From 8ad35201ab4b3abda295d829b09f344d72fab06b Mon Sep 17 00:00:00 2001
From: mrshorten <96453763+mrshorten@users.noreply.github.com>
Date: Wed, 22 Dec 2021 11:26:56 -0900
Subject: [PATCH 1/8] Update SOFTWARE-LIST.md

Added AFHCAN Global LLC List of products. Lines 43-48
---
 SOFTWARE-LIST.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md
index 17daacc..b4e8ddc 100644
--- a/SOFTWARE-LIST.md
+++ b/SOFTWARE-LIST.md
@@ -40,6 +40,12 @@ This list was initially populated using information from the following sources:
 | Adobe ColdFusion | | | | | [Adobe ColdFusion Link](https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html) | | | |
 | ADP | | | | | [ADP Alert Link](https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx) | | | |
 | AFAS Software | | | | | [AFAS Software Link](https://help.afas.nl/vraagantwoord/NL/SE/120439.htm) | | | |
+| AFHCAN Global LLC | AFHCANsuite | 8.0.7 - 8.4.3 | Not Affected | | | | | | | 
+| AFHCAN Global LLC | AFHCANServer | 8.0.7 - 8.4.3 | Not Affected | | | | | | | 
+| AFHCAN Global LLC | AFHCANcart | 8.0.7 - 8.4.3 | Not Affected | | | | | | | 
+| AFHCAN Global LLC | AFHCANweb | 8.0.7 - 8.4.3 | Not Affected | | | | | | | 
+| AFHCAN Global LLC | AFHCANmobile | 8.0.7 - 8.4.3 | Not Affected | | | | | | | 
+| AFHCAN Global LLC | AFHCANupdate | 8.0.7 - 8.4.3 | Not Affected | | | | | | | 
 | Agilysys | | | | | [Agilysys Link](https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f) | | | |
 | Advanced Systems Concepts (formally Jscape) | Active MFT | | Not Affected | No | [Log4J Vulnerabilty](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | 12/14/2021 |
 | Advanced Systems Concepts (formally Jscape) | MFT Server | | Not Affected | No | [Log4J Vulnerabilty](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | 12/14/2021 |

From b6faf2e7dbb776c5decde3cfb8593f94880fb7ca Mon Sep 17 00:00:00 2001
From: inl-ics <96266975+inl-ics@users.noreply.github.com>
Date: Wed, 22 Dec 2021 13:29:47 -0700
Subject: [PATCH 2/8] Update SOFTWARE-LIST.md

