mirror of
https://github.com/cisagov/log4j-affected-db.git
synced 2024-11-23 00:50:48 +00:00
Merge branch 'develop' into patch-1
This commit is contained in:
commit
b9b2e4f6e2
1 changed files with 298 additions and 51 deletions
303
README.md
303
README.md
|
@ -4,7 +4,7 @@ This repository provides CISA's guidance and an overview of related software
|
||||||
regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and
|
regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and
|
||||||
administrators to review the
|
administrators to review the
|
||||||
[official Apache release](https://logging.apache.org/log4j/2.x/security.html)
|
[official Apache release](https://logging.apache.org/log4j/2.x/security.html)
|
||||||
and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.
|
and upgrade to Log4j 2.16.0 or apply the recommended mitigations immediately.
|
||||||
|
|
||||||
## Official CISA Guidance & Resources ##
|
## Official CISA Guidance & Resources ##
|
||||||
|
|
||||||
|
@ -13,19 +13,8 @@ and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.
|
||||||
|
|
||||||
## CISA Current Activity Alerts ##
|
## CISA Current Activity Alerts ##
|
||||||
|
|
||||||
- [Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce)
|
|
||||||
- [CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/13/cisa-creates-webpage-apache-log4j-vulnerability-cve-2021-44228)
|
- [CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/13/cisa-creates-webpage-apache-log4j-vulnerability-cve-2021-44228)
|
||||||
|
|
||||||
National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
|
|
||||||
|
|
||||||
CISA will maintain a list of all publicly available information and
|
|
||||||
vendor-supplied advisories regarding the Log4j vulnerability. This list is not
|
|
||||||
a full list and will be updated continuously. If you have any additional
|
|
||||||
information to share relevant to the Log4j vulnerability, please feel free to
|
|
||||||
open an issue [here](https://github.com/cisagov/log4j-affected-db/issues). We
|
|
||||||
have a template available for your submission. Please also feel free to submit
|
|
||||||
a pull request.
|
|
||||||
|
|
||||||
## Mitigation Guidance ##
|
## Mitigation Guidance ##
|
||||||
|
|
||||||
CISA urges organizations operating products marked as "Fixed" to immediately
|
CISA urges organizations operating products marked as "Fixed" to immediately
|
||||||
|
@ -40,6 +29,8 @@ implement alternate controls, including:
|
||||||
- Ensure that any alerts from a vulnerable device are immediately actioned.
|
- Ensure that any alerts from a vulnerable device are immediately actioned.
|
||||||
- Report incidents promptly to CISA and/or the FBI [here](https://www.cisa.gov/uscert/report).
|
- Report incidents promptly to CISA and/or the FBI [here](https://www.cisa.gov/uscert/report).
|
||||||
|
|
||||||
|
National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
|
||||||
|
|
||||||
## Status Descriptions ##
|
## Status Descriptions ##
|
||||||
|
|
||||||
|Status| Description |
|
|Status| Description |
|
||||||
|
@ -58,12 +49,13 @@ This list was initially populated using information from the following sources:
|
||||||
|
|
||||||
| Vendor | Product| Version(s)| Status| Update available| Vendor link | Notes | Other References | Last Updated |
|
| Vendor | Product| Version(s)| Status| Update available| Vendor link | Notes | Other References | Last Updated |
|
||||||
| ------ | -------------------- | ---- | ----- | --------------- | ----------- | ----- | ---------------- | ------------ |
|
| ------ | -------------------- | ---- | ----- | --------------- | ----------- | ----- | ---------------- | ------------ |
|
||||||
|3M Health Information Systems| CGS| | Affected| | [CGS: Log4j Software Update(login required)](https://support.3mhis.com/app/account/updates/ri/5210)| This advisory is available to customers only and has not been reviewed by CISA.| | 12/15/2021|
|
|3M Health Information Systems| CGS | | Affected | Unknown |[CGS: Log4j Software Update(login required)](https://support.3mhis.com/app/account/updates/ri/5210) |This advisory is available to customer only and has not been reviewed by CISA.||12/15/2021|
|
||||||
| Akamai | SIEM Splunk Connector| All | Affected | | [GitHub - akamai/siem-splunk-connector: Akamai SIEM Connector for Splunk](https://splunkbase.splunk.com/app/4310/) |v1.4.11 is the new recommendation for mitigation of log4j vulnerabilities. | |12/15/2021|
|
| Accellion | Kiteworks | v7.6 release | Fixed | Yes | [Kiteworks Statement](https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/) | "As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true” to disable the possible attack vector on both CentOS 6 and CentOS 7." | |12/16/2021 |
|
||||||
| Amazon | OpenSearch | Unknown | Affected | | [Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | |
|
| Akamai | SIEM Splunk Connector| All | Affected | | [GitHub - akamai/siem-splunk-connector: Akamai SIEM Connector for Splunk](https://github.com/akamai/siem-splunk-connector) | | | |
|
||||||
|
| Amazon | OpenSearch | Unknown | Affected | Yes [(R20211203-P2)](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | [Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | |
|
||||||
| Amazon | AWS Lambda | Unknown | Affected | Yes | [Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | |
|
| Amazon | AWS Lambda | Unknown | Affected | Yes | [Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | |
|
||||||
| Amazon | AWS CloudHSM | < 3.4.1. | Affected | | [Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | |
|
| Amazon | AWS CloudHSM | < 3.4.1. | Affected | | [Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | |
|
||||||
| Amazon | EC2 | Amazon Linux 1 & 2 | Unknown | | [Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | |
|
| Amazon | EC2 | Amazon Linux 1 & 2 | Not Affected | | [Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | 12/15/2021 |
|
||||||
| Apache | Druid | < druid 0.22.0 | Affected | Yes | [Release druid-0.22.1 · apache/druid · GitHub](https://github.com/apache/druid/releases/tag/druid-0.22.1) | | | 12/12/2021|
|
| Apache | Druid | < druid 0.22.0 | Affected | Yes | [Release druid-0.22.1 · apache/druid · GitHub](https://github.com/apache/druid/releases/tag/druid-0.22.1) | | | 12/12/2021|
|
||||||
| Apache | Flink | < flink 1.15.0, 1.14.1, 1.13.3 | Affected | No | [Apache Flink: Advise on Apache Log4j Zero Day (CVE-2021-44228)](https://flink.apache.org/2021/12/10/log4j-cve.html) | | | 12/12/2021 |
|
| Apache | Flink | < flink 1.15.0, 1.14.1, 1.13.3 | Affected | No | [Apache Flink: Advise on Apache Log4j Zero Day (CVE-2021-44228)](https://flink.apache.org/2021/12/10/log4j-cve.html) | | | 12/12/2021 |
|
||||||
| Apache | Log4j | < 2.15.0 | Affected | Yes | [Log4j – Apache Log4j Security Vulnerabilities](https://logging.apache.org/log4j/2.x/security.html) | | | |
|
| Apache | Log4j | < 2.15.0 | Affected | Yes | [Log4j – Apache Log4j Security Vulnerabilities](https://logging.apache.org/log4j/2.x/security.html) | | | |
|
||||||
|
@ -71,6 +63,7 @@ This list was initially populated using information from the following sources:
|
||||||
| Apache | SOLR | 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 | Affected | Yes | [Log4j – Apache Log4j Security Vulnerabilities](https://logging.apache.org/log4j/2.x/security.html) | | | |
|
| Apache | SOLR | 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 | Affected | Yes | [Log4j – Apache Log4j Security Vulnerabilities](https://logging.apache.org/log4j/2.x/security.html) | | | |
|
||||||
| Apereo | CAS | 6.3.x & 6.4.x | Affected | Yes | [CAS Log4J Vulnerability Disclosure – Apereo Community Blog](https://apereo.github.io/2021/12/11/log4j-vuln/) | | | |
|
| Apereo | CAS | 6.3.x & 6.4.x | Affected | Yes | [CAS Log4J Vulnerability Disclosure – Apereo Community Blog](https://apereo.github.io/2021/12/11/log4j-vuln/) | | | |
|
||||||
| Apereo | Opencast | < 9.10, < 10.6 | Affected | Yes | [Apache Log4j Remote Code Execution · Advisory · opencast/opencast · GitHub](https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8) | | | |
|
| Apereo | Opencast | < 9.10, < 10.6 | Affected | Yes | [Apache Log4j Remote Code Execution · Advisory · opencast/opencast · GitHub](https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8) | | | |
|
||||||
|
|Application Performance Ltd| DBMarlin | Not Affected | | [Common Vulnerabilities Apache log4j Vulnerability CVE-2021-4428](https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428)| | | 12/15/2021|
|
||||||
| Aptible | Aptible | ElasticSearch 5.x | Affected | Yes | [Aptible Status - Log4j security incident CVE-2021-27135](https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4) | | | |
|
| Aptible | Aptible | ElasticSearch 5.x | Affected | Yes | [Aptible Status - Log4j security incident CVE-2021-27135](https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4) | | | |
|
||||||
| Atlassian | Jira Server & Data Center | All | Affected | Yes | [FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html)| You can check if you are vulnerable by inspecting the Log4j configuration file. If you find a line containing the org.apache.log4j.net.JMSAppender, | | |
|
| Atlassian | Jira Server & Data Center | All | Affected | Yes | [FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html)| You can check if you are vulnerable by inspecting the Log4j configuration file. If you find a line containing the org.apache.log4j.net.JMSAppender, | | |
|
||||||
| Atlassian | Confluence Server & Data Center | All | Affected | Yes | [FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html) | You can check if you are vulnerable by inspecting the Log4j configuration file. If you find a line containing the org.apache.log4j.net.JMSAppender, | | |
|
| Atlassian | Confluence Server & Data Center | All | Affected | Yes | [FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html) | You can check if you are vulnerable by inspecting the Log4j configuration file. If you find a line containing the org.apache.log4j.net.JMSAppender, | | |
