1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-25 18:00:48 +00:00

Merge branch 'develop' into patch-1

This commit is contained in:
iainDe 2022-01-06 17:32:31 -05:00 committed by GitHub
commit 61f2be6c1e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -574,7 +574,7 @@ This list was initially populated using information from the following sources:
| ConnectWise | | | | | [ConnectWise Advisory Link](https://www.connectwise.com/company/trust/advisories) | | | | | ConnectWise | | | | | [ConnectWise Advisory Link](https://www.connectwise.com/company/trust/advisories) | | | |
| ContrastSecurity | | | | | [ContrastSecurity Article](https://support.contrastsecurity.com/hc/en-us/articles/4412612486548) | | | | | ContrastSecurity | | | | | [ContrastSecurity Article](https://support.contrastsecurity.com/hc/en-us/articles/4412612486548) | | | |
| ControlUp | | | | | [ControlUp Link](https://status.controlup.com/incidents/qqyvh7b1dz8k) | | | | | ControlUp | | | | | [ControlUp Link](https://status.controlup.com/incidents/qqyvh7b1dz8k) | | | |
| COPADATA | | | | | [COPADATA Support Services](https://www.copadata.com/en/support-services/knowledge-base-faq/pare-products-in-the-zenon-product-family-affect-4921/) | | | | | COPADATA | All | | Not Affected | | [COPADATA Advisory Link](https://www.copadata.com/fileadmin/user_upload/faq/files/InformationReport_CVE_2021_44228.pdf) | | | 01/06/2022 |
| CouchBase | | | | | [CouchBase Forums](https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402) | | | | | CouchBase | | | | | [CouchBase Forums](https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402) | | | |
| CPanel | | | | | [CPanel Forms](https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/) | | | | | CPanel | | | | | [CPanel Forms](https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/) | | | |
| Cradlepoint | | | | | [Cradlepoint](https://cradlepoint.com/vulnerability-alerts/cve-2021-44228-apache-log4j-security-vulnerabilities/) | | | | | Cradlepoint | | | | | [Cradlepoint](https://cradlepoint.com/vulnerability-alerts/cve-2021-44228-apache-log4j-security-vulnerabilities/) | | | |
@ -584,6 +584,25 @@ This list was initially populated using information from the following sources:
| CyberArk | Privileged Threat Analytics (PTA) | N/A | Fixed | Yes | [CyberArk Customer Force](https://cyberark-customers.force.com/s/article/Critical-Vulnerability-CVE-2021-44228) | | This advisory is available to customers only and has not been reviewed by CISA. | 12/14/2021 | | CyberArk | Privileged Threat Analytics (PTA) | N/A | Fixed | Yes | [CyberArk Customer Force](https://cyberark-customers.force.com/s/article/Critical-Vulnerability-CVE-2021-44228) | | This advisory is available to customers only and has not been reviewed by CISA. | 12/14/2021 |
| Cybereason | | | | | [Cybereason Blog Post](https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228) | | | | | Cybereason | | | | | [Cybereason Blog Post](https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228) | | | |
| CyberRes | | | | | [CyberRes Community Link](https://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44228) | | | | | CyberRes | | | | | [CyberRes Community Link](https://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44228) | | | |
| Daktronics | All Sport Pro | | Not Affected | | [Daktronics Advisory Link](https://www.daktronics.com/en-us/support/kb/000025337) | | | 01/06/2022 |
| Daktronics | Data Vision Software (DVS) | | Not Affected | | [Daktronics Advisory Link](https://www.daktronics.com/en-us/support/kb/000025337) | DVS has one microservice that uses Log4j, but it uses a version that is not impacted. | | 01/06/2022 |
| Daktronics | Dakronics Web Player | DWP-1000 | Under Investigation | | [Daktronics Advisory Link](https://www.daktronics.com/en-us/support/kb/000025337) | DWP-1000: Not present in our codebase, but awaiting confirmation from LG re: webOS platform. | | 01/06/2022 |
| Daktronics | Dakronics Media Player | DMP (any series)| Not Affected | | [Daktronics Advisory Link](https://www.daktronics.com/en-us/support/kb/000025337) | | | 01/06/2022 |
