@ -77,7 +77,6 @@ This list was initially populated using information from the following sources:
| Atlassian | Crowd Server & Data Center | All | Affected | Yes | [FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html) | So far, we do not believe our on-premises products are vulnerable to exploitation in their default configuration. However, if a you have modified the default logging configuration (log4j.properties) to enable the JMS Appender functionality, remote code execution may be possible | | |
| Atlassian | Fisheye | All | Affected | Yes | [FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html) | So far, we do not believe our on-premises products are vulnerable to exploitation in their default configuration. However, if a you have modified the default logging configuration (log4j.properties) to enable the JMS Appender functionality, remote code execution may be possible | | |
| Atlassian | Crucible | All | Affected | Yes | [FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html) | | | |
| Appeon | PowerBuilder | Appeon PowerBuilder 2017-2021 regardless of product edition | Affected | No | | | |12/15/2021|
| ElasticSearch | all products | | Not Affected | | | | | |
| FedEx | Ship Manager Software | Unknown | Affected/Under Investigation | | [FedEx Statement](https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4)|Note: FedEx is aware of the issue related to the Log4j Remote Code Execution vulnerability affecting various Apache products. We are actively assessing the situation and taking necessary action as appropriate. As a result, we are temporarily unable to provide a link to download the FedEx Ship Manager software or generate product keys needed for registration of FedEx Ship Manager software. We are working to have this resolved as quickly as possible and apologize for the inconvenience. For related questions or the most updated information, customers should check FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative.||12/15/2021|
| F-Secure | Endpoint Proxy | 13-15 | Affected | Yes | [F-Secure services Status - 0-day exploit found in the Java logging package log4j2](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | |
| F-Secure | Policy Manager | 13-15 | Affected | Yes | [F-Secure services Status - 0-day exploit found in the Java logging package log4j2](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | |
| F-Secure| Policy Manager Proxy | 13-15 | Affected | Yes | [F-Secure services Status - 0-day exploit found in the Java logging package log4j2](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | |
@ -395,9 +393,70 @@ This list was initially populated using information from the following sources:
| Gradle | Gradle Enterprise | < 2021.3.6 | Affected | Yes | [Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2](https://security.gradle.com/advisory/2021-11) | | | |
| Gradle | Gradle Enterprise Test Distribution Agent | < 1.6.2 | Affected | Yes | [Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2](https://security.gradle.com/advisory/2021-11) | | | |
| Gradle | Gradle Enterprise Build Cache Node | < 10.1 | Affected | Yes | [Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2](https://security.gradle.com/advisory/2021-11) | | | |
| IBM | IBM Cognos Controller | 10.4.2 | Fixed | Yes | [IBM Support](https://www.ibm.com/support/pages/node/6526468)| | | 12-15-21 |
| IBM | IBM Cloud Object Storage Systems | Long Term Support Release – 3.16.0.47 and Prior 3.16.0 Releases | Fixed | Yes | [IBM PSIRT](https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilities-affect-ibm-cloud-object-storage-systems-clevos-cve-2021-44228/)| | | 12-15-21 |
| IBM | IBM Cloud Object Storage Systems | Active Release – 3.16.1.39 and Prior 3.16.1 Releases | Fixed | Yes | [IBM PSIRT](https://www.ibm.com/blogs/psirt/security-bulletin-apache-log4j-vulnerabilities-affect-ibm-cloud-object-storage-systems-clevos-cve-2021-44228/)| | | 12-15-21 |
| IBM | IBM Cloud Transformation Advisor | 2.5.0 | Fixed | Yes | [IBM Support](https://www.ibm.com/support/pages/node/6526212)| | | 12-15-21 |
| IBM | IBM Spectrum Protect Client web user interface | 8.1.7.0-8.1.13.0 (Linux and Windows) | Fixed | Yes | [IBM Support](https://www.ibm.com/support/pages/node/6527080)| | | 12-15-21 |
| IBM | IBM Spectrum Protect Client web user interface | 8.1.9.0-8.1.13.0 (AIX) | Fixed | Yes| [IBM Support](https://www.ibm.com/support/pages/node/6527080)| | | 12-15-21 |
| IBM | IBM Spectrum Protect for Virtual Environments: Data Protection for VMware | 8.1.0.0-8.1.13.0 | Fixed | Yes | [IBM Support](https://www.ibm.com/support/pages/node/6527080) | see Note 1 | | 12-15-21 |
| IBM | IBM Spectrum Protect for Virtual Environments: Data Protection for VMware | 7.1.0.0-7.1.8.12 | Fixed | Yes | [IBM Support](https://www.ibm.com/support/pages/node/6527080)| | | 12-15-21 |
| IBM | IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V | 8.1.4.0-8.1.13.0 | Fixed | Yes | [IBM Support](https://www.ibm.com/support/pages/node/6527080)| see Note 1 | | 12-15-21 |
| Palo-Alto | Panorama | 9.0, 9.1, 10.0 | Affected | Yes | [Unit42 Palo-Alto Apache Log4j Vulnerability](https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/) | | Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will be updated when hot fixes for the affected Panorama versions are available | 12/15/2021 |