|
||||||
|
@ -78,6 +71,35 @@ This list was initially populated using information from the following sources:
|
||||||
| Atlassian | Crowd Server & Data Center | All | Affected | Yes | [FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html) | So far, we do not believe our on-premises products are vulnerable to exploitation in their default configuration. However, if a you have modified the default logging configuration (log4j.properties) to enable the JMS Appender functionality, remote code execution may be possible | | |
|
| Atlassian | Crowd Server & Data Center | All | Affected | Yes | [FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html) | So far, we do not believe our on-premises products are vulnerable to exploitation in their default configuration. However, if a you have modified the default logging configuration (log4j.properties) to enable the JMS Appender functionality, remote code execution may be possible | | |
|
||||||
| Atlassian | Fisheye | All | Affected | Yes | [FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html) | So far, we do not believe our on-premises products are vulnerable to exploitation in their default configuration. However, if a you have modified the default logging configuration (log4j.properties) to enable the JMS Appender functionality, remote code execution may be possible | | |
|
| Atlassian | Fisheye | All | Affected | Yes | [FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html) | So far, we do not believe our on-premises products are vulnerable to exploitation in their default configuration. However, if a you have modified the default logging configuration (log4j.properties) to enable the JMS Appender functionality, remote code execution may be possible | | |
|
||||||
| Atlassian | Crucible | All | Affected | Yes | [FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html) | | | |
|
| Atlassian | Crucible | All | Affected | Yes | [FAQ for CVE-2021-44228 Atlassian Support Atlassian Documentation](https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html) | | | |
|
||||||
|
| Avaya | Avaya Analytics | 3.5, 3.6, 3.6.1, 3.7, 4| Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Avaya Aura® Device Services | 8, 8.1, 8.1.4, 8.1.5 | Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Avaya Aura for OneCloud Private | | Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| Avaya is scanning and monitoring its OneCloud Private environments as part of its management activities. Avaya will continue to monitor this fluid situation and remediations will be made as patches become available, in accordance with appropriate change processes. | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Avaya Aura® Application Enablement Services | 8.1.3.2, 8.1.3.3, 10.1 | Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | [PSN020551u](https://download.avaya.com/css/public/documents/101079386) | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Avaya Aura® Contact Center | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya |Avaya Aura® Device Services | 8.0.1, 8.0.2, 8.1.3 | Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Avaya Aura® Media Server | 8.0.0, 8.0.1, 8.0.2 | Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | [PSN020549u](https://download.avaya.com/css/secure/documents/101079316) | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Avaya Aura® Presence Services | 10.1, 7.1.2, 8, 8.0.1, 8.0.2, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4| Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Avaya Aura® Session Manager | 10.1, 7.1.3, 8, 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | [PSN020550u](https://download.avaya.com/css/public/documents/101079384)| Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Avaya Aura® System Manager | 10.1, 8.1.3 | Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | [PSN005565u](https://download.avaya.com/css/secure/documents/101079390)| Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Avaya Aura® Web Gateway | 3.11[P], 3.8.1[P], 3.8[P], 3.9.1 [P], 3.9[P]| Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Avaya Breeze™ | 3.7, 3.8, 3.8.1| Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Avaya Contact Center Select | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2| Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Avaya CRM Connector - Connected Desktop | 2.2 | Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Avaya Meetings | 9.1.10, 9.1.11, 9.1.12| Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Avaya OneCloud-Private | 2 | Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Avaya Session Border Controller for Enterprise | 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | Affected | Yes| [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | [PSN020554u](https://download.avaya.com/css/public/documents/101079394)| Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Avaya Social Media Hub | | Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Avaya Workforce Engagement | 5.3 | Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Business Rules Engine | 3.4, 3.5, 3.6, 3.7| Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Callback Assist | 5, 5.0.1 | Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Control Manager | 9.0.2, 9.0.2.1| Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Device Enrollment Service | 3.1 | Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Equinox™ Conferencing | 9.1.2 | Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Interaction Center | 7.3.9 | Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | IP Office™ Platform | 11.0.4, 11.1, 11.1.1, 11.1.2| Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Proactive Outreach Manager | 3.1.2, 3.1.3, 4, 4.0.1 | Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Avaya Device Enablement Service | 3.1.22 | Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
|
| Avaya | Avaya one cloud private -UCaaS - Mid Market Aura | 1 | Affected | No | [Apache Log4J Vulnerability - Impact for Avaya products Avaya Product Security](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609)| | | Tuesday, December 14, 2021 - 8:30pm ET |
|
||||||
| Appeon | PowerBuilder | Appeon PowerBuilder 2017-2021 regardless of product edition | Affected | No | | | |12/15/2021|
|
| Appeon | PowerBuilder | Appeon PowerBuilder 2017-2021 regardless of product edition | Affected | No | | | |12/15/2021|
|
||||||
| BMC | BMC Helix ITSM | | Under Investigation | | [BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | |
|
| BMC | BMC Helix ITSM | | Under Investigation | | [BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | |
|
||||||
| BMC | BMC Helix Discovery | | Under Investigation | | [BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | |
|
| BMC | BMC Helix Discovery | | Under Investigation | | [BMC Security Advisory for CVE-2021-44228 Log4Shell Vulnerability - Blogs & Documents - BMC Community](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | |
|
||||||
|
@ -168,6 +190,7 @@ This list was initially populated using information from the following sources:
|
||||||
| Broadcom | Web Isolation (WI) | | Under Investigation | | [Broadcom Support Portal](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | |
|
| Broadcom | Web Isolation (WI) | | Under Investigation | | [Broadcom Support Portal](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | |
|
||||||
| Broadcom | Web Security Service (WSS) | | Under Investigation | | [Broadcom Support Portal](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | |
|
| Broadcom | Web Security Service (WSS) | | Under Investigation | | [Broadcom Support Portal](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | |
|
||||||
| Broadcom | WebPulse | | Under Investigation | | [Broadcom Support Portal](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | |
|
| Broadcom | WebPulse | | Under Investigation | | [Broadcom Support Portal](https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793) | | | |
|
||||||
|
| Chaser Systems | discrimiNAT Firewall | All | Not Affected | | [Are Chaser’s products affected](https://chasersystems.com/discrimiNAT/blog/log4shell-and-its-traces-in-a-network-egress-filter/#are-chasers-products-affected) | | | |
|
||||||
| Check Point | Quantum Security Gateway | | Not Affected | | | | | |
|
| Check Point | Quantum Security Gateway | | Not Affected | | | | | |
|
||||||
| Check Point | Quantum Security Management | | Not Affected | | | Uses the 1.8.0\_u241 version of the JRE that protects against this attack by default. | | |
|
| Check Point | Quantum Security Management | | Not Affected | | | Uses the 1.8.0\_u241 version of the JRE that protects against this attack by default. | | |
|
||||||
| Check Point | CloudGuard | | Not Affected | | | | | |
|
| Check Point | CloudGuard | | Not Affected | | | | | |
|
||||||
|
@ -344,8 +367,19 @@ This list was initially populated using information from the following sources:
|
||||||
| Cloudera | Workload XM (SaaS) | | Not Affected | | [https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | |
|
| Cloudera | Workload XM (SaaS) | | Not Affected | | [https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | |
|
||||||
| Cloudera | SmartSense | | Under Investigation | | [https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | |
|
| Cloudera | SmartSense | | Under Investigation | | [https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | |
|
||||||
| Cloudera | Data Analytics Studio (DAS) | | Under Investigation | | [https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | |
|
| Cloudera | Data Analytics Studio (DAS) | | Under Investigation | | [https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | |
|
||||||
|
| Dell | iDRAC | | Not Affected | | [Dell Response to Apache Log4j Remote Code Execution Vulnerability](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability?lwp=rt) | | | |
|
||||||
|