| Daktronics | Dynamic Messaging System (DMS) | | Not Affected | | [Daktronics Advisory Link](https://www.daktronics.com/en-us/support/kb/000025337) | | | 01/06/2022 |
| Daktronics | Dynamic Messaging System - DMS Core Player | P10 | Not Affected | | [Daktronics Advisory Link](https://www.daktronics.com/en-us/support/kb/000025337) | | | 01/06/2022 |
| Daktronics | Dynamic Messaging System - DMS Player hardware | AMP-R200, AMP-R400, AMP-R800, AMP-SM100, AMP-SE100, AMP-SM200, AMP-SM400 | Not Affected | | [Daktronics Advisory Link](https://www.daktronics.com/en-us/support/kb/000025337) | | | 01/06/2022 |
| Daktronics | Dynamic Messaging System - DMS Web Player | | Under Investigation | | [Daktronics Advisory Link](https://www.daktronics.com/en-us/support/kb/000025337) | DMS Web Player: Not present in our codebase, but awaiting confirmation from LG re: webOS platform. | | 01/06/2022 |
| Daktronics | IBoot - Dataprobe IBoot Devices | A-3257,3256,2270,2269,1978 | Not Affected | | [Daktronics Advisory Link](https://www.daktronics.com/en-us/support/kb/000025337) | | | 01/06/2022 |
| Daktronics | Outdoor Smartlink Devices | A-3189335,3128, 3416, 3418,3707,3708,3709 | Not Affected | | [Daktronics Advisory Link](https://www.daktronics.com/en-us/support/kb/000025337) | | | 01/06/2022 |
| Daktronics | Routers - Cisco Meraki Z3/Z3c Routers | A-4036028 | Not Affected | | [Daktronics Advisory Link](https://www.daktronics.com/en-us/support/kb/000025337) | | | 01/06/2022 |
| Daktronics | Routers - Cisco Z1 Routers | A-3665 | Not Affected | | [Daktronics Advisory Link](https://www.daktronics.com/en-us/support/kb/000025337) | | | 01/06/2022 |
| Daktronics | Routers - Sierra Wireless RV50x/RV50 | A-3350704 | Under Investigation | | [Daktronics Advisory Link](https://www.daktronics.com/en-us/support/kb/000025337) | | | 01/06/2022 |
| Daktronics | Show Control System (SCS) | | Not Affected | | [Daktronics Advisory Link](https://www.daktronics.com/en-us/support/kb/000025337) | | | 01/06/2022 |
| Daktronics | Vanguard | | Not Affected | | [Daktronics Advisory Link](https://www.daktronics.com/en-us/support/kb/000025337) | | | 01/06/2022 |
| Daktronics | Venus 1500 | | Under Investigation | | [Daktronics Advisory Link](https://www.daktronics.com/en-us/support/kb/000025337) | | | 01/06/2022 |
| Daktronics | Venus Control Suite (VCS) | | Not Affected | | [Daktronics Advisory Link](https://www.daktronics.com/en-us/support/kb/000025337) | | | 01/06/2022 |
| Daktronics | Video Image Processors | VIP-5060/VIP-5160/VIP-4060 | Not Affected | | [Daktronics Advisory Link](https://www.daktronics.com/en-us/support/kb/000025337) | | | 01/06/2022 |
| Daktronics | Webcam - Mobotix | A-2242, A-3127,A-3719 | Not Affected | | [Daktronics Advisory Link](https://www.daktronics.com/en-us/support/kb/000025337) | | | 01/06/2022 |
| DarkTrace | | | | | [DarkTrace Customer Portal](https://customerportal.darktrace.com/inside-the-soc/get-article/201) | | | | | DarkTrace | | | | | [DarkTrace Customer Portal](https://customerportal.darktrace.com/inside-the-soc/get-article/201) | | | |
| Dassault Systèmes | | | | | [Dassault Systemes Link](https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e) | | | | | Dassault Systèmes | | | | | [Dassault Systemes Link](https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e) | | | |
| Databricks | | | | | [Databricks Google Doc](https://docs.google.com/document/d/e/2PACX-1vREjwZk17BAHGwj5Phizi4DPFS9EIUbAMX-CswlgbFwqwKXNKZC8MrT-L6wUgfIChsSHtvd_QD3-659/pub) | | | | | Databricks | | | | | [Databricks Google Doc](https://docs.google.com/document/d/e/2PACX-1vREjwZk17BAHGwj5Phizi4DPFS9EIUbAMX-CswlgbFwqwKXNKZC8MrT-L6wUgfIChsSHtvd_QD3-659/pub) | | | |
@ -886,6 +905,7 @@ This list was initially populated using information from the following sources:
| Digi International | Remote Hub Config Utility | | Not Affected | | [Digi International Advisory Link](https://www.digi.com/resources/security) | | | 12/21/2021 | | Digi International | Remote Hub Config Utility | | Not Affected | | [Digi International Advisory Link](https://www.digi.com/resources/security) | | | 12/21/2021 |
