mirror of
https://github.com/cisagov/log4j-affected-db.git
synced 2024-11-22 08:30:48 +00:00
Merge branch 'develop' into improvement/add-readme-template
This commit is contained in:
commit
6947784c5e
2 changed files with 11 additions and 9 deletions
|
@ -3,9 +3,10 @@
|
||||||
This repository provides
|
This repository provides
|
||||||
[CISA's guidance](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance)
|
[CISA's guidance](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance)
|
||||||
and an overview of related software regarding the Log4j vulnerability
|
and an overview of related software regarding the Log4j vulnerability
|
||||||
(CVE-2021-44228). CISA encourages users and administrators to review the
|
(CVE-2021-44228). CISA urges users and administrators to upgrade to Log4j 2.17.1
|
||||||
[official Apache release](https://logging.apache.org/log4j/2.x/security.html)
|
(Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6), and review and monitor the
|
||||||
and upgrade to Log4j 2.17.1 or apply the recommended mitigations immediately.
|
[Apache Log4j Security Vulnerabilities webpage](https://logging.apache.org/log4j/2.x/security.html)
|
||||||
|
for updates and mitigation guidance.
|
||||||
|
|
||||||
The information in this repository is provided "as is" for informational
|
The information in this repository is provided "as is" for informational
|
||||||
purposes only and is being assembled and updated by CISA through
|
purposes only and is being assembled and updated by CISA through
|
||||||
|
@ -34,7 +35,7 @@ or imply their endorsement, recommendation, or favoring by CISA.
|
||||||
|
|
||||||
National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
|
National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
|
||||||
|
|
||||||
## Mitigation Guidance ##
|
## CISA Mitigation Guidance ##
|
||||||
|
|
||||||
When updates are available, agencies must update software
|
When updates are available, agencies must update software
|
||||||
using Log4j to the newest version, which is the most
|
using Log4j to the newest version, which is the most
|
||||||
|
|
|
@ -359,7 +359,7 @@ This list was initially populated using information from the following sources:
|
||||||
| Check Point | CloudGuard | All | Not Affected | | [sk176865](https://supportcontent.checkpoint.com/solutions?id=sk176865) | | | |
|
| Check Point | CloudGuard | All | Not Affected | | [sk176865](https://supportcontent.checkpoint.com/solutions?id=sk176865) | | | |
|
||||||
| Check Point | Harmony Endpoint & Harmony Mobile | All | Not Affected | | [sk176865](https://supportcontent.checkpoint.com/solutions?id=sk176865) | | | |
|
| Check Point | Harmony Endpoint & Harmony Mobile | All | Not Affected | | [sk176865](https://supportcontent.checkpoint.com/solutions?id=sk176865) | | | |
|
||||||
| Check Point | Infinity Portal | | Not Affected | | [sk176865](https://supportcontent.checkpoint.com/solutions?id=sk176865) | | | |
|
| Check Point | Infinity Portal | | Not Affected | | [sk176865](https://supportcontent.checkpoint.com/solutions?id=sk176865) | | | |
|
||||||
| Check Point | Quantum Security Gateway | All | Not Affected | | [sk176865](https://supportcontent.checkpoint.com/solutions?id=sk176865) | | |
|
| Check Point | Quantum Security Gateway | All | Not Affected | | [sk176865](https://supportcontent.checkpoint.com/solutions?id=sk176865) | | | |
|
||||||
| Check Point | Quantum Security Management | All | Not Affected | | [sk176865](https://supportcontent.checkpoint.com/solutions?id=sk176865) | Where used, uses the 1.8.0\_u241 version of the JRE that protects against this attack by default. | | |
|
| Check Point | Quantum Security Management | All | Not Affected | | [sk176865](https://supportcontent.checkpoint.com/solutions?id=sk176865) | Where used, uses the 1.8.0\_u241 version of the JRE that protects against this attack by default. | | |
|
||||||
| Check Point | SMB | All | Not Affected | | [sk176865](https://supportcontent.checkpoint.com/solutions?id=sk176865) | | | |
|
| Check Point | SMB | All | Not Affected | | [sk176865](https://supportcontent.checkpoint.com/solutions?id=sk176865) | | | |
|
||||||
| Check Point | ThreatCloud | | Not Affected | | [sk176865](https://supportcontent.checkpoint.com/solutions?id=sk176865) | | | |
|
| Check Point | ThreatCloud | | Not Affected | | [sk176865](https://supportcontent.checkpoint.com/solutions?id=sk176865) | | | |
|
||||||
|
@ -1206,7 +1206,7 @@ This list was initially populated using information from the following sources:
|
||||||
| Google Cloud | Cloud Natural Language API | | Not Affected | | [https://cloud.google.com/log4j2-security-advisory](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | 12/21/2021 |
|
| Google Cloud | Cloud Natural Language API | | Not Affected | | [https://cloud.google.com/log4j2-security-advisory](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | 12/21/2021 |