| Dell | iDRAC Service Module | | Not Affected | | [Dell Response to Apache Log4j Remote Code Execution Vulnerability](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability?lwp=rt) | | | |
|
||||||
|
| Dell | Open Management Enterprise - Modular | | Affected | | [Dell Response to Apache Log4j Remote Code Execution Vulnerability](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability?lwp=rt) | Patch expected 2021-12-17 | | |
|
||||||
|
| Dell | OpenManage Enterprise | | Affected | | [Dell Response to Apache Log4j Remote Code Execution Vulnerability](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability?lwp=rt) | Patch expected 2021-12-17 | | |
|
||||||
|
| Dell | OpenManage Enterprise Services | | Affected | | [Dell Response to Apache Log4j Remote Code Execution Vulnerability](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability?lwp=rt) | Patch expected 2021-12-17 | | |
|
||||||
|
| Devolutions | All products | | Not Affected | | [https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/](https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/) | | | |
|
||||||
|
| Dynatrace | Managed cluster nodes | | Affected | | | | | |
|
||||||
|
| Dynatrace | Synthetic Activegates | | Affected | | | | | |
|
||||||
|
| ElasticSearch | all products | | Not Affected | | | | | |
|
||||||
|
| Cloudogu| Ecosystem | All | Affected | Yes | [Cloudogu Community](https://community.cloudogu.com/t/security-vulnerability-log4shell-cve-2021-44228/417)||||
|
||||||
|
| Cloudogu| SCM-Manager|| Not Affected| | [SCM-Manager Blog](https://scm-manager.org/blog/posts/2021-12-13-log4shell/)||||
|
||||||
| CyberArk | Privileged Threat Analytics (PTA)| N/A | Affected | Yes | [CyberArk Customer Force](https://cyberark-customers.force.com/s/login/?ec=302&startURL=%2Fs%2Farticle%2FPTA-CVE-2021-44228-Mitigation-for-Privilege-Threat-Analytics) | | This advisory is available to customers only and has not been reviewed by CISA. |12/14/2021|
|
| CyberArk | Privileged Threat Analytics (PTA)| N/A | Affected | Yes | [CyberArk Customer Force](https://cyberark-customers.force.com/s/login/?ec=302&startURL=%2Fs%2Farticle%2FPTA-CVE-2021-44228-Mitigation-for-Privilege-Threat-Analytics) | | This advisory is available to customers only and has not been reviewed by CISA. |12/14/2021|
|
||||||
|Application Performance Ltd| DBMarlin| | Not Affected| | "[Common Vulnerabilities Apache log4j Vulnerability CVE-2021-4428](https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428)| | | 12/15/2021|
|
| Datadog | Datadog Agent | >=6.17.0, <=6.32.1, >=7.17, <=7.23.1 | Fixed | Yes | [Datadog Log4j Vulnerability Update](https://www.datadoghq.com/log4j-vulnerability/)||||
|
||||||
|Devolutions|All products||Not Affected||[https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/](https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/)||||
|
|Devolutions|All products||Not Affected||[https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/](https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/)||||
|
||||||
|DrayTek|Vigor Routers, Access Points, Switches, VigorACS Central Management Software, MyVigor Platform||Not Affected||[DrayTek Statement](https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/)|||12/15/2021|
|
|DrayTek|Vigor Routers, Access Points, Switches, VigorACS Central Management Software, MyVigor Platform||Not Affected||[DrayTek Statement](https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/)|||12/15/2021|
|
||||||
|Dynatrace|Managed cluster nodes||Affected||||||
|
|Dynatrace|Managed cluster nodes||Affected||||||
|
||||||
|
@ -376,6 +410,7 @@ This list was initially populated using information from the following sources:
|
||||||
| F-Secure| Policy Manager Proxy | 13-15 | Affected | Yes | [F-Secure services Status - 0-day exploit found in the Java logging package log4j2](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | |
|
| F-Secure| Policy Manager Proxy | 13-15 | Affected | Yes | [F-Secure services Status - 0-day exploit found in the Java logging package log4j2](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | |
|
||||||
| F-Secure | Elements Connector | | Affected | Yes | [The Log4J Vulnerability (CVE-2021-44228) – which F-Secure products are affected, what it means, what steps should you take - F-Secure Community](https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take) | | | |
|
| F-Secure | Elements Connector | | Affected | Yes | [The Log4J Vulnerability (CVE-2021-44228) – which F-Secure products are affected, what it means, what steps should you take - F-Secure Community](https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take) | | | |
|
||||||
| F-Secure | Messaging Security Gateway | | Affected | Yes | [The Log4J Vulnerability (CVE-2021-44228) – which F-Secure products are affected, what it means, what steps should you take - F-Secure Community](https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take) | | | |
|
| F-Secure | Messaging Security Gateway | | Affected | Yes | [The Log4J Vulnerability (CVE-2021-44228) – which F-Secure products are affected, what it means, what steps should you take - F-Secure Community](https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take) | | | |
|
||||||
|
| Fiix | Fiix CMMS Core| v5 | Fixed| | [PN1579 - Log4Shell Vulnerability Notice](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | The product has been updated to Log4j version 2.15. An additional patch is being developed to update to 2.16. No user interaction is required. | | 12/15/2021 |
|
||||||
| Forcepoint | DLP Manager | | Affected | | [Login (forcepoint.com)](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | |
|
| Forcepoint | DLP Manager | | Affected | | [Login (forcepoint.com)](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | |
|
||||||
| Forcepoint | Security Manager (Web, Email and DLP) | | Affected | | [Login (forcepoint.com)](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | |
|
| Forcepoint | Security Manager (Web, Email and DLP) | | Affected | | [Login (forcepoint.com)](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | |
|
||||||
| Forcepoint | Forcepoint Cloud Security Gateway (CSG) | | Not Affected | | [Login (forcepoint.com)](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | |
|
| Forcepoint | Forcepoint Cloud Security Gateway (CSG) | | Not Affected | | [Login (forcepoint.com)](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | |
|
||||||
|
@ -414,10 +449,140 @@ This list was initially populated using information from the following sources:
|
||||||
| Fortinet | FortiVoice | | Not Affected | | [PSIRT Advisories FortiGuard](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | |
|
| Fortinet | FortiVoice | | Not Affected | | [PSIRT Advisories FortiGuard](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | |
|
||||||
| Fortinet | FortiWeb Cloud | | Not Affected | | [PSIRT Advisories FortiGuard](https://www.fortiguard.com/psirt/FG-IR-21-245) | | ||
|
| Fortinet | FortiWeb Cloud | | Not Affected | | [PSIRT Advisories FortiGuard](https://www.fortiguard.com/psirt/FG-IR-21-245) | | ||
|
||||||
| FusionAuth | FusionAuth | 1.32 | Not Affected | | [log4j CVE: How it affects FusionAuth (TLDR: It doesn't) - FusionAuth](https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/) | | | |
|
| FusionAuth | FusionAuth | 1.32 | Not Affected | | [log4j CVE: How it affects FusionAuth (TLDR: It doesn't) - FusionAuth](https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/) | | | |
|
||||||
|
| Graylog | Graylog Server | All versions >= 1.2.0 and <= 4.2.2 | Affected | Yes | [Graylog Update for Log4j](https://www.graylog.org/post/graylog-update-for-log4j) | | | |
|
||||||
| Gradle | Gradle | | Not Affected | No | [Gradle Blog - Dealing with the critical Log4j vulnerability](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | |
|
| Gradle | Gradle | | Not Affected | No | [Gradle Blog - Dealing with the critical Log4j vulnerability](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | |
|
||||||
| Gradle | Gradle Enterprise | < 2021.3.6 | Affected | Yes | [Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2](https://security.gradle.com/advisory/2021-11) | | | |
|
| Gradle | Gradle Enterprise | < 2021.3.6 | Affected | Yes | [Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2](https://security.gradle.com/advisory/2021-11) | | | |
|
||||||
| Gradle | Gradle Enterprise Test Distribution Agent | < 1.6.2 | Affected | Yes | [Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2](https://security.gradle.com/advisory/2021-11) | | | |
|
| Gradle | Gradle Enterprise Test Distribution Agent | < 1.6.2 | Affected | Yes | [Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2](https://security.gradle.com/advisory/2021-11) | | | |
|
||||||
| Gradle | Gradle Enterprise Build Cache Node | < 10.1 | Affected | Yes | [Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2](https://security.gradle.com/advisory/2021-11) | | | |
|
| Gradle | Gradle Enterprise Build Cache Node | < 10.1 | Affected | Yes | [Gradle Enterprise Security Advisories - Remote code execution vulnerability due to use of Log4j2](https://security.gradle.com/advisory/2021-11) | | | |
|
||||||
|