| Digicert | | | | | [Digicert Link](https://knowledge.digicert.com/alerts/digicert-log4j-response.html) | | | | | Digicert | | | | | [Digicert Link](https://knowledge.digicert.com/alerts/digicert-log4j-response.html) | | | |
| Digital AI | | | | | [Digital AI Article](https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1) | | | | | Digital AI | | | | | [Digital AI Article](https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1) | | | |
| Digital Alert Systems | All | | Not Affected | | [Digital Alert Systems](https://www.digitalalertsystems.com/default-2.htm) | Formerly Monroe Electronics, Inc. | | 01/05/2022 |
| DNSFilter | | | | | [DNSFilter Blog Post](https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability) | | | | | DNSFilter | | | | | [DNSFilter Blog Post](https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability) | | | |
| Docker | | | | | [Docker Blog Post](https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/) | | | | | Docker | | | | | [Docker Blog Post](https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/) | | | |
| Docusign | | | | | [Docusign Alert](https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability) | | | | | Docusign | | | | | [Docusign Alert](https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability) | | | |
@ -903,6 +923,7 @@ This list was initially populated using information from the following sources:
| Eaton | Undisclosed | Undisclosed | Affected | | [Security Bulletin](https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf) | Doesn't openly disclose what products are affected or not for quote 'security purposes'. Needs email registration. No workaround provided due to registration wall. | | | | Eaton | Undisclosed | Undisclosed | Affected | | [Security Bulletin](https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf) | Doesn't openly disclose what products are affected or not for quote 'security purposes'. Needs email registration. No workaround provided due to registration wall. | | |
| EclecticIQ | | | | | [EclecticIQ Advisory](https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2) | | | | | EclecticIQ | | | | | [EclecticIQ Advisory](https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2) | | | |
| Eclipse Foundation | | | | | [Eclipse Foundation Wiki](https://wiki.eclipse.org/Eclipse_and_log4j2_vulnerability_(CVE-2021-44228)) | | | | | Eclipse Foundation | | | | | [Eclipse Foundation Wiki](https://wiki.eclipse.org/Eclipse_and_log4j2_vulnerability_(CVE-2021-44228)) | | | |
| Edwards | | | Not Affected | | [Edwards Adviory Link](https://www.edwards.com/devices/support/product-security) | | | 01/06/2022 |
| EFI | | | | | [EFI Link](https://communities.efi.com/s/article/Are-Fiery-Servers-vulnerable-to-CVE-2021-44228-Apache-Log4j2?language=en_US) | | | | | EFI | | | | | [EFI Link](https://communities.efi.com/s/article/Are-Fiery-Servers-vulnerable-to-CVE-2021-44228-Apache-Log4j2?language=en_US) | | | |
| EGroupware | | | | | [EGroupware Link](https://help.egroupware.org/t/uk-de-statement-log4j-log4shell/76430) | | | | | EGroupware | | | | | [EGroupware Link](https://help.egroupware.org/t/uk-de-statement-log4j-log4shell/76430) | | | |
| Elastic | APM Java Agent | | Under Investigation | | [Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | 12/15/2021 | | Elastic | APM Java Agent | | Under Investigation | | [Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | 12/15/2021 |
@ -1346,6 +1367,11 @@ This list was initially populated using information from the following sources:
| Hitachi Energy | UNEM | R15A, R14B, R14A, R11B SP1 | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | A patch is available for releases R15A, R14B, R14A and R11B SP1. For details on how to apply such patch, please refer to the technical bulletin “UNEM - Installation of Log4j Patch”, version A (1KHW029176) available in the Hitachi Energy Customer Connect Portal. | | 01/05/2022 | | Hitachi Energy | UNEM | R15A, R14B, R14A, R11B SP1 | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | A patch is available for releases R15A, R14B, R14A and R11B SP1. For details on how to apply such patch, please refer to the technical bulletin “UNEM - Installation of Log4j Patch”, version A (1KHW029176) available in the Hitachi Energy Customer Connect Portal. | | 01/05/2022 |