|
||||||
| Google Cloud | Cloud Profiler | | Not Affected | | [https://cloud.google.com/log4j2-security-advisory](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | 12/21/2021 |
|
| Google Cloud | Cloud Profiler | | Not Affected | | [https://cloud.google.com/log4j2-security-advisory](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | 12/21/2021 |
|
||||||
| Google Cloud | Cloud Router | | Not Affected | | [https://cloud.google.com/log4j2-security-advisory](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | 12/20/2021 |
|
| Google Cloud | Cloud Router | | Not Affected | | [https://cloud.google.com/log4j2-security-advisory](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | 12/20/2021 |
|
||||||
| Google Cloud | Cloud Run | | [https://cloud.google.com/log4j2-security-advisory](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run environments to identify components dependent on Log4j 2 and update them to the latest version. | | 12/21/2021 |
|
| Google Cloud | Cloud Run | | Not Affected | | [https://cloud.google.com/log4j2-security-advisory](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run environments to identify components dependent on Log4j 2 and update them to the latest version. | | 12/21/2021 |
|
||||||
| Google Cloud | Cloud Run for Anthos | | Not Affected | | [https://cloud.google.com/log4j2-security-advisory](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run for Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | 12/21/2021 |
|
| Google Cloud | Cloud Run for Anthos | | Not Affected | | [https://cloud.google.com/log4j2-security-advisory](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run for Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | 12/21/2021 |
|
||||||
| Google Cloud | Cloud SDK | | Not Affected | | [https://cloud.google.com/log4j2-security-advisory](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | 12/21/2021 |
|
| Google Cloud | Cloud SDK | | Not Affected | | [https://cloud.google.com/log4j2-security-advisory](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | 12/21/2021 |
|
||||||
| Google Cloud | Cloud SQL | | Not Affected | | [https://cloud.google.com/log4j2-security-advisory](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | 12/19/2021 |
|
| Google Cloud | Cloud SQL | | Not Affected | | [https://cloud.google.com/log4j2-security-advisory](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | 12/19/2021 |
|
||||||
|
@ -1897,7 +1897,7 @@ This list was initially populated using information from the following sources:
|
||||||
| MailStore | | | | | [MailStore Statement](https://www.mailstore.com/en/blog/mailstore-affected-by-log4shell/) | | | |
|
| MailStore | | | | | [MailStore Statement](https://www.mailstore.com/en/blog/mailstore-affected-by-log4shell/) | | | |
|
||||||
| Maltego | | | | | [Maltego Response to Logj4](https://www.maltego.com/blog/our-response-to-log4j-cve-2021-44228/) | | | |
|
| Maltego | | | | | [Maltego Response to Logj4](https://www.maltego.com/blog/our-response-to-log4j-cve-2021-44228/) | | | |
|
||||||
| ManageEngine | Servicedesk Plus | 11305 and below | Affected | | [Manage Engine Advisory](https://www.manageengine.com/products/service-desk/security-response-plan.html) | | | 12/15/2021 |
|
| ManageEngine | Servicedesk Plus | 11305 and below | Affected | | [Manage Engine Advisory](https://www.manageengine.com/products/service-desk/security-response-plan.html) | | | 12/15/2021 |
|
||||||
| ManageEngine | AD SelfService Plus | Build 6.1 build 6114 | Not Affected | | | | 12/27/21 |
|
| ManageEngine | AD SelfService Plus | Build 6.1 build 6114 | Not Affected | | | | | 12/27/21 |
|
||||||
| ManageEngine Zoho | | | | | [Manage Engine Link](https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus) | | | |
|
| ManageEngine Zoho | | | | | [Manage Engine Link](https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus) | | | |
|
||||||
| ManageEngine Zoho | ADManager Plus | On-Prem | | | [ManageEngine Vulnerability Impact](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | |12/16/2021|
|
| ManageEngine Zoho | ADManager Plus | On-Prem | | | [ManageEngine Vulnerability Impact](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | |12/16/2021|
|
||||||
| ManageEngine Zoho | ADAudit Plus | On-Prem | | | [ManageEngine Vulnerability Impact](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | |12/16/2021|
|
| ManageEngine Zoho | ADAudit Plus | On-Prem | | | [ManageEngine Vulnerability Impact](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | |12/16/2021|
|
||||||
|
@ -2012,8 +2012,7 @@ This list was initially populated using information from the following sources:
|
||||||
| Nulab | Typetalk | N/A (SaaS) | Fixed | | [Nulab Blog Post](https://nulab.com/blog/company-news/log4shell/) | | | |
|
