r3pek
/
log4j-affected-db
mirror of https://github.com/cisagov/log4j-affected-db
1
0
Fork 0
Code Releases Activity

Update the software list

Browse Source
pull/415/head
cisagovbot 2 years ago
parent fce8d64271
commit d6728c61d1
1 changed files with 86 additions and 86 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 172
      SOFTWARE-LIST.md

172
SOFTWARE-LIST.md
Unescape View File

@ -91,7 +91,7 @@ This list was initially populated using information from the following sources:
| Anaconda | Anaconda | | | Not Affected | [link](https://docs.conda.io/projects/conda/en/latest/index.html) | | | cisagov | 2021-12-21 |
| Apache | ActiveMQ Artemis | | | Not Affected | [link](https://activemq.apache.org/news/cve-2021-44228) | ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). Although this version of Log4j is not impacted by CVE-2021-44228 future versions of Artemis will be updated so that the Log4j jar is no longer included in the web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) for more information on that task. | | cisagov | 2021-12-21 |
| Apache | Airflow | | | Unknown | [link](https://github.com/apache/airflow/tree/main/airflow) | Airflow is written in Python | | cisagov | 2021-12-30 |
| Apache | Camel | 3.14.1.3.11.5,3.7.7 | | Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4. | | cisagov | 2021-12-13 |
| Apache | Camel | 3.14.1.3.11.5, 3.7.7 | | Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4. | | cisagov | 2021-12-13 |
| Apache | Camel 2 | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | cisagov | 2021-12-13 |
| Apache | Camel JBang | <=3.1.4 | | Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | cisagov | 2021-12-13 |
| Apache | Camel K | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | cisagov | 2021-12-13 |
@ -99,17 +99,17 @@ This list was initially populated using information from the following sources:
| Apache | Camel Quarkus | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | cisagov | 2021-12-13 |
| Apache | CamelKafka Connector | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | cisagov | 2021-12-13 |
| Apache | Druid | < druid 0.22.0 | | Affected | [link](https://github.com/apache/druid/releases/tag/druid-0.22.1) | | | cisagov | 2021-12-12 |
| Apache | Flink | | < 1.14.2,1.13.5,1.12.7,1.11.6 | Fixed | [link](https://flink.apache.org/2021/12/10/log4j-cve.html) | To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. | [https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html) | cisagov | 2021-12-12 |
| Apache | Flink | | < 1.14.2, 1.13.5, 1.12.7, 1.11.6 | Fixed | [link](https://flink.apache.org/2021/12/10/log4j-cve.html) | To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. | [https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html) | cisagov | 2021-12-12 |
| Apache | Kafka | | | Not Affected | [link](https://kafka.apache.org/cve-list) | The current DB lists Apache Kafka as impacted. Apache Kafka uses Log4jv1, not v2. | | cisagov | 2021-12-14 |
| Apache | Kafka | Unknown | | Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | Only vulnerable in certain configuration(s) | | cisagov | 2021-12-30 |
| Apache | Log4j | < 2.15.0 | | Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | | | cisagov | 2021-12-30 |
| Apache | Solr | | 7.4.0 to 7.7.3,8.0.0 to 8.11.0 | Fixed | [link](https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228) | Update to 8.11.1 or apply fixes as described in Solr security advisory | [Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html) | cisagov | 2021-12-16 |
| Apache | Solr | | 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 | Fixed | [link](https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228) | Update to 8.11.1 or apply fixes as described in Solr security advisory | [Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html) | cisagov | 2021-12-16 |
| Apache | Struts 2 | Versions before 2.5.28.1 | | Affected | [link](https://struts.apache.org/announce-2021) | The Apache Struts group is pleased to announce that Struts 2.5.28.1 is available as a “General Availability” release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by using the latest Log4j 2.12.2 version (Java 1.7 compatible). | [Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga) | cisagov | 2021-12-21 |