| Hitachi Energy | UNEM | R11A and R10 series | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | Apply General Mitigations and upgrade to latest version. For upgrades, please get in touch with your Hitachi Energy contacts. | | 01/05/2022 | | Hitachi Energy | UNEM | R11A and R10 series | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | Apply General Mitigations and upgrade to latest version. For upgrades, please get in touch with your Hitachi Energy contacts. | | 01/05/2022 |
| Hitachi Vantara | | | | | [Hitachi Vantara](https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2) | | | | | Hitachi Vantara | | | | | [Hitachi Vantara](https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2) | | | |
| HMS Industrial Networks AB | Talk2M including M2Web | | Fixed | Yes | [HMS Advisory Link](https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11) | | | 01/05/2022 |
| HMS Industrial Networks AB | Cosy, Flexy and Ewon CD | | Not Affected | | [HMS Advisory Link](https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11) | | | 01/05/2022 |
| HMS Industrial Networks AB | eCatcher Windows software| | Fixed | Yes | [HMS Advisory Link](https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11) | | | 01/05/2022 |
| HMS Industrial Networks AB | eCatcher Mobile applications | | Not Affected | | [HMS Advisory Link](https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11) | | | 01/05/2022 |
| HMS Industrial Networks AB | Netbiter Hardware including EC, WS, and LC | | Not Affected | | [HMS Advisory Link](https://www.hms-networks.com/docs/librariesprovider6/cybersecurity/hms-security-advisory-2021-12-13-001---ewon-information-log4shell.pdf?sfvrsn=55d7f4d7_11) | | | 01/05/2022 |
| Honeywell | | | | | [Honeywell Statement](https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability) | | | | | Honeywell | | | | | [Honeywell Statement](https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability) | | | |
| HP | Teradici Cloud Access Controller | < v113 | Fixed | Yes | [Apache Log4j update for Teradici PCoIP Connection Manager, Teradici Cloud Access Connector, Teradici PCoIP License Server, Teradici Management Console, and Teradici EMSDK](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | 2021-12-17 | | HP | Teradici Cloud Access Controller | < v113 | Fixed | Yes | [Apache Log4j update for Teradici PCoIP Connection Manager, Teradici Cloud Access Connector, Teradici PCoIP License Server, Teradici Management Console, and Teradici EMSDK](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | 2021-12-17 |
| HP | Teradici EMSDK | < 1.0.6 | Fixed | Yes | [Apache Log4j update for Teradici PCoIP Connection Manager, Teradici Cloud Access Connector, Teradici PCoIP License Server, Teradici Management Console, and Teradici EMSDK](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | 2021-12-17 | | HP | Teradici EMSDK | < 1.0.6 | Fixed | Yes | [Apache Log4j update for Teradici PCoIP Connection Manager, Teradici Cloud Access Connector, Teradici PCoIP License Server, Teradici Management Console, and Teradici EMSDK](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | 2021-12-17 |
@ -1743,6 +1769,7 @@ This list was initially populated using information from the following sources:
| Ivanti | | | | | [Ivanti Statement](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | | | Ivanti | | | | | [Ivanti Statement](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | |
| Jamasoftware | | | | | [Jamasoftware Statement](https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22) | | | | | Jamasoftware | | | | | [Jamasoftware Statement](https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22) | | | |
| Jamf | Jamf Pro | 10.31.0 10.34.0 | Affected | Yes | [Mitigating the Apache Log4j 2 Vulnerability](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | | | Jamf | Jamf Pro | 10.31.0 10.34.0 | Affected | Yes | [Mitigating the Apache Log4j 2 Vulnerability](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | |
| Janitza | GridVis | 8.0.82 | Not Affected | | [Janitza Advisory Link](https://www.janitza.com/us/gridvis-download.html) | | | 01/05/2022 |
| Jaspersoft | | | | | [Jaspersoft Statement](https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products) | | | | | Jaspersoft | | | | | [Jaspersoft Statement](https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products) | | | |
| Jedox | | | | | [Jedox Statement](https://www.jedox.com/en/trust/) | | | | | Jedox | | | | | [Jedox Statement](https://www.jedox.com/en/trust/) | | | |
| Jenkins | CI/CD Core | | Not Affected | | | | | | | Jenkins | CI/CD Core | | Not Affected | | | | | |
@ -1966,6 +1993,7 @@ This list was initially populated using information from the following sources:
| McAfee | Web Gateway (MWG) | | Foxed | | [https://kc.mcafee.com/agent/index?page=content&id=SB10377](https://kc.mcafee.com/agent/index?page=content&id=SB10377) | | | 12/20/2021 | | McAfee | Web Gateway (MWG) | | Foxed | | [https://kc.mcafee.com/agent/index?page=content&id=SB10377](https://kc.mcafee.com/agent/index?page=content&id=SB10377) | | | 12/20/2021 |
| Medtronic | | | Under Investigation | | [Medtronic Advisory Link](https://global.medtronic.com/xg-en/product-security/security-bulletins/log4j-vulnerabilities.html) | | | 12/21/2021 | | Medtronic | | | Under Investigation | | [Medtronic Advisory Link](https://global.medtronic.com/xg-en/product-security/security-bulletins/log4j-vulnerabilities.html) | | | 12/21/2021 |
| MEINBERG | | | | | [MEINBERG Information](https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm) | | | | | MEINBERG | | | | | [MEINBERG Information](https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm) | | | |
| MEINBERG | LANTIME and microSync | | Not Affected | | [Meinberg Advisory Link](https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm) | | | 01/05/2022 |
| Meltano | Meltano | | Not affected | | [Meltano](https://github.com/meltano/meltano) | Project is written in Python | | | | Meltano | Meltano | | Not affected | | [Meltano](https://github.com/meltano/meltano) | Project is written in Python | | |
| Memurai | | | | | [Memurai Information](https://www.memurai.com/blog/apache-log4j2-cve-2021-44228) | | | | | Memurai | | | | | [Memurai Information](https://www.memurai.com/blog/apache-log4j2-cve-2021-44228) | | | |
| MicroFocus | | | | | [MicroFocus Statement](https://portal.microfocus.com/s/customportalsearch?language=en_US&searchtext=CVE-2021-44228) | | | | | MicroFocus | | | | | [MicroFocus Statement](https://portal.microfocus.com/s/customportalsearch?language=en_US&searchtext=CVE-2021-44228) | | | |
@ -1986,6 +2014,8 @@ This list was initially populated using information from the following sources:
| Mirantis | | | | | [Mirantis Statement](https://github.com/Mirantis/security/blob/main/news/cve-2021-44288.md) | | | | | Mirantis | | | | | [Mirantis Statement](https://github.com/Mirantis/security/blob/main/news/cve-2021-44288.md) | | | |
| Miro | | | | | [Miro Log4j Updates](https://miro.com/trust/updates/log4j/) | | | | | Miro | | | | | [Miro Log4j Updates](https://miro.com/trust/updates/log4j/) | | | |
| Mitel | | | | | [Mitel Statement](https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010) | | | | | Mitel | | | | | [Mitel Statement](https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010) | | | |
| MMM Group | Control software of all MMM series | | Not Affected | | [MMM Group Advisory Link](https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j) | | | 01/05/2022 |
| MMM Group | RUMED360 Cycles, RUMED360 Cycles View, RUMED360 Sicon, RUMED360 ISA-Server | | Affected | | [MMM Group Advisory Link](https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j) | | | 01/05/2022 |
| MobileIron | Core | All Versions | Affected | Yes | [https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | 12/20/21 | | MobileIron | Core | All Versions | Affected | Yes | [https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | 12/20/21 |