| HPE | 3PAR StoreServ Arrays | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | AirWave Management Platform | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Alletra 6000 | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Alletra 9k | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Aruba Central | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Aruba ClearPass Policy Manager | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Aruba ClearPass Policy Manager | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Aruba Instant (IAP) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Aruba Location Services | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Aruba NetEdit | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Aruba PVOS Switches | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Aruba SDN VAN Controller | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Aruba User Experience Insight (UXI) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Aruba VIA Client | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | ArubaOS SD-WAN Controllers and Gateways | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | ArubaOS Wi-Fi Controllers and Gateways | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | ArubaOS-CX switches | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | ArubaOS-S switches | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | BladeSystem Onboard Administrator | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Brocade 16Gb SAN Switch for HPE BladeSystem c-Class | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Brocade Network Advisor | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | CloudAuth | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | CloudPhysics | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Compute Cloud Console | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Compute operations manager- FW UPDATE SERVICE | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | COS (Cray Operating System) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Cray Systems Management (CSM) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Custom SPP Portal [Link](https://spp.hpe.com/custom) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Data Services Cloud Console | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Harmony Data Platform | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HOP public services (grafana, vault, rancher, Jenkins) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE B-series SN2600B SAN Extension Switch | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE B-series SN4000B SAN Extension Switch | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE B-series SN6000B Fibre Channel Switch | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE B-series SN6500B Fibre Channel Switch | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE B-series SN6600B Fibre Channel Switch | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE B-series SN6650B Fibre Channel Switch | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE B-series SN6700B Fibre Channel Switch | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE Customer Experience Assurance (CEA) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE Home Location Register (HLR/I-HLR) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Infosight for Servers | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE Integrated Home Subscriber Server (I-HSS) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Intelligent Messaging (IM) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Intelligent Network Server (INS) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Multimedia Services Environment (MSE) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE OC Convergent Communications Platform (OCCP) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE OC Media Platform Media Resource Function (OCMP-MRF) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE OC Universal Signaling Platform (OC-USP-M) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE OneView | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE OneView for VMware vRealize Operations (vROps) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE OneView Global Dashboard | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE Performance Cluster Manager (HPCM) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Performance Manager (PM) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE OC Service Access Controller (OC SAC) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE OC Service Controller (OCSC) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Position Determination Entity (PDE) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Secure Identity Broker (SIB) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Service Activator (SA) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Service Governance Framework (SGF) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Service Orchestration Manager (SOM) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Service Provisioner (SP) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Short Message Point-to-Point Gateway (SMPP) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Slingshot | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE Smart Interaction Server (SIS) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE SN3000B Fibre Channel Switch | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE SN8000B 4-Slot SAN Director Switch | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE SN8000B 8-Slot SAN Backbone Director Switch | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE SN8600B 4-Slot SAN Director Switch | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE SN8600B 8-Slot SAN Director Switch | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE SN8700B 4-Slot Director Switch | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE SN8700B 8-Slot Director Switch | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE Subscriber, Network, and Application Policy (SNAP) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Subscription Manager (SM) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Synergy Image Streamer | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE Systems Insight Manager (SIM) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE Telecom Application Server (TAS) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Unified Correlation and Automation (UCA) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Unified OSS Console (UOC) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Universal SLA Manager (uSLAM) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Unified Mediation Bus (UMB) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Unified Topology Manager (UTM) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Universal Identity Repository (VIR) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Virtual Connect | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE Virtual Connect Enterprise Manager (VCEM) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE Virtual Provisioning Gateway (vPGW) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Virtual Server Environment (VSE) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | HPE Virtual Subscriber Data Management (vSDM) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE WebRTC Gateway Controller (WGW) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-14 |
|
||||||
|
| HPE | HPE Wi-Fi Authentication Gateway (WauG) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Insight Cluster Management Utility (CMU) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Integrated Lights-Out (iLO) Amplifier Pack | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Integrated Lights-Out 4 (iLO 4) | 4 | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Integrated Lights-Out 5 (iLO 5) | 5 | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Integrity BL860c, BL870c, BL890c | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Integrity Rx2800/Rx2900 | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Integrity Superdome 2 | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Integrity Superdome X | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Intelligent Provisioning | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | iSUT integrated smart update tool | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Maven Artifacts (Atlas) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | MSA | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | NetEdit | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Nimble Storage | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | NS-T0634-OSM CONSOLE TOOLS | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | NS-T0977-SCHEMA VALIDATOR | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | OfficeConnect | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Primera Storage | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | RepoServer part of OPA (on Premises aggregator) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Resource Aggregator for Open Distributed Infrastructure Management | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | RESTful Interface Tool (iLOREST) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | SAT (System Admin Toolkit) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Scripting Tools for Windows PowerShell (HPEiLOCmdlets) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | SGI MC990 X Server | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | SGI UV 2000 Server | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | SGI UV 300, 300H, 300RL, 30EX | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | SGI UV 3000 Server | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | SN8700B 8-Slot Director Switch | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | StoreEasy | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | StoreEver CVTL | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | StoreEver LTO Tape Drives | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | StoreEver MSL Tape Libraries | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | StoreOnce | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | SUM (Smart Update Manager) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Superdome Flex 280 | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | Superdome Flex Server | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|
| HPE | UAN (User Access Node) | | Not Affected | | [(Revision) Apache Software Log4j - Security Vulnerability CVE-2021-44228](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) |Support Communication Cross Reference ID: SIK7387 | | 2021-12-12 |