Added Arbiter Systems, AMD, Beijer Electronics, BioMerieux, Bosh, and Canary
---
 SOFTWARE-LIST.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md
index 17daacc..4e27eeb 100644
--- a/SOFTWARE-LIST.md
+++ b/SOFTWARE-LIST.md
@@ -69,6 +69,7 @@ This list was initially populated using information from the following sources:
 | Amazon | AWS Kinesis Data Stream | Unknown | Affected | Yes | [Update for Apache Log4j2 Issue (CVE-2021-44228)](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | We are actively patching all sub-systems that use Log4j2 by applying updates. The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade to KCL version 1.14.5 (or higher) | | 12/14/2021 |
 | Amazon | OpenSearch | Unknown | Affected | Yes [(R20211203-P2)](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | [Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | |
 | Apache | ActiveMQ Artemis | All | Not Affected | Yes | [ApacheMQ - Update on CVE-2021-4428](https://activemq.apache.org/news/cve-2021-44228) | ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). Although this version of Log4j is not impacted by CVE-2021-44228 future versions of Artemis will be updated so that the Log4j jar is no longer included in the web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) for more information on that task. | | 12/21/2021 |
+| AMD | | | Not Affected | | [AMD Advisory Link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | Currently, no AMD products have been identified as affected.  AMD is continuing its analysis | | 12/22/2021 |
 | Apache | Camel | 3.14.1.3.11.5,3.7.7 | Affected | Yes | [APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/)| Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4. | | 12/13/2021 |
 | Apache | Camel Quarkus | | Not Affected | No | [APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/) | | | 12/13/2021 |
 | Apache | Camel K | | Not Affected | No | [APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/) | | | 12/13/2021 |
@@ -98,6 +99,7 @@ This list was initially populated using information from the following sources:
 | APC by Schneider Electric | Powerchute Business Edition | v9.5, v10.0.1, v10.0.2, v10.0.3, v10.0.4 | Fixed | No | [https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | 12/15/2021 |
 | APC by Schneider Electric | Powerchute Network Shutdown | 4.2, 4.3, 4.4, 4.4.1 | Fixed | No | [https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | 12/15/2021 |
 | Aqua Security | | | | | [Aqua Security Google Doc](https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub) | | | |
+| Arbiter Systems | All| | Not Affected | | [Arbiter Systems Advisory Link](https://www.arbiter.com/news/index.php?id=4403) | | | 12/22/2021 |
 | Arca Noae | | | | | [Arca Noae Link](https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/) | | | |
 | Arcserve | Arcserve Backup | All | Not Affected | No | [https://support.storagecraft.com/s/article/Log4J-Update](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | 12/14/2021 |
 | Arcserve | Arcserve Continuous Availability | All | Not Affected | No | [https://support.storagecraft.com/s/article/Log4J-Update](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | 12/14/2021 |
@@ -191,6 +193,16 @@ This list was initially populated using information from the following sources:
 | BD | BD Synapsys™ Informatics Solution | | Not Affected | No | [BD Advisory Link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | 12/20/2021 |
 | BD | BD Veritor™ COVID At Home Solution Cloud | | Not Affected | No | [BD Advisory Link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | 12/20/2021 |
 | Beckman Coulter | | | Under Investigation | | [Beckman Coulter Advisory Link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | 12/20/2021 |
+| Beijer Electronics | acirro+ | | Not Affected | | [Beijer Electronics Advisory Link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | 12/22/2021 |
+| Beijer Electronics | BFI frequency inverters | | Not Affected | | [Beijer Electronics Advisory Link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | 12/22/2021 |
+| Beijer Electronics | BSD servo drives | | Not Affected | | [Beijer Electronics Advisory Link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | 12/22/2021 |
+| Beijer Electronics | CloudVPN | | Not Affected | | [Beijer Electronics Advisory Link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | 12/22/2021 |
+| Beijer Electronics | FnIO-G and M Distributed IO | | Not Affected | | [Beijer Electronics Advisory Link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | 12/22/2021 |
+| Beijer Electronics | iX Developer | | Not Affected | | [Beijer Electronics Advisory Link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | 12/22/2021 |
+| Beijer Electronics | Nexto modular PLC | | Not Affected | | [Beijer Electronics Advisory Link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | 12/22/2021 |
+| Beijer Electronics | Nexto Xpress compact controller | | Not Affected | | [Beijer Electronics Advisory Link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | 12/22/2021 |
+| Beijer Electronics | WARP Engineering Studio | | Not Affected | | [Beijer Electronics Advisory Link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | 12/22/2021 |
+| BioMerieux | | | Under Investigation | | [BioMerieux Advisory Link](https://www.biomerieux.com/en/cybersecurity-data-privacy) | | | 12/22/2021 |
 | Bender | | | | | [Bender Link](https://www.bender.de/en/cert) | | | |
 | Best Practical Request Tracker (RT) and Request Tracker for Incident Response (RTIR) | | | | | [Vendor Link](https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j) | | | |
 | BeyondTrust | Privilege Management Cloud | Unkown | Fixed | Yes | [Security Advisory – Apache Log4j2 CVE 2021-44228 (Log4Shell)](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | 2021-12-17 |
@@ -243,6 +255,7 @@ This list was initially populated using information from the following sources:
 | BMC | TrueSight Operations Management | | Under Investigation | | [BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | |
 | BMC | TrueSight Orchestration | | Under Investigation | | [BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | |
 | Boston Scientific | | |Under Investigation | |[Boston Scientific Advisory Link](https://www.bostonscientific.com/content/dam/bostonscientific/corporate/product-security/bsc_statement_on_apache_log4j-v1.pdf) | | | 12/20/2021 |
+| Bosch | | | Affected | No | [Bosch Advisory Link](https://bosch-iot-suite.com/news/apache-log4j-rce-vulnerability/) | | | 12/22/2021 |
 | Box | | | | | [Box Blog Post](https://blog.box.com/boxs-statement-recent-log4j-vulnerability-cve-2021-44228) | | | |
 | Brainworks | | | | | [Brainworks Link](https://www.brainworks.de/log4j-exploit-kerio-connect-workaround/) | | | |
 | BrightSign | | | | | [BrightSign Link](https://brightsign.atlassian.net/wiki/spaces/DOC/pages/370679198/Security+Statement+Log4J+Meltdown+and+Spectre+Vulnerabilities#SecurityStatement%3ALog4J%2CMeltdownandSpectreVulnerabilities-JavaApacheLog4j) | | | |
@@ -301,6 +314,8 @@ This list was initially populated using information from the following sources:
 | Broadcom | WebPulse | | Under Investigation | | [Broadcom Support Portal](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | |
 | C4b XPHONE | | | | | [C4b XPHONE Link](https://www.c4b.com/de/news/log4j.php) | | | |
 | Camunda | | | | | [Camunda Forum Link](https://forum.camunda.org/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228/31910) | | | |
+| Canary | All | | Not Affected | | [Canary Advisory Link](https://helpcenter.canarylabs.com/t/83hjjk0/log4j-vulnerability) | | | 12/22/2021 |
+| COPA-DATA | 
 | CarbonBlack | | | | | [CarbonBlack Advisory](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | |
 | Carestream | | | Not Affected | |[Carestream Advisory Link](https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy) | | | 12/20/2021 |
 | CAS genesisWorld | | | | | [CAS genesisWorld Link](https://helpdesk.cas.de/CASHelpdesk/FAQDetails.aspx?gguid=0x79F9E881EE3C46C1A71BE9EB3E480446) | | | |