| MobileIron | Core Connector | All Versions | Affected | Yes | [https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | 12/20/21 | | MobileIron | Core Connector | All Versions | Affected | Yes | [https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | 12/20/21 |
| MobileIron | Reporting Database (RDB) | All Versions | Affected | Yes | [https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | 12/20/21 | | MobileIron | Reporting Database (RDB) | All Versions | Affected | Yes | [https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | 12/20/21 |
@ -2008,6 +2038,7 @@ This list was initially populated using information from the following sources:
| N-able | | | | | [N-able Statement](https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability) | | | | | N-able | | | | | [N-able Statement](https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability) | | | |
| Nagios | | | | | [Nagios Statement](https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/) | | | | | Nagios | | | | | [Nagios Statement](https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/) | | | |
| NAKIVO | | | | | [NAKIVO Statement](https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145) | | | | | NAKIVO | | | | | [NAKIVO Statement](https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145) | | | |
| National Instruments | OptimalPlus | | Affected | | [National Instruments Advisory Link](https://www.ni.com/en-us/support/documentation/supplemental/21/ni-response-to-apache-log4j-vulnerability-.html) | (Limited to deployments running Veritas, Cloudera, or Logstash) Contact Technical Support | | 01/05/2022 |
| Neo4j | Neo4j Graph Database| Version >4.2, <4..2.12 | Affected | No | | | | 12/13/2021| | Neo4j | Neo4j Graph Database| Version >4.2, <4..2.12 | Affected | No | | | | 12/13/2021|
| Netapp | Multiple NetApp products | | Affected | | [https://security.netapp.com/advisory/ntap-20211210-0007/](https://security.netapp.com/advisory/ntap-20211210-0007/) | | | | | Netapp | Multiple NetApp products | | Affected | | [https://security.netapp.com/advisory/ntap-20211210-0007/](https://security.netapp.com/advisory/ntap-20211210-0007/) | | | |
| Netcup | | | | | [Netcup Statement](https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/) | | | | | Netcup | | | | | [Netcup Statement](https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/) | | | |
@ -2429,13 +2460,17 @@ This list was initially populated using information from the following sources:
| Siemens Healthineers | X.Ceed Somaris 10 VA40* | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 | | Siemens Healthineers | X.Ceed Somaris 10 VA40* | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 |
| Siemens Healthineers | X.Cite Somaris 10 VA30*/VA40* | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 | | Siemens Healthineers | X.Cite Somaris 10 VA30*/VA40* | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 |
| Sierra Wireless | | | | | [Sierra Wireless Security Bulletin](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/) | | | | | Sierra Wireless | | | | | [Sierra Wireless Security Bulletin](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/) | | | |
| Sierra Wireless | AM/AMM servers | | Affected | No | [Sierra Wireless Advisory Link](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs) | | | 01/05/2022 |
| Sierra Wireless | AirVantage and Octave cloud platforms | | Affected | No | [Sierra Wireless Advisory Link](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs) |These systems do not operate with the specific non-standard configuration required for CVE-2021-25046 and hence were not vulnerable to it. | | 01/05/2022 |
| Signald | | | | | [Signald Gitlab](https://gitlab.com/signald/signald/-/issues/259) | | | | | Signald | | | | | [Signald Gitlab](https://gitlab.com/signald/signald/-/issues/259) | | | |