| Apache | Tomcat | 9.0.x | | Affected | [link](https://tomcat.apache.org/security-9.html) | Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications deployed on Apache Tomcat may have a dependency on log4j. You should seek support from the application vendor in this instance. It is possible to configure Apache Tomcat 9.0.x to use log4j 2.x for Tomcat's internal logging. This requires explicit configuration and the addition of the log4j 2.x library. Anyone who has switched Tomcat's internal logging to log4j 2.x is likely to need to address this vulnerability. In most cases, disabling the problematic feature will be the simplest solution. Exactly how to do that depends on the exact version of log4j 2.x being used. Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) | | cisagov | 2021-12-21 |
| APC by Schneider Electric | Powerchute Business Edition | | v9.5,v10.0.1,v10.0.2,v10.0.3,v10.0.4 | Fixed | [link](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | cisagov | 2021-12-15 |
| APC by Schneider Electric | Powerchute Network Shutdown | | 4.2,4.3,4.4,4.4.1 | Fixed | [link](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | cisagov | 2021-12-15 |
| APC by Schneider Electric | Powerchute Business Edition | | v9.5, v10.0.1, v10.0.2, v10.0.3, v10.0.4 | Fixed | [link](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | cisagov | 2021-12-15 |
| APC by Schneider Electric | Powerchute Network Shutdown | | 4.2, 4.3, 4.4, 4.4.1 | Fixed | [link](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | cisagov | 2021-12-15 |
| Apereo | CAS | 6.3.x & 6.4.x | | Affected | [link](https://apereo.github.io/2021/12/11/log4j-vuln/) | | | cisagov | 2021-12-30 |
| Apereo | Opencast | < 9.10,< 10.6 | | Affected | [link](https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8) | | | cisagov | 2021-12-30 |
| Apereo | Opencast | < 9.10, < 10.6 | | Affected | [link](https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8) | | | cisagov | 2021-12-30 |
| Apigee | | | | Unknown | [link](https://status.apigee.com/incidents/3cgzb0q2r10p) | | | cisagov | 2021-12-30 |
| Apollo | | | | Unknown | [link](https://community.apollographql.com/t/log4j-vulnerability/2214) | | | cisagov | 2021-12-30 |
| Appdynamics | | | | Unknown | [link](https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability) | | | cisagov | 2021-12-30 |
@ -152,35 +152,35 @@ This list was initially populated using information from the following sources:
| Autopsy | | | | Unknown | [link](https://www.autopsy.com/autopsy-and-log4j-vulnerability/) | | | cisagov | 2021-12-30 |
| Auvik | | | | Unknown | [link](https://status.auvik.com/incidents/58bfngkz69mj) | | | cisagov | 2021-12-30 |
| Avantra SYSLINK | | | | Unknown | [link](https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability) | | | cisagov | 2021-12-30 |
| Avaya | Avaya Analytics | 3.5,3.6,3.6.1,3.7,4 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya Analytics | 3.5, 3.6, 3.6.1, 3.7, 4 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya Aura for OneCloud Private | | | Unknown | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | Avaya is scanning and monitoring its OneCloud Private environments as part of its management activities. Avaya will continue to monitor this fluid situation and remediations will be made as patches become available, in accordance with appropriate change processes. | | cisagov | 2021-12-14 |
| Avaya | Avaya Aura® Application Enablement Services | 8.1.3.2,8.1.3.3,10.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020551u](https://download.avaya.com/css/public/documents/101079386) | cisagov | 2021-12-14 |
| Avaya | Avaya Aura® Contact Center | 7.0.2,7.0.3,7.1,7.1.1,7.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya Aura® Device Services | 8,8.1,8.1.4,8.1.5 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya Aura® Device Services | 8.0.1,8.0.2,8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya Aura® Media Server | 8.0.0,8.0.1,8.0.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020549u](https://download.avaya.com/css/secure/documents/101079316) | cisagov | 2021-12-14 |
| Avaya | Avaya Aura® Presence Services | 10.1,7.1.2,8,8.0.1,8.0.2,8.1,8.1.1,8.1.2,8.1.3,8.1.4 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya Aura® Session Manager | 10.1,7.1.3,8,8.0.1,8.1,8.1.1,8.1.2,8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020550u](https://download.avaya.com/css/public/documents/101079384) | cisagov | 2021-12-14 |
| Avaya | Avaya Aura® System Manager | 10.1,8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN005565u](https://download.avaya.com/css/secure/documents/101079390) | cisagov | 2021-12-14 |
| Avaya | Avaya Aura® Web Gateway | 3.11[P],3.8.1[P],3.8[P],3.9.1 [P],3.9[P] | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya Breeze™ | 3.7,3.8,3.8.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya Contact Center Select | 7.0.2,7.0.3,7.1,7.1.1,7.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya Aura® Application Enablement Services | 8.1.3.2, 8.1.3.3, 10.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020551u](https://download.avaya.com/css/public/documents/101079386) | cisagov | 2021-12-14 |