From 0fd2760ed50828000f7fd02a72e8b0d23256fe6b Mon Sep 17 00:00:00 2001
From: inl-ics <96266975+inl-ics@users.noreply.github.com>
Date: Wed, 22 Dec 2021 13:32:11 -0700
Subject: [PATCH 3/8] Update SOFTWARE-LIST.md

---
 SOFTWARE-LIST.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md
index 4e27eeb..6a3d70c 100644
--- a/SOFTWARE-LIST.md
+++ b/SOFTWARE-LIST.md
@@ -314,7 +314,7 @@ This list was initially populated using information from the following sources:
 | Broadcom | WebPulse | | Under Investigation | | [Broadcom Support Portal](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | |
 | C4b XPHONE | | | | | [C4b XPHONE Link](https://www.c4b.com/de/news/log4j.php) | | | |
 | Camunda | | | | | [Camunda Forum Link](https://forum.camunda.org/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228/31910) | | | |
-| Canary | All | | Not Affected | | [Canary Advisory Link](https://helpcenter.canarylabs.com/t/83hjjk0/log4j-vulnerability) | | | 12/22/2021 |
+| Canary Labs | All | | Not Affected | | [Canary Advisory Link](https://helpcenter.canarylabs.com/t/83hjjk0/log4j-vulnerability) | | | 12/22/2021 |
 | COPA-DATA | 
 | CarbonBlack | | | | | [CarbonBlack Advisory](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | |
 | Carestream | | | Not Affected | |[Carestream Advisory Link](https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy) | | | 12/20/2021 |

From 57dc71af479c6f172310f0b8518c968e96e9b3d7 Mon Sep 17 00:00:00 2001
From: inl-ics <96266975+inl-ics@users.noreply.github.com>
Date: Wed, 22 Dec 2021 13:34:15 -0700
Subject: [PATCH 4/8] Update SOFTWARE-LIST.md