|
||||||
|IBM|Cognos Controller|10.4.2|Affected|Yes|[Security Bulletin: IBM Cognos Controller 10.4.2 IF15: Apache log4j Vulnerability (CVE-2021-44228)](https://www.ibm.com/support/pages/node/6526468>)|||12/15/2021|
|
|IBM|Cognos Controller|10.4.2|Affected|Yes|[Security Bulletin: IBM Cognos Controller 10.4.2 IF15: Apache log4j Vulnerability (CVE-2021-44228)](https://www.ibm.com/support/pages/node/6526468>)|||12/15/2021|
|
||||||
|IBM|Planning Analytics Workspace|>2.0.57|Affected|Yes|[Security Bulletin: IBM Planning Analytics 2.0: Apache log4j Vulnerability (CVE-2021-44228)](https://www.ibm.com/support/pages/node/6525700)|||12/15/2021|
|
|IBM|Planning Analytics Workspace|>2.0.57|Affected|Yes|[Security Bulletin: IBM Planning Analytics 2.0: Apache log4j Vulnerability (CVE-2021-44228)](https://www.ibm.com/support/pages/node/6525700)|||12/15/2021|
|
||||||
|IBM|Power HMC|V9.2.950.0 & V10.1.1010.0|Affected|Yes|[Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects Power HMC](https://www.ibm.com/support/pages/node/6526172?myns=pwrsmc&mynp=OCSGGSNP&mync=E&cm_sp=pwrsmc-_-OCSGGSNP-_-E)|||12/15/2021|
|
|IBM|Power HMC|V9.2.950.0 & V10.1.1010.0|Affected|Yes|[Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects Power HMC](https://www.ibm.com/support/pages/node/6526172?myns=pwrsmc&mynp=OCSGGSNP&mync=E&cm_sp=pwrsmc-_-OCSGGSNP-_-E)|||12/15/2021|
|
||||||
|
@ -521,6 +686,7 @@ This list was initially populated using information from the following sources:
|
||||||
|IBM|IBM Sterling Connect:Express for Microsoft Windows||Not Affected||[An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products)|||12/15/2021|
|
|IBM|IBM Sterling Connect:Express for Microsoft Windows||Not Affected||[An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products)|||12/15/2021|
|
||||||
|IBM|IBM Sterling Connect:Express for UNIX||Not Affected||[An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products)|||12/15/2021|
|
|IBM|IBM Sterling Connect:Express for UNIX||Not Affected||[An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products)|||12/15/2021|
|
||||||
|IBM|IBM Sterling Connect:Express for z/OS||Not Affected||[An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products)|||12/15/2021|
|
|IBM|IBM Sterling Connect:Express for z/OS||Not Affected||[An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products)|||12/15/2021|
|
||||||
|
|IBM| IBM Instana Agent | Lower than 12-11-2021 | Affected | Yes |[Instana Status Incidents](https://status.instana.io/incidents/4zgcd2gzf4jw)|||12/14/2021|
|
||||||
|IBM|Key Lifecyle Manager for z/OS||Not Affected||[An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products)|||12/15/2021|
|
|IBM|Key Lifecyle Manager for z/OS||Not Affected||[An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products)|||12/15/2021|
|
||||||
|IBM|Key Protect ||Not Affected||[An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products)|||12/15/2021|
|
|IBM|Key Protect ||Not Affected||[An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products)|||12/15/2021|
|
||||||
|IBM|Kubernetes Service ||Not Affected||[An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products)|||12/15/2021|
|
|IBM|Kubernetes Service ||Not Affected||[An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products)|||12/15/2021|
|
||||||
|
@ -600,10 +766,51 @@ This list was initially populated using information from the following sources:
|
||||||
|IBM|Virtualization Management Interface||Not Affected||[An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products)|||12/15/2021|
|
|IBM|Virtualization Management Interface||Not Affected||[An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products)|||12/15/2021|
|
||||||
|IBM|VPN for VPC ||Not Affected||[An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products)|||12/15/2021|
|
|IBM|VPN for VPC ||Not Affected||[An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products)|||12/15/2021|
|
||||||
|IBM|Workload Automation||Not Affected||[An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products)|||12/15/2021|
|
|IBM|Workload Automation||Not Affected||[An update on the Apache Log4j CVE-2021-44228 vulnerability - IBM PSIRT Blog](https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products)|||12/15/2021|
|
||||||
|
| Intland | codebeamer | <= 20.11-SP11, <= 21.09-SP3 | Affected | Some releases | [https://codebeamer.com/cb/wiki/19872365](Apache Log4j vulnerability and fixes) | A fix has been released for [https://codebeamer.com/cb/wiki/13134438](20.11) and [https://codebeamer.com/cb/wiki/19418497](21.09), but not yet for [https://codebeamer.com/cb/wiki/16937839](21.04) | | |
|
||||||
| ISEC7 | Sphere | N/A | Not Affected | No | | | |12/15/2021|
|
| ISEC7 | Sphere | N/A | Not Affected | No | | | |12/15/2021|
|
||||||
| Jenkins | CI/CD Core | | Not Affected | | | | | |
|
| Jenkins | CI/CD Core | | Not Affected | | | | | |
|
||||||
| Jenkins | Plugins | | Unkown | | | Need to audit plugins for use of log4j | | |
|
| Jenkins | Plugins | | Unkown | | | Need to audit plugins for use of log4j | | |
|
||||||
| Jetbrains | | | Affected | Yes | [https://www.jetbrains.com/help/license\_server/release\_notes.html](https://www.jetbrains.com/help/license_server/release_notes.html) | | | |
|
| Jetbrains | | | Affected | Yes | [https://www.jetbrains.com/help/license\_server/release\_notes.html](https://www.jetbrains.com/help/license_server/release_notes.html) | | | |
|
||||||
|
| MathWorks | All MathWorks general release desktop or server products | | Not Affected | No | [MathWorks statement regarding CVE-2021-44228](https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time) | | |
|
||||||
|
| Lenovo | DSS-G | | Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | XClarity Administrator (LXCA) | | Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | XClarity Energy Manager (LXEM) | | Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | XClarity Integrator (LXCI) for VMware vCenter | | Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | NetApp ONTAP Tools for VMware vSphere | | Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | See [NetApp](https://security.netapp.com/advisory/ntap-20211210-0007/) advisory. | | 2021-12-14 |
|
||||||
|
| Lenovo | ThinkAgile HX | | Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | Nutanix and VMware components only; hardware not affected. See [Nutanix](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) and [VMWare](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) advisories. | | 2021-12-14 |
|
||||||
|
| Lenovo | ThinkAgile VX | | Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | VMware components only; hardware not affected. See [VMWare](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) advisory. | | 2021-12-14 |
|
||||||
|
| Lenovo | XClarity Integrator (LXCI) for ServiceNow | | Under Investigation | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | XClarity Integrator (LXCI) for Nagios | | Under Investigation | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | XClarity Integrator (LXCI) for Microsoft Azure Log Analytics | | Under Investigation | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | Storage Management utilities | | Under Investigation | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | BIOS/UEFI | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | Chassis Management Module 2 (CMM) | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | Commercial Vantage | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | Confluent | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | Embedded System Management Java-based KVM clients | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | Fan Power Controller (FPC) | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | Fan Power Controller2 (FPC2) | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | Integrated Management Module II (IMM2) | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | System Update | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | Thin Installer | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | Update Retriever | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | Vantage | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | XClarity Orchestrator (LXCO) | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | XClarity Mobile (LXCM) | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | XClarity Integrator (LXCI) for Windows Admin Center | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | XClarity Integrator (LXCI) for Microsoft System Center | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | XClarity Controller (XCC) | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | XClarity Essentials (LXCE) | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | XClarity Provisioning Manager (LXPM) | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | Network Switches running: Lenovo CNOS, Lenovo ENOS, IBM ENOS, or Brocade FOS | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | System Management Module (SMM) | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | System Management Module 2 (SMM2) | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | ThinkSystem 2x1x16 Digital KVM Switch - Type 1754D1T | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | ThinkSystem DE Series Storage | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | See also NetApp advisory. | | 2021-12-14 |
|
||||||
|
| Lenovo | ThinkSystem DM Series Storage | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | See also NetApp advisory. | | 2021-12-14 |
|
||||||
|
| Lenovo | ThinkSystem DS Series Storage | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
| Lenovo | ThinkSystem Manager (TSM) | | Not Affected | | [Apache Log4j Vulnerability](https://support.lenovo.com/ca/en/product_security/len-76573) | | | 2021-12-14 |
|
||||||
|
|ManageEngine|Servicedsk Plus|11305 and below|Affected| | [Manage Engine Advisory](https://www.manageengine.com/products/service-desk/security-response-plan.html)|||12/15/2021|