| Silver Peak | Orchestrator, Silver Peak GMS | | Affected | No | [Security Advisory Notice Apache](https://www.arubanetworks.com/website/techdocs/sdwan/docs/advisories/media/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf) | Customer managed Orchestrator and legacy GMS products are affected by this vulnerability. This includes on-premise and customer managed instances running in public cloud services such as AWS, Azure, Google, or Oracle Cloud. See Corrective Action Required for details about how to mitigate this exploit. | | 12/14/2021 | | Silver Peak | Orchestrator, Silver Peak GMS | | Affected | No | [Security Advisory Notice Apache](https://www.arubanetworks.com/website/techdocs/sdwan/docs/advisories/media/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf) | Customer managed Orchestrator and legacy GMS products are affected by this vulnerability. This includes on-premise and customer managed instances running in public cloud services such as AWS, Azure, Google, or Oracle Cloud. See Corrective Action Required for details about how to mitigate this exploit. | | 12/14/2021 |
| SingleWire | | | | | [SingleWire Support Link](https://support.singlewire.com/s/article/Apache-Log4j2-vulnerability-CVE-2021-44228) |This advisory is available to customers only and has not been reviewed by CISA | | | | SingleWire | | | | | [SingleWire Support Link](https://support.singlewire.com/s/article/Apache-Log4j2-vulnerability-CVE-2021-44228) |This advisory is available to customers only and has not been reviewed by CISA | | |
| SISCO | | | Not Affected | | [SISCO Advisory Link](https://sisconet.com/sisco-news/log4j/) | | | 01/05/2022 |
| Sitecore | | | | | [Sitecore Support Link](https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001391) | | | | | Sitecore | | | | | [Sitecore Support Link](https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001391) | | | |
| Skillable | | | | | [Skillable Link](https://skillable.com/log4shell/) | | | | | Skillable | | | | | [Skillable Link](https://skillable.com/log4shell/) | | | |
| SLF4J | | | | | [SLF4J Link](http://slf4j.org/log4shell.html) | | | | | SLF4J | | | | | [SLF4J Link](http://slf4j.org/log4shell.html) | | | |
| Slurm | Slurm | 20.11.8 | Not Affected | | [https://slurm.schedmd.com/documentation.html](https://slurm.schedmd.com/documentation.html) | | | 12/21/2021 | | Slurm | Slurm | 20.11.8 | Not Affected | | [https://slurm.schedmd.com/documentation.html](https://slurm.schedmd.com/documentation.html) | | | 12/21/2021 |
| SMA Solar Technology AG | | | Affected | No | [SMA Advisory Link](https://files.sma.de/downloads/HK_Log4j-en-10.pdf?_ga=2.237963714.352491368.1640298543-2015796445.1640298540) | | | 01/05/2022 |
| SmartBear | | | | | [SmartBear Link](https://smartbear.com/security/cve-2021-44228/) | | | | | SmartBear | | | | | [SmartBear Link](https://smartbear.com/security/cve-2021-44228/) | | | |
| SmileCDR | | | | | [SmileCDR Blog Post](https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228) | | | | | SmileCDR | | | | | [SmileCDR Blog Post](https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228) | | | |
| Snakemake | Snakemake | 6.12.1 | Not Affected | | [https://snakemake.readthedocs.io/en/stable/](https://snakemake.readthedocs.io/en/stable/) | | | 12/21/2021 | | Snakemake | Snakemake | 6.12.1 | Not Affected | | [https://snakemake.readthedocs.io/en/stable/](https://snakemake.readthedocs.io/en/stable/) | | | 12/21/2021 |
@ -2481,6 +2516,25 @@ This list was initially populated using information from the following sources:
| Sophos | Sophos Mobile EAS Proxy | < 9.7.2 | Affected | No | [Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos](https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce) | The Sophos Mobile EAS Proxy, running in Traffic Mode, is affected. Customers will need to download and install version 9.7.2, available from Monday December 13, 2021, on the same machine where it is currently running. PowerShell mode is not affected. Customers can download the Standalone EAS Proxy Installer version 9.7.2 from the Sophos website. | | 12/12/2021 | | Sophos | Sophos Mobile EAS Proxy | < 9.7.2 | Affected | No | [Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos](https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce) | The Sophos Mobile EAS Proxy, running in Traffic Mode, is affected. Customers will need to download and install version 9.7.2, available from Monday December 13, 2021, on the same machine where it is currently running. PowerShell mode is not affected. Customers can download the Standalone EAS Proxy Installer version 9.7.2 from the Sophos website. | | 12/12/2021 |