---
 SOFTWARE-LIST.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md
index 6a3d70c..c053877 100644
--- a/SOFTWARE-LIST.md
+++ b/SOFTWARE-LIST.md
@@ -314,8 +314,7 @@ This list was initially populated using information from the following sources:
 | Broadcom | WebPulse | | Under Investigation | | [Broadcom Support Portal](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | |
 | C4b XPHONE | | | | | [C4b XPHONE Link](https://www.c4b.com/de/news/log4j.php) | | | |
 | Camunda | | | | | [Camunda Forum Link](https://forum.camunda.org/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228/31910) | | | |
-| Canary Labs | All | | Not Affected | | [Canary Advisory Link](https://helpcenter.canarylabs.com/t/83hjjk0/log4j-vulnerability) | | | 12/22/2021 |
-| COPA-DATA | 
+| Canary Labs | All | | Not Affected | | [Canary Labs Advisory Link](https://helpcenter.canarylabs.com/t/83hjjk0/log4j-vulnerability) | | | 12/22/2021 |
 | CarbonBlack | | | | | [CarbonBlack Advisory](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | |
 | Carestream | | | Not Affected | |[Carestream Advisory Link](https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy) | | | 12/20/2021 |
 | CAS genesisWorld | | | | | [CAS genesisWorld Link](https://helpdesk.cas.de/CASHelpdesk/FAQDetails.aspx?gguid=0x79F9E881EE3C46C1A71BE9EB3E480446) | | | |

From 8bed4d89ae55752b42e35c00e76ac7b7688ce4ac Mon Sep 17 00:00:00 2001
From: justmurphy <96064251+justmurphy@users.noreply.github.com>
Date: Wed, 22 Dec 2021 16:12:50 -0500
Subject: [PATCH 5/8] Add formatting fixes

---
 SOFTWARE-LIST.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md
index c053877..bd17872 100644
--- a/SOFTWARE-LIST.md
+++ b/SOFTWARE-LIST.md
@@ -69,7 +69,7 @@ This list was initially populated using information from the following sources:
 | Amazon | AWS Kinesis Data Stream | Unknown | Affected | Yes | [Update for Apache Log4j2 Issue (CVE-2021-44228)](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | We are actively patching all sub-systems that use Log4j2 by applying updates. The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade to KCL version 1.14.5 (or higher) | | 12/14/2021 |
 | Amazon | OpenSearch | Unknown | Affected | Yes [(R20211203-P2)](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | [Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | |
 | Apache | ActiveMQ Artemis | All | Not Affected | Yes | [ApacheMQ - Update on CVE-2021-4428](https://activemq.apache.org/news/cve-2021-44228) | ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). Although this version of Log4j is not impacted by CVE-2021-44228 future versions of Artemis will be updated so that the Log4j jar is no longer included in the web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) for more information on that task. | | 12/21/2021 |
-| AMD | | | Not Affected | | [AMD Advisory Link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | Currently, no AMD products have been identified as affected.  AMD is continuing its analysis | | 12/22/2021 |
+| AMD | All | | Not Affected | | [AMD Advisory Link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | Currently, no AMD products have been identified as affected.  AMD is continuing its analysis. | | 12/22/2021 |
 | Apache | Camel | 3.14.1.3.11.5,3.7.7 | Affected | Yes | [APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/)| Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4. | | 12/13/2021 |
 | Apache | Camel Quarkus | | Not Affected | No | [APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/) | | | 12/13/2021 |
 | Apache | Camel K | | Not Affected | No | [APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/) | | | 12/13/2021 |
@@ -99,7 +99,7 @@ This list was initially populated using information from the following sources:
 | APC by Schneider Electric | Powerchute Business Edition | v9.5, v10.0.1, v10.0.2, v10.0.3, v10.0.4 | Fixed | No | [https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | 12/15/2021 |
 | APC by Schneider Electric | Powerchute Network Shutdown | 4.2, 4.3, 4.4, 4.4.1 | Fixed | No | [https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | 12/15/2021 |
 | Aqua Security | | | | | [Aqua Security Google Doc](https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub) | | | |
-| Arbiter Systems | All| | Not Affected | | [Arbiter Systems Advisory Link](https://www.arbiter.com/news/index.php?id=4403) | | | 12/22/2021 |
+| Arbiter Systems | All | | Not Affected | | [Arbiter Systems Advisory Link](https://www.arbiter.com/news/index.php?id=4403) | | | 12/22/2021 |
 | Arca Noae | | | | | [Arca Noae Link](https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/) | | | |
 | Arcserve | Arcserve Backup | All | Not Affected | No | [https://support.storagecraft.com/s/article/Log4J-Update](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | 12/14/2021 |
 | Arcserve | Arcserve Continuous Availability | All | Not Affected | No | [https://support.storagecraft.com/s/article/Log4J-Update](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | 12/14/2021 |

