021-4104:
@ -4717,27 +4711,26 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
cve-2021-45046: cve-2021-45046:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
cve-2021-45105: cve-2021-45105:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
vendor_links: vendor_links:
- https://support.citrix.com/article/CTX335705 - https://support.citrix.com/article/CTX335705
notes: Citrix continues to investigate any potential impact on Citrix-managed notes: ''
cloud services. If, as the investigation continues, any Citrix-managed services
are found to be affected by this issue, Citrix will take immediate action to
remediate the problem. Customers using Citrix-managed cloud services do not
need to take any action.
references: references:
- '' - ''
last_updated: '2021-12-21T00:00:00' last_updated: '2021-12-21T00:00:00'
@ -4750,31 +4743,32 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions:
- 10.14 RP2
- 10.13 RP5
- 10.12 RP10
unaffected_versions: [] unaffected_versions: []
cve-2021-45046: cve-2021-45046:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions:
- 10.14 RP2
- 10.13 RP5
- 10.12 RP10
unaffected_versions: [] unaffected_versions: []
cve-2021-45105: cve-2021-45105:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions:
- 10.14 RP3
- 10.13 RP6
- 10.12 RP11
unaffected_versions: [] unaffected_versions: []
vendor_links: vendor_links:
- https://support.citrix.com/article/CTX335705 - https://support.citrix.com/article/CTX335705
notes: 'For CVE-2021-44228 and CVE-2021-45046: ImpactedCustomers are advised notes: ''
to apply the latest CEM rolling patch updates listed below as soon as possible
to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763);
[XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753);
and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785).
Note: Customers who have upgraded their XenMobile Server to the updated versions
are recommended not to apply the responder policy mentioned in the blog listed
below to the Citrix ADC vserver in front of the XenMobile Server as it may impact
the enrollment of Android devices. For CVE-2021-45105: Investigation in progress.'
references: references:
- '' - ''
last_updated: '2021-12-21T00:00:00' last_updated: '2021-12-21T00:00:00'
@ -4787,27 +4781,26 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
cve-2021-45046: cve-2021-45046:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
cve-2021-45105: cve-2021-45105:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
vendor_links: vendor_links:
- https://support.citrix.com/article/CTX335705 - https://support.citrix.com/article/CTX335705
notes: Citrix continues to investigate any potential impact on Citrix-managed notes: ''
cloud services. If, as the investigation continues, any Citrix-managed services
are found to be affected by this issue, Citrix will take immediate action to
remediate the problem. Customers using Citrix-managed cloud services do not
need to take any action.
references: references:
- '' - ''
last_updated: '2021-12-21T00:00:00' last_updated: '2021-12-21T00:00:00'
@ -4820,27 +4813,26 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
cve-2021-45046: cve-2021-45046:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
cve-2021-45105: cve-2021-45105:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
vendor_links: vendor_links:
- https://support.citrix.com/article/CTX335705 - https://support.citrix.com/article/CTX335705
notes: Citrix continues to investigate any potential impact on Citrix-managed notes: ''
cloud services. If, as the investigation continues, any Citrix-managed services
are found to be affected by this issue, Citrix will take immediate action to
remediate the problem. Customers using Citrix-managed cloud services do not
need to take any action.
references: references:
- '' - ''
last_updated: '2021-12-21T00:00:00' last_updated: '2021-12-21T00:00:00'
@ -4859,22 +4851,20 @@ software:
unaffected_versions: unaffected_versions:
- All Platforms - All Platforms
cve-2021-45046: cve-2021-45046:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
cve-2021-45105: cve-2021-45105:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
vendor_links: vendor_links:
- https://support.citrix.com/article/CTX335705 - https://support.citrix.com/article/CTX335705
notes: Citrix continues to investigate any potential impact on Citrix-managed notes: ''
cloud services. If, as the investigation continues, any Citrix-managed services
are found to be affected by this issue, Citrix will take immediate action to
remediate the problem. Customers using Citrix-managed cloud services do not
need to take any action.
references: references:
- '' - ''
last_updated: '2021-12-21T00:00:00' last_updated: '2021-12-21T00:00:00'
@ -4887,30 +4877,26 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions:
- Linux Virtual Delivery Agent 2112
unaffected_versions: [] unaffected_versions: []
cve-2021-45046: cve-2021-45046:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions:
- Linux Virtual Delivery Agent 2112
unaffected_versions: [] unaffected_versions: []
cve-2021-45105: cve-2021-45105:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
vendor_links: vendor_links:
- https://support.citrix.com/article/CTX335705 - https://support.citrix.com/article/CTX335705
notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: notes: ''
Customers are advised to apply the latest update as soon as possible to reduce
the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html).
See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for
additional mitigations. For CVE-2021-45105: Investigation has shown that Linux
VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30,
released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED:
Linux VDA LTSR all versions; All other CVAD components.'
references: references:
- '' - ''
last_updated: '2021-12-21T00:00:00' last_updated: '2021-12-21T00:00:00'
@ -4929,22 +4915,20 @@ software:
unaffected_versions: unaffected_versions:
- All Platforms - All Platforms
cve-2021-45046: cve-2021-45046:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
cve-2021-45105: cve-2021-45105:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
vendor_links: vendor_links:
- https://support.citrix.com/article/CTX335705 - https://support.citrix.com/article/CTX335705
notes: Citrix continues to investigate any potential impact on Citrix-managed notes: ''
cloud services. If, as the investigation continues, any Citrix-managed services
are found to be affected by this issue, Citrix will take immediate action to
remediate the problem. Customers using Citrix-managed cloud services do not
need to take any action.
references: references:
- '' - ''
last_updated: '2021-12-21T00:00:00' last_updated: '2021-12-21T00:00:00'
@ -4957,27 +4941,26 @@ software:
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions: []
cve-2021-44228: cve-2021-44228:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
cve-2021-45046: cve-2021-45046:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
cve-2021-45105: cve-2021-45105:
investigated: false investigated: true
affected_versions: [] affected_versions: []
fixed_versions: [] fixed_versions: []
unaffected_versions: [] unaffected_versions:
- All Platforms
vendor_links: vendor_links:
- https://support.citrix.com/article/CTX335705 - https://support.citrix.com/article/CTX335705
notes: Citrix continues to investigate any potential impact on Citrix-managed notes: ''
cloud services. If, as the investigation continues, any Citrix-managed services
are found to be affected by this issue, Citrix will take immediate action to
remediate the problem. Customers using Citrix-managed cloud services do not
need to take any action.
references: references:
- '' - ''
last_updated: '2021-12-21T00:00:00' last_updated: '2021-12-21T00:00:00'