|
||||||
| McAfee | ePolicy Orchestrator Agent Handlers (ePO-AH) | | Not Affected | | | | | |
|
| McAfee | ePolicy Orchestrator Agent Handlers (ePO-AH) | | Not Affected | | | | | |
|
||||||
| McAfee | Data Exchange Layer (DXL) | | Under Investigation | | | | | |
|
| McAfee | Data Exchange Layer (DXL) | | Under Investigation | | | | | |
|
||||||
| McAfee | Enterprise Security Manager (ESM) | | Under Investigation | | | | | |
|
| McAfee | Enterprise Security Manager (ESM) | | Under Investigation | | | | | |
|
||||||
|
@ -613,6 +820,10 @@ This list was initially populated using information from the following sources:
|
||||||
| McAfee | Network Security Platform (NSP) | | Under Investigation | | | | | |
|
| McAfee | Network Security Platform (NSP) | | Under Investigation | | | | | |
|
||||||
| McAfee | Threat Intelligence Exchange (TIE) | | Under Investigation | | | | | |
|
| McAfee | Threat Intelligence Exchange (TIE) | | Under Investigation | | | | | |
|
||||||
| Microsoft | Azure Data lake store java | < 2.3.10 | Affected | | [azure-data-lake-store-java/CHANGES.md at ed5d6304783286c3cfff0a1dee457a922e23ad48 · Azure/azure-data-lake-store-java · GitHub](https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310) | | | |
|
| Microsoft | Azure Data lake store java | < 2.3.10 | Affected | | [azure-data-lake-store-java/CHANGES.md at ed5d6304783286c3cfff0a1dee457a922e23ad48 · Azure/azure-data-lake-store-java · GitHub](https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310) | | | |
|
||||||
|
| Microsoft| Azure Data lake store java| < 2.3.10| Affected|| [azure-data-lake-store-java/CHANGES.md at ed5d6304783286c3cfff0a1dee457a922e23ad48 · Azure/azure-data-lake-store-java · GitHub](https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310)||||
|
||||||
|
| Microsoft| Azure DevOps|| Not Affected| | [Azure DevOps (and Azure DevOps Server) and the log4j vulnerability](https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511)||||
|
||||||
|
| Microsoft| Azure DevOps Server| 2019.0 - 2020.1| Affected| No | [Azure DevOps (and Azure DevOps Server) and the log4j vulnerability](https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511)||||
|
||||||
|
| Microsoft| Team Foundation Server| 2018.2+| Affected| No | [Azure DevOps (and Azure DevOps Server) and the log4j vulnerability](https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511)||||
|
||||||
| MongoDB | MongoDB Atlas Search | | Affected | yes | [https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | |
|
| MongoDB | MongoDB Atlas Search | | Affected | yes | [https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | |
|
||||||
| MongoDB | All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) | | Not Affected | | [https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | |
|
| MongoDB | All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) | | Not Affected | | [https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | |
|
||||||
| MongoDB | MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators) | | Not Affected | | [https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | |
|
| MongoDB | MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators) | | Not Affected | | [https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | |
|
||||||
|
@ -634,14 +845,21 @@ This list was initially populated using information from the following sources:
|
||||||
| Okta | Okta Mobile | | Not Affected | | [Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security](https://sec.okta.com/articles/2021/12/log4shell) | | | 12/12/2021 |
|
| Okta | Okta Mobile | | Not Affected | | [Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security](https://sec.okta.com/articles/2021/12/log4shell) | | | 12/12/2021 |
|
||||||
| Okta | Okta Workflows | | Not Affected | | [Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security](https://sec.okta.com/articles/2021/12/log4shell) | | | 12/12/2021 |
|
| Okta | Okta Workflows | | Not Affected | | [Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security](https://sec.okta.com/articles/2021/12/log4shell) | | | 12/12/2021 |
|
||||||
| Okta | Okta Verify | | Not Affected | | [Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security](https://sec.okta.com/articles/2021/12/log4shell) | | | 12/12/2021 |
|
| Okta | Okta Verify | | Not Affected | | [Okta’s response to CVE-2021-44228 (“Log4Shell”) Okta Security](https://sec.okta.com/articles/2021/12/log4shell) | | | 12/12/2021 |
|
||||||
| Palo-Alto | Prisma Cloud Compute| | Not Affected | | [CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)](https://security.paloaltonetworks.com/CVE-2021-44228) | | | |
|
| Palo-Alto Networks | Prisma Cloud Compute| | Not Affected | | [CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)](https://security.paloaltonetworks.com/CVE-2021-44228) | | | |
|
||||||
| Palo-Alto | Prisma Cloud | | Not Affected | | [CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)](https://security.paloaltonetworks.com/CVE-2021-44228) | | | |
|
| Palo-Alto Networks | Prisma Cloud | | Not Affected | | [CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)](https://security.paloaltonetworks.com/CVE-2021-44228) | | | |
|
||||||
| Palo-Alto | PAN-OS | | Not Affected | | [CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)](https://security.paloaltonetworks.com/CVE-2021-44228) | | | |
|
| Palo-Alto Networks | PAN-OS for Firewall and Wildfire | | Not Affected | | [CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)](https://security.paloaltonetworks.com/CVE-2021-44228) | | | |
|
||||||
| Palo-Alto | GlobalProtect App | | Not Affected | | [CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)](https://security.paloaltonetworks.com/CVE-2021-44228) | | | |
|
| Palo-Alto Networks | GlobalProtect App | | Not Affected | | [CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)](https://security.paloaltonetworks.com/CVE-2021-44228) | | | |
|
||||||
| Palo-Alto | Cortex XSOAR | | Not Affected | | [CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)](https://security.paloaltonetworks.com/CVE-2021-44228) | | | |
|
| Palo-Alto Networks | Cortex XSOAR | | Not Affected | | [CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)](https://security.paloaltonetworks.com/CVE-2021-44228) | | | |
|
||||||
| Palo-Alto | Cortex XDR Agent | | Not Affected | | [CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)](https://security.paloaltonetworks.com/CVE-2021-44228) | | | |
|
| Palo-Alto Networks | Cortex XDR Agent | | Not Affected | | [CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)](https://security.paloaltonetworks.com/CVE-2021-44228) | | | |
|
||||||
| Palo-Alto | CloudGenix | | Not Affected | | [CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)](https://security.paloaltonetworks.com/CVE-2021-44228) | | | |
|
| Palo-Alto | CloudGenix | | Not Affected | | [CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)](https://security.paloaltonetworks.com/CVE-2021-44228) | | | |
|
||||||
| Palo-Alto | Panorama | 9.0, 9.1, 10.0 | Affected | Yes | [Unit42 Palo-Alto Apache Log4j Vulnerability](https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/) | | Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will be updated when hot fixes for the affected Panorama versions are available | 12/15/2021 |
|
| Palo-Alto | PAN-OS for Panorama | 9.0, 9.1, 10.0 | Affected | Yes | [CVE-2021-44228:Impact of Log4J Vulnerability](https://security.paloaltonetworks.com/CVE-2021-44228) | | Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will be updated when hot fixes for the affected Panorama versions are available. PAN-OS for Panorama versions 8.1, 10.1 are not affected. | 12/15/2021 |
|
||||||
|
| Ping Identity | PingFederate | 8.0 <= version <= 10.3.4 | Affected | Yes | [Log4j2 vulnerability CVE-2021-44228](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | 2021-12-15 |
|
||||||
|
| Ping Identity | PingFederate OAuth Playground | < 4.3.1 | Affected | Yes | [Log4j2 vulnerability CVE-2021-44228](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | 2021-12-15 |
|
||||||
|
| Ping Identity | PingFederate Java Integration Kit | < 2.7.2 | Affected | Yes | [Log4j2 vulnerability CVE-2021-44228](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | 2021-12-15 |
|
||||||
|
| Ping Identity | PingAccess | 4.0 <= version <= 6.3.2 | Affected | Yes | [Log4j2 vulnerability CVE-2021-44228](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | 2021-12-15 |
|
||||||
|
| Ping Identity | PingCentral | | Affected | Yes | [Log4j2 vulnerability CVE-2021-44228](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | 2021-12-15 |
|
||||||
|
| Ping Identity | PingIntelligence | | Affected | Yes | [Log4j2 vulnerability CVE-2021-44228](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | 2021-12-15 |
|
||||||
|
| Plex | Plex Industrial IoT | | Fixed | | [PN1579 - Log4Shell Vulnerability Notice](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | The product has been updated to Log4j version 2.15. An additional patch is being developed to update to 2.16. No user interaction is required. | | 12/15/2021 |
|
||||||
| Pulse Secure | Pulse Secure Virtual Traffic Manager | | Not Affected | | [Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | |
|
| Pulse Secure | Pulse Secure Virtual Traffic Manager | | Not Affected | | [Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | |
|
||||||
| Pulse Secure | Pulse Secure Services Director | | Not Affected | | [Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | |
|
| Pulse Secure | Pulse Secure Services Director | | Not Affected | | [Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | |
|
||||||
| Pulse Secure | Pulse Secure Web Application Firewall | | Not Affected | | [Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | |
|
| Pulse Secure | Pulse Secure Web Application Firewall | | Not Affected | | [Pulse Secure Article: KB44933 - CVE-2021-44228 - Java logging library (log4j)](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | |
|
||||||
|
@ -704,6 +922,12 @@ This list was initially populated using information from the following sources:
|
||||||
| Red Hat Software Collections | rh-maven35-log4j12 | | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | |
|
| Red Hat Software Collections | rh-maven35-log4j12 | | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | |
|
||||||
| Red Hat Software Collections | rh-java-common-log4j | | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | |
|
| Red Hat Software Collections | rh-java-common-log4j | | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | |
|
||||||
| Redhat | log4j-core | | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | |
|
| Redhat | log4j-core | | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | |
|
||||||
|
| Rockwell Automation | Warehouse Management | 4.01.00, 4.02.00, 4.02.01, 4.02.02| Affected | Under development | [PN1579 - Log4Shell Vulnerability Notice](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | 12/15/2021 |
|
||||||
|
| Rockwell Automation | MES EIG | 3.03.00 | Affected | No, product discontinued | [PN1579 - Log4Shell Vulnerability Notice](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | Customers should upgrade to EIG Hub if possible or work with their local representatives about alternative solutions. | | 12/15/2021 |
|
||||||
|
| Rockwell Automation | Industrial Data Center | Gen 1, Gen 2, Gen 3, Gen 3.5 | Fixed | Follow the mitigation instructions outlined by VMware in VMSA-2021-0028 | [PN1579 - Log4Shell Vulnerability Notice](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | 12/15/2021 |
|
||||||
|
| Rockwell Automation | VersaVirtual | Series A | Fixed | Follow the mitigation instructions outlined by VMware in VMSA-2021-0028 | [PN1579 - Log4Shell Vulnerability Notice](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | 12/15/2021 |
|
||||||
|
| Rockwell Automation | FactoryTalk Analytics DataFlowML | 4.00.00 | Affected | Under development | [PN1579 - Log4Shell Vulnerability Notice](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | 12/15/2021 |
|
||||||
|
| Rockwell Automation | FactoryTalk Analytics DataView | 3.03.00 | Affected | Under development | [PN1579 - Log4Shell Vulnerability Notice](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | 12/15/2021 |
|
||||||
| RSA | SecurID Authentication Manager | | Not Affected | | | | | |
|
| RSA | SecurID Authentication Manager | | Not Affected | | | | | |
|
||||||
| RSA | SecurID Authentication Manager Prime | | Not Affected | | | | | |
|
| RSA | SecurID Authentication Manager Prime | | Not Affected | | | | | |
|
||||||
| RSA | SecurID Authentication Manager WebTier | | Not Affected | | | | | |
|
| RSA | SecurID Authentication Manager WebTier | | Not Affected | | | | | |
|
||||||
|
@ -711,6 +935,26 @@ This list was initially populated using information from the following sources:
|
||||||
| RSA | SecurID Governance and Lifecycle | | Not Affected | | | | | |
|
| RSA | SecurID Governance and Lifecycle | | Not Affected | | | | | |
|
||||||
| RSA | SecurID Governance and Lifecycle Cloud | | Not Affected | | | | | |
|
| RSA | SecurID Governance and Lifecycle Cloud | | Not Affected | | | | | |
|
||||||
| Ruckus | Virtual SmartZone (vSZ) | 5.1 to 6.0 | Affected | | [Ruckus Wireless (support.ruckuswireless.com)](https://support.ruckuswireless.com/security_bulletins/313) | | | 12/13/2021 |
|
| Ruckus | Virtual SmartZone (vSZ) | 5.1 to 6.0 | Affected | | [Ruckus Wireless (support.ruckuswireless.com)](https://support.ruckuswireless.com/security_bulletins/313) | | | 12/13/2021 |
|
||||||
|
| Salesforce | Sales Cloud || Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1)|"Sales Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021|
|
||||||
|
| Salesforce | Service Cloud || Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1)| "Service Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021|
|
||||||
|
| Salesforce | Community Cloud ||Affected|| [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1)|"Community Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021|
|
||||||
|
| Salesforce | B2C Commerce Cloud ||Affected||[Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1)|"B2C Commerce Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021|
|
||||||
|
| Salesforce | Analytics Cloud ||Affected||[Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1)|"Analytics Cloud is reported to be affected by CVE-2021-44228. Services have been updated to mitigate the issues identified in CVE-2021-44228 and we are executing our final validation steps."||12/15/2021|
|
||||||
|
| Salesforce | Force.com ||Affected||[Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1)|"Force.com is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021|
|
||||||
|
| Salesforce | Social Studio ||Affected||[Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1)|"Social Studio is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021|
|
||||||
|
| Salesforce | Datorama ||Affected||[Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1)|"Datorama is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021|
|
||||||
|
| Salesforce | Pardot ||Affected||[Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1)|"Pardot is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021|
|
||||||
|
| Salesforce | Data.com ||Affected||[Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1)|"Data.com is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021|
|
||||||
|
| Salesforce | Heroku ||Not Affected||[Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1)|"Heroku is reported to not be affected by CVE-2021-44228; no further action is necessary at this time."||12/15/2021|
|
||||||
|
| Salesforce | Marketing Cloud ||Affected||[Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1)|"Marketing Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021|
|
||||||
|
| Salesforce | MuleSoft (Cloud) ||Affected||[Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1)|"MuleSoft (Cloud) is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021|
|
||||||
|
| Salesforce | MuleSoft (On-Premise) ||Unknown||[Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1)|"Please contact Customer Support."||12/15/2021|
|
||||||
|
| Salesforce | ClickSoftware (As-a-Service) ||Affected||[Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) |"ClickSoftware (As-a-Service) is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021|
|
||||||
|
| Salesforce | ClickSoftware (On-Premise) ||Unknown||[Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) |"Please contact Customer Support."||12/15/2021|
|
||||||
|
| Salesforce | Tableau (Online) | | Affected| | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) |"Tableau (Online) is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021|
|
||||||
|
| Salesforce | Tableau (On-Premise) | | Unknown | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1)|"Please contact Customer Support." ||12/15/2021|
|
||||||
|
| Salesforce | Slack | | Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1)|"Slack is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228."||12/15/2021|
|
||||||
|
| Salesforce | Evergage (Interaction Studio) | | Affected | |[Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1)|"Evergage (Interaction Studio) is reported to be affected by CVE-2021-44228. Services have been updated to mitigate the issues identified in CVE-2021-44228 and we are executing our final validation steps."||12/15/2021|
|
||||||
| Siemens | Capital | All Versions >- 2019.1 SP1912 | Affected | Yes | [Siemens Advisory Link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | Only affected if Teamcenter integration feature is used. Mitigation: [Mitigation Link](https://support.sw.siemens.com/en-US/knowledge-base/MG618363) | | 12/15/2021 |
|
| Siemens | Capital | All Versions >- 2019.1 SP1912 | Affected | Yes | [Siemens Advisory Link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | Only affected if Teamcenter integration feature is used. Mitigation: [Mitigation Link](https://support.sw.siemens.com/en-US/knowledge-base/MG618363) | | 12/15/2021 |
|
||||||
| Siemens | Comos Desktop App | All Versions | Affected | Yes | [Siemens Advisory Link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | | 12/15/2021 |
|
| Siemens | Comos Desktop App | All Versions | Affected | Yes | [Siemens Advisory Link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | | 12/15/2021 |
|
||||||
| Siemens | Desigo CC Advanced Reporting | V4.0, 4.1, 4.2, 5.0, 5.1 | Affected | Yes | [Siemens Advisory Link]( https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | | 12/15/2021 |
|
| Siemens | Desigo CC Advanced Reporting | V4.0, 4.1, 4.2, 5.0, 5.1 | Affected | Yes | [Siemens Advisory Link]( https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | | 12/15/2021 |
|
||||||
|
@ -724,9 +968,9 @@ This list was initially populated using information from the following sources:
|
||||||
| Siemens | Industrial Edge Management Hub | All versions | Affected | Yes | [Siemens Advisory Link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | | 12/15/2021 |
|
| Siemens | Industrial Edge Management Hub | All versions | Affected | Yes | [Siemens Advisory Link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | | 12/15/2021 |
|
||||||
| Siemens | LOGO! Soft Comfort | All versions | Affected | Yes | [Siemens Advisory Link]( https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | |12/15/2021 |
|
| Siemens | LOGO! Soft Comfort | All versions | Affected | Yes | [Siemens Advisory Link]( https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | |12/15/2021 |
|
||||||
| Siemens | Mendix Applications | All Versions | Not Affected | Yes | [Siemens Advisory Link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf)| | | 12/15/2021 |
|
| Siemens | Mendix Applications | All Versions | Not Affected | Yes | [Siemens Advisory Link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf)| | | 12/15/2021 |