| Nulab | Typetalk | N/A (SaaS) | Fixed | | [Nulab Blog Post](https://nulab.com/blog/company-news/log4shell/) | | | |
|
||||||
| Nutanix | AHV | All | Not Affected | | [Nutanix Security Advisory](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | 12/20/2021 |
|
| Nutanix | AHV | All | Not Affected | | [Nutanix Security Advisory](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | 12/20/2021 |
|
||||||
| Nutanix | AOS | LTS (including Prism Element), Community Edition | Not Affected | | [Nutanix Security Advisory](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | 12/20/2021 |
|
| Nutanix | AOS | LTS (including Prism Element), Community Edition | Not Affected | | [Nutanix Security Advisory](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | 12/20/2021 |
|
||||||
| Nutanix | AOS | STS (including Prism Element) | Fixed | Yes | [Nutanix Security Advisory](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Patched in 6.0.2.4, available on the Portal for
|
| Nutanix | AOS | STS (including Prism Element) | Fixed | Yes | [Nutanix Security Advisory](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Patched in 6.0.2.4, available on the Portal for download. | | 12/20/2021 |
|
||||||
download | | 12/20/2021 |
|
|
||||||
| Nutanix | Beam | | Fixed | | [Nutanix Security Advisory](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | 12/20/2021 |
|
| Nutanix | Beam | | Fixed | | [Nutanix Security Advisory](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | 12/20/2021 |
|
||||||
| Nutanix | BeamGov | | Fixed | | [Nutanix Security Advisory](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | 12/20/2021 |
|
| Nutanix | BeamGov | | Fixed | | [Nutanix Security Advisory](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | 12/20/2021 |
|
||||||
| Nutanix | Calm | All | Not Affected | | [Nutanix Security Advisory](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | 12/20/2021 |
|
| Nutanix | Calm | All | Not Affected | | [Nutanix Security Advisory](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | 12/20/2021 |
|
||||||
|
@ -2069,6 +2068,8 @@ download | | 12/20/2021 |
|
||||||
| OpenSearch | | | | | [OpenSearch Discussion Link](https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950) | | | |
|
| OpenSearch | | | | | [OpenSearch Discussion Link](https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950) | | | |
|
||||||
| OpenText | | | | | [OpenText Log4J Remote Code Execution](https://www.opentext.com/support/log4j-remote-code-execution-advisory) | | | 12/23/2021 |
|
| OpenText | | | | | [OpenText Log4J Remote Code Execution](https://www.opentext.com/support/log4j-remote-code-execution-advisory) | | | 12/23/2021 |
|
||||||
| Oracle | | | Affected | | [Oracle Security Alert](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) [My Oracle Support Document](https://support.oracle.com/rs?type=doc&id=2827611.1) | The support document is available to customers only and has not been reviewed by CISA | | 12/17/2021 |
|
| Oracle | | | Affected | | [Oracle Security Alert](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) [My Oracle Support Document](https://support.oracle.com/rs?type=doc&id=2827611.1) | The support document is available to customers only and has not been reviewed by CISA | | 12/17/2021 |
|
||||||
|
| Oracle | Exadata | <21.3.4 | Affected | | [https://www.oracle.com/security-alerts/alert-cve-2021-44228.html](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | Patch status and other security guidance is restricted to Oracle account/support members. The support document is available to customers only and has not been reviewed by CISA. | | 12/17/2021 |
|
||||||
|
| Oracle | Enterprise Manager | 13.5 ,13.4 & 13.3.2 | Affected | | [https://www.oracle.com/security-alerts/alert-cve-2021-44228.html](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | Patch status and other security guidance is restricted to Oracle account/support members. The support document is available to customers only and has not been reviewed by CISA. | | 12/17/2021 |
|
||||||
| Orgavision | | | | | [Orgavision Link](https://www.orgavision.com/neuigkeiten/sicherheitsluecke-java-library-log4j) | | | |
|
| Orgavision | | | | | [Orgavision Link](https://www.orgavision.com/neuigkeiten/sicherheitsluecke-java-library-log4j) | | | |
|
||||||
| Osirium | PAM | | Not Affected | | [Osirium statement](https://www.osirium.com/blog/apache-log4j-vulnerability) | | | |
|
| Osirium | PAM | | Not Affected | | [Osirium statement](https://www.osirium.com/blog/apache-log4j-vulnerability) | | | |
|
||||||
| Osirium | PEM | | Not Affected | | [Osirium statement](https://www.osirium.com/blog/apache-log4j-vulnerability) | | | |
|
| Osirium | PEM | | Not Affected | | [Osirium statement](https://www.osirium.com/blog/apache-log4j-vulnerability) | | | |
|
||||||
|
|
Loading…
Reference in a new issue