| Sophos | Sophos ZTNA | | Not Affected | | [Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos](https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce) | Sophos ZTNA does not use Log4j. | | 12/12/2021 | | Sophos | Sophos ZTNA | | Not Affected | | [Advisory: Log4J zero-day vulnerability AKA Log4Shell (CVE-2021-44228) Sophos](https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce) | Sophos ZTNA does not use Log4j. | | 12/12/2021 |
| SOS Berlin | | | | | [SOS Berlin Link](https://www.sos-berlin.com/en/news-mitigation-log4j-vulnerability) | | | | | SOS Berlin | | | | | [SOS Berlin Link](https://www.sos-berlin.com/en/news-mitigation-log4j-vulnerability) | | | |
| Spacelabs Healthcare | XprezzNet | 96190 | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Intesys Clinical Suite (ICS) | | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Intesys Clinical Suite (ICS) Clinical Access Workstations | | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Xhibit Telemetry Receiver (XTR) | 96280 | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Xhibit, XC4 | Xhibit 96102, XC4 96501 | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Xprezzon | 91393 | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Qube | 91390 | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Qube Mini | 91389 | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Ultraview SL | 91367, 91369, 91370, and 91387 | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | DM3 and DM4 Monitors | | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Sentinel | | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Pathfinder SL | | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Lifescreen Pro | | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | EVO | | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Eclipse Pro | | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | CardioExpress | SL6A, SL12A, and SL18A | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | ABP | OnTrak, 90217A, and 90207 | Not Affected | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | Spacelabs Cloud | | Under Investigation | | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | | | 01/05/2022 |
| Spacelabs Healthcare | SafeNSound | 4.3.1 | Fixed | Yes | [Spacelabs Advisory Link](https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/) | Version >4.3.1 - Not Affected | | 01/05/2022 |
| Spambrella | | | | | [Spambrella FAQ Link](https://www.spambrella.com/faq/status-of-spambrella-products-with-cve-2021-44228/) | | | | | Spambrella | | | | | [Spambrella FAQ Link](https://www.spambrella.com/faq/status-of-spambrella-products-with-cve-2021-44228/) | | | |
| Spigot | | | | | [Spigot Security Release](https://www.spigotmc.org/threads/spigot-security-releases-%E2%80%94-1-8-8%E2%80%931-18.537204/) | | | | | Spigot | | | | | [Spigot Security Release](https://www.spigotmc.org/threads/spigot-security-releases-%E2%80%94-1-8-8%E2%80%931-18.537204/) | | | |
| Splunk | Splunk Add-On for Java Management Extensions [App ID 2647](https://splunkbase.splunk.com/app/2647) | 5.2.0 and older | Affected | CVE-2021-44228: 5.2.1 CVE-2021-45046: 5.2.2 CVE-2021-45105: not applicable due to configuration parameters | [Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046)](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 8:20 am PT, 12/30/21 | | Splunk | Splunk Add-On for Java Management Extensions [App ID 2647](https://splunkbase.splunk.com/app/2647) | 5.2.0 and older | Affected | CVE-2021-44228: 5.2.1 CVE-2021-45046: 5.2.2 CVE-2021-45105: not applicable due to configuration parameters | [Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-2021-45046)](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 8:20 am PT, 12/30/21 |