From 35676dd9894c168b522655d2d10218729be6aa12 Mon Sep 17 00:00:00 2001
From: justmurphy <96064251+justmurphy@users.noreply.github.com>
Date: Wed, 22 Dec 2021 16:20:14 -0500
Subject: [PATCH 6/8] Remove extra pipe and trailing whitespace

---
 SOFTWARE-LIST.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md
index cc5ce51..f87c2cd 100644
--- a/SOFTWARE-LIST.md
+++ b/SOFTWARE-LIST.md
@@ -40,12 +40,12 @@ This list was initially populated using information from the following sources:
 | Adobe ColdFusion | | | | | [Adobe ColdFusion Link](https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html) | | | |
 | ADP | | | | | [ADP Alert Link](https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx) | | | |
 | AFAS Software | | | | | [AFAS Software Link](https://help.afas.nl/vraagantwoord/NL/SE/120439.htm) | | | |
-| AFHCAN Global LLC | AFHCANsuite | 8.0.7 - 8.4.3 | Not Affected | | | | | | | 
-| AFHCAN Global LLC | AFHCANServer | 8.0.7 - 8.4.3 | Not Affected | | | | | | | 
-| AFHCAN Global LLC | AFHCANcart | 8.0.7 - 8.4.3 | Not Affected | | | | | | | 
-| AFHCAN Global LLC | AFHCANweb | 8.0.7 - 8.4.3 | Not Affected | | | | | | | 
-| AFHCAN Global LLC | AFHCANmobile | 8.0.7 - 8.4.3 | Not Affected | | | | | | | 
-| AFHCAN Global LLC | AFHCANupdate | 8.0.7 - 8.4.3 | Not Affected | | | | | | | 
+| AFHCAN Global LLC | AFHCANsuite | 8.0.7 - 8.4.3 | Not Affected | | | | | |
+| AFHCAN Global LLC | AFHCANServer | 8.0.7 - 8.4.3 | Not Affected | | | | | |
+| AFHCAN Global LLC | AFHCANcart | 8.0.7 - 8.4.3 | Not Affected | | | | | |
+| AFHCAN Global LLC | AFHCANweb | 8.0.7 - 8.4.3 | Not Affected | | | | | |
+| AFHCAN Global LLC | AFHCANmobile | 8.0.7 - 8.4.3 | Not Affected | | | | | |
+| AFHCAN Global LLC | AFHCANupdate | 8.0.7 - 8.4.3 | Not Affected | | | | | |
 | Agilysys | | | | | [Agilysys Link](https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f) | | | |
 | Advanced Systems Concepts (formally Jscape) | Active MFT | | Not Affected | No | [Log4J Vulnerabilty](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | 12/14/2021 |
 | Advanced Systems Concepts (formally Jscape) | MFT Server | | Not Affected | No | [Log4J Vulnerabilty](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | 12/14/2021 |

From e89f75f58caa9d5542f164fa578caf8b0606cef1 Mon Sep 17 00:00:00 2001
From: justmurphy <96064251+justmurphy@users.noreply.github.com>
Date: Wed, 22 Dec 2021 16:27:41 -0500
Subject: [PATCH 7/8] Add AFHCAN website link