|
||||||
|
| Siemens | Mindsphere Cloud Application | All Versions < 2021-12-11 | Affected | Yes | [Siemens Advisory Link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf)| Fixed on Cloud Version | |12/15/2021 |'
|
||||||
| Siemens | NX | All Versions | Affected | Yes | [Siemens Advisory Link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | | 12/15/2021 |
|
| Siemens | NX | All Versions | Affected | Yes | [Siemens Advisory Link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | | 12/15/2021 |
|
||||||
| Siemens | Opcenter Intelligence | All Versions >=3.2 | Affected | Yes |[Siemens Advisory Link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | Only OEM version that ships Tableau | | 12/15/2021 |
|
| Siemens | Opcenter Intelligence | All Versions >=3.2 | Affected | Yes |[Siemens Advisory Link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | Only OEM version that ships Tableau | | 12/15/2021 |
|
||||||
| Siemens | Mindsphere Cloud Application | All Versions < 2021-12-11 | Affected | Yes | [Siemens Advisory Link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf)| Fixed on Cloud Version | |12/15/2021 |
|
|
||||||
| Siemens | Operation Scheduler | All versions >= V1.1.3 | Affected | Yes | [Siemens Advisory Link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) |Block incoming and outgoing connections | | 12/15/2021 |
|
| Siemens | Operation Scheduler | All versions >= V1.1.3 | Affected | Yes | [Siemens Advisory Link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) |Block incoming and outgoing connections | | 12/15/2021 |
|
||||||
| Siemens | SIGUARD DSA | V4.2, 4.3, 4.4 | Affected | Yes | [Siemens Advisory Link]( https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | |12/15/2021 |
|
| Siemens | SIGUARD DSA | V4.2, 4.3, 4.4 | Affected | Yes | [Siemens Advisory Link]( https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | |12/15/2021 |
|
||||||
| Siemens | SIMATIC WinCC | All Versions <V7.4 SP1 | Affected | Yes | [Siemens Advisory Link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | | 12/15/2021 |
|
| Siemens | SIMATIC WinCC | All Versions <V7.4 SP1 | Affected | Yes | [Siemens Advisory Link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | | 12/15/2021 |
|
||||||
|
@ -788,13 +1032,17 @@ This list was initially populated using information from the following sources:
|
||||||
| Splunk | Splunk Forwarders (UF/HWF) | | Under Investigation | | [Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/12/2021 |
|
| Splunk | Splunk Forwarders (UF/HWF) | | Under Investigation | | [Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/12/2021 |
|
||||||
| Splunk | Splunk Mint | | Under Investigation | | [Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/12/2021 |
|
| Splunk | Splunk Mint | | Under Investigation | | [Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Splunk](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | 12/12/2021 |
|
||||||
| Spring | Spring Boot | | Unkown | | [https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot](https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot) | Spring Boot users are only affected by this vulnerability if they have switched the default logging system to Log4J2 | | |
|
| Spring | Spring Boot | | Unkown | | [https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot](https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot) | Spring Boot users are only affected by this vulnerability if they have switched the default logging system to Log4J2 | | |
|
||||||
|TPLink| Omega Controller| Linux/Windows(all)| Affected| Yes| [Statement on Apache Log4j Vulnerability](https://www.tp-link.com/us/support/faq/3255/)| Update is Beta. Reddit: "overwritten" vulnerable log4j with 2.15 files as potential workaround. Though that should now be done with 2.16 | "https://community.tp-link.com/en/business/forum/topic/514452 https://www.reddit.com/r/TPLink_Omada/comments/rdzvlp/updating_the_sdn_to_protect_against_the_log4j/|" 12/15/2021|
|
| Tech Software | OneAegis (f/k/a IRBManager) | All versions | Not Affected | | [Log4j CVE-2021-44228 Vulnerability Impact Statement](https://support.techsoftware.com/hc/en-us/articles/4412825948179) | OneAegis does not use Log4j. | | 12/15/2021 |
|
||||||
|
| Tech Software | SMART | All versions | Not Affected | | [Log4j CVE-2021-44228 Vulnerability Impact Statement](https://support.techsoftware.com/hc/en-us/articles/4412825948179) | SMART does not use Log4j. | | 12/15/2021 |
|
||||||
|
| Tech Software | Study Binders | All versions | Not Affected | | [Log4j CVE-2021-44228 Vulnerability Impact Statement](https://support.techsoftware.com/hc/en-us/articles/4412825948179) | Study Binders does not use Log4j. | | 12/15/2021 |
|
||||||
|
|TPLink|Omega Controller|Linux/Windows all|Affected|Yes|[Statement on Apache Log4j Vulnerability](https://www.tp-link.com/us/support/faq/3255)|Update is Beta. Reddit: overwritten vulnerable log4j with 2.15 files as potential workaround. Though that should now be done with 2.16|[Tp Community Link](https://community.tp-link.com/en/business/forum/topic/514452), [Reddit Link](https://www.reddit.com/r/TPLink_Omada/comments/rdzvlp/updating_the_sdn_to_protect_against_the_log4j)|12/15/2021|
|
||||||
| TrendMicro | All | | Under Investigation | | [https://success.trendmicro.com/solution/000289940](https://success.trendmicro.com/solution/000289940) | | | |
|
| TrendMicro | All | | Under Investigation | | [https://success.trendmicro.com/solution/000289940](https://success.trendmicro.com/solution/000289940) | | | |
|
||||||
| Ubiquiti | UniFi Network Application | 6.5.53 & lower versions | Affected | Yes | [UniFi Network Application 6.5.54 Ubiquiti Community](https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1) | | | |
|
| Ubiquiti | UniFi Network Application | 6.5.53 & lower versions | Affected | Yes | [UniFi Network Application 6.5.54 Ubiquiti Community](https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1) | | | |
|
||||||
| Ubiquiti | UniFi Network Controller | 6.5.54 & lower versions | Affected | Yes | [UniFi Network Application 6.5.55 Ubiquiti Community](https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e) | | 6.5.54 is reported to still be vulnerable. 6.5.55 is the new recommendation for mitigatin log4j vulnerabilities by updating to log4j 2.16.0 | 12/15/2021 |
|
| Ubiquiti | UniFi Network Controller | 6.5.54 & lower versions | Affected | Yes | [UniFi Network Application 6.5.55 Ubiquiti Community](https://community.ui.com/releases/UniFi-Network-Application-6-5-55/48c64137-4a4a-41f7-b7e4-3bee505ae16e) | | 6.5.54 is reported to still be vulnerable. 6.5.55 is the new recommendation for mitigatin log4j vulnerabilities by updating to log4j 2.16.0 | 12/15/2021 |
|
||||||
| VMware | VMware vCenter Server | 8.x, 7.x | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 |
|
| VMware | VMware vCenter Server | 8.x, 7.x | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 |
|
||||||
| VMware | VMware vCenter Server | 7.x, 6.x | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 |
|
| VMware | VMware vCenter Server | 7.x, 6.x | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 |
|
||||||
| VMware | VMware vCenter Server | 6.x | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 |
|
| VMware | VMware vCenter Server | 6.x | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 |
|
||||||
|
| VMware | VMware Horizon | N/A | Affected | Yes | [VMSA-2021-0028](https://kb.vmware.com/s/article/87073) | | | 12/14/2021 |
|
||||||
| VMware | VMware HCX | 4.x, 3.x | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 |
|
| VMware | VMware HCX | 4.x, 3.x | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 |
|
||||||
| VMware | VMware NSX-T Data Centern | 3.x, 2.x | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 |
|
| VMware | VMware NSX-T Data Centern | 3.x, 2.x | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 |
|
||||||
| VMware | VMware Unified Access Gateway | 21.x, 20.x, 3.x | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 |
|
| VMware | VMware Unified Access Gateway | 21.x, 20.x, 3.x | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 |
|
||||||
|
@ -830,5 +1078,4 @@ This list was initially populated using information from the following sources:
|
||||||
| VMware | VMware Horizon DaaS | 9.1.x, 9.0.x | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 |
|
| VMware | VMware Horizon DaaS | 9.1.x, 9.0.x | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 |
|
||||||
| VMware | VMware Horizon Cloud Connector | 1.x, 2.x | Affected | Yes | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 |
|
| VMware | VMware Horizon Cloud Connector | 1.x, 2.x | Affected | Yes | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 |
|
||||||
|Zendesk|All Products|All Versions|Affected |No|[2021-12-13 Security Advisory - Apache Log4j (CVE-2021-44228)](https://support.zendesk.com/hc/en-us/articles/4413583476122)|Zendesk products are all cloud-based; thus there are no updates for the customers to install as the company is working on patching their infrastructure and systems.||12/13/2021|
|
|Zendesk|All Products|All Versions|Affected |No|[2021-12-13 Security Advisory - Apache Log4j (CVE-2021-44228)](https://support.zendesk.com/hc/en-us/articles/4413583476122)|Zendesk products are all cloud-based; thus there are no updates for the customers to install as the company is working on patching their infrastructure and systems.||12/13/2021|
|
||||||
|Zscaler|Multiple Products||Not Affected|No|[CVE-2021-44228 log4j Vulnerability](https://trust.zscaler.com/posts/9581)|||
|
|Zscaler|Multiple Products||Not Affected|No|[CVE-2021-44228 log4j Vulnerability](https://trust.zscaler.com/posts/9581)|||12/15/2012|
|
||||||
|ManageEngine| Servicedsk Plus | 11305 and below | Affected | https://www.manageengine.com/products/service-desk/security-response-plan.html
|
|
||||||
|
|
Loading…
Reference in a new issue