---
 SOFTWARE-LIST.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md
index f87c2cd..d338b2e 100644
--- a/SOFTWARE-LIST.md
+++ b/SOFTWARE-LIST.md
@@ -40,12 +40,12 @@ This list was initially populated using information from the following sources:
 | Adobe ColdFusion | | | | | [Adobe ColdFusion Link](https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html) | | | |
 | ADP | | | | | [ADP Alert Link](https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx) | | | |
 | AFAS Software | | | | | [AFAS Software Link](https://help.afas.nl/vraagantwoord/NL/SE/120439.htm) | | | |
-| AFHCAN Global LLC | AFHCANsuite | 8.0.7 - 8.4.3 | Not Affected | | | | | |
-| AFHCAN Global LLC | AFHCANServer | 8.0.7 - 8.4.3 | Not Affected | | | | | |
-| AFHCAN Global LLC | AFHCANcart | 8.0.7 - 8.4.3 | Not Affected | | | | | |
-| AFHCAN Global LLC | AFHCANweb | 8.0.7 - 8.4.3 | Not Affected | | | | | |
-| AFHCAN Global LLC | AFHCANmobile | 8.0.7 - 8.4.3 | Not Affected | | | | | |
-| AFHCAN Global LLC | AFHCANupdate | 8.0.7 - 8.4.3 | Not Affected | | | | | |
+| AFHCAN Global LLC | AFHCANsuite | 8.0.7 - 8.4.3 | Not Affected | | [https://afhcan.org/support.aspx](https://afhcan.org/support.aspx) | | | |
+| AFHCAN Global LLC | AFHCANServer | 8.0.7 - 8.4.3 | Not Affected | | [https://afhcan.org/support.aspx](https://afhcan.org/support.aspx) | | | |
+| AFHCAN Global LLC | AFHCANcart | 8.0.7 - 8.4.3 | Not Affected | | [https://afhcan.org/support.aspx](https://afhcan.org/support.aspx) | | | |
+| AFHCAN Global LLC | AFHCANweb | 8.0.7 - 8.4.3 | Not Affected | | [https://afhcan.org/support.aspx](https://afhcan.org/support.aspx) | | | |
+| AFHCAN Global LLC | AFHCANmobile | 8.0.7 - 8.4.3 | Not Affected | | [https://afhcan.org/support.aspx](https://afhcan.org/support.aspx) | | | |
+| AFHCAN Global LLC | AFHCANupdate | 8.0.7 - 8.4.3 | Not Affected | | [https://afhcan.org/support.aspx](https://afhcan.org/support.aspx) | | | |
 | Agilysys | | | | | [Agilysys Link](https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f) | | | |
 | Advanced Systems Concepts (formally Jscape) | Active MFT | | Not Affected | No | [Log4J Vulnerabilty](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | 12/14/2021 |
 | Advanced Systems Concepts (formally Jscape) | MFT Server | | Not Affected | No | [Log4J Vulnerabilty](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | 12/14/2021 |

From de8dc2b91bbb3e54d993b4931e37db0cb8f547e3 Mon Sep 17 00:00:00 2001
From: Lcerkov <96153185+Lcerkov@users.noreply.github.com>
Date: Wed, 22 Dec 2021 16:57:50 -0500
Subject: [PATCH 8/8] update autodesk issue #270

---
 SOFTWARE-LIST.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md
index d338b2e..d7d4dfc 100644
--- a/SOFTWARE-LIST.md
+++ b/SOFTWARE-LIST.md
@@ -131,7 +131,7 @@ This list was initially populated using information from the following sources:
 | Atlassian | Jira Server & Data Center | All | Not Affected | | [Multiple Products Security Advisory - Log4j Vulnerable To Remote Code Execution - CVE-2021-44228](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html)| This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | |
 | Attivo networks | | | | | [Attivo Networks Advisory](https://www.attivonetworks.com/wp-content/uploads/2021/12/Log4j_Vulnerability-Advisory-211213-4.pdf) | | | |
 | AudioCodes | | | | | [AudioCodes Link](https://services.audiocodes.com/app/answers/kbdetail/a_id/2225) | | | |
-| Autodesk | | | | | [Autodesk Article Link](https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html) | | | |
+| Autodesk | | | Under Investigation | | [Autodesk Article Link](https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html) | Autodesk is continuing to perform a thorough investigation in relation to the recently discovered Apache Log4j security vulnerabilities. We continue to implement several mitigating factors for our products including patching, network firewall blocks, and updated detection signatures to reduce the threat of this vulnerability and enhance our ability to quickly respond to potential malicious activity. We have not identified any compromised systems in the Autodesk environment due to this vulnerability, at this time. This is an ongoing investigation and we will provide updates on the [Autodesk Trust Center as we learn more](https://www.autodesk.com/trust/overview). | | 12/21/2021 |
 | Automox | | | | | [Automox Blog Post](https://blog.automox.com/log4j-critical-vulnerability-scores-a-10) | | | |
 | Autopsy | | | | | [Autopsy Link](https://www.autopsy.com/autopsy-and-log4j-vulnerability/) | | | |
 | Auvik | | | | | [Auvik Status Link](https://status.auvik.com/incidents/58bfngkz69mj) | | | |