| Avaya | Avaya Aura® Contact Center | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya Aura® Device Services | 8, 8.1, 8.1.4, 8.1.5 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya Aura® Device Services | 8.0.1, 8.0.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya Aura® Media Server | 8.0.0, 8.0.1, 8.0.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020549u](https://download.avaya.com/css/secure/documents/101079316) | cisagov | 2021-12-14 |
| Avaya | Avaya Aura® Presence Services | 10.1, 7.1.2, 8, 8.0.1, 8.0.2, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya Aura® Session Manager | 10.1, 7.1.3, 8, 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020550u](https://download.avaya.com/css/public/documents/101079384) | cisagov | 2021-12-14 |
| Avaya | Avaya Aura® System Manager | 10.1, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN005565u](https://download.avaya.com/css/secure/documents/101079390) | cisagov | 2021-12-14 |
| Avaya | Avaya Aura® Web Gateway | 3.11[P], 3.8.1[P], 3.8[P], 3.9.1 [P], 3.9[P] | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya Breeze™ | 3.7, 3.8, 3.8.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya Contact Center Select | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya CRM Connector - Connected Desktop | 2.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya Device Enablement Service | 3.1.22 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya Meetings | 9.1.10,9.1.11,9.1.12 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya Meetings | 9.1.10, 9.1.11, 9.1.12 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya one cloud private -UCaaS - Mid Market Aura | 1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya OneCloud-Private | 2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya Session Border Controller for Enterprise | 8.0.1,8.1,8.1.1,8.1.2,8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020554u](https://download.avaya.com/css/public/documents/101079394) | cisagov | 2021-12-14 |
| Avaya | Avaya Session Border Controller for Enterprise | 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020554u](https://download.avaya.com/css/public/documents/101079394) | cisagov | 2021-12-14 |
| Avaya | Avaya Social Media Hub | | | Unknown | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Avaya Workforce Engagement | 5.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Business Rules Engine | 3.4,3.5,3.6,3.7 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Callback Assist | 5,5.0.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Control Manager | 9.0.2,9.0.2.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Business Rules Engine | 3.4, 3.5, 3.6, 3.7 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Callback Assist | 5, 5.0.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Control Manager | 9.0.2, 9.0.2.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Device Enrollment Service | 3.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Equinox™ Conferencing | 9.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Interaction Center | 7.3.9 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | IP Office™ Platform | 11.0.4,11.1,11.1.1,11.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Proactive Outreach Manager | 3.1.2,3.1.3,4,4.0.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | IP Office™ Platform | 11.0.4, 11.1, 11.1.1, 11.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| Avaya | Proactive Outreach Manager | 3.1.2, 3.1.3, 4, 4.0.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | cisagov | 2021-12-14 |
| AVEPOINT | | | | Unknown | [link](https://www.avepoint.com/company/java-zero-day-vulnerability-notification) | | | cisagov | 2021-12-30 |
| AVM | | | | Unknown | [link](https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C) | | | cisagov | 2021-12-30 |
| AvTech RoomAlert | | | | Unknown | [link](https://avtech.com/articles/23124/java-exploit-room-alert-link/) | | | cisagov | 2021-12-30 |
@ -503,7 +503,7 @@ This list was initially populated using information from the following sources:
| Citrix | ShareFile Storage Zones Controller | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | cisagov | 2021-12-21 |
| Claris | | | | Unknown | [link](https://support.claris.com/s/article/CVE-2021-44228-Apache-Log4j-Vulnerability-and-Claris-products?language=en_US) | | | cisagov | 2021-12-30 |
| Cloudera | AM2CM Tool | | | Unknown | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Ambari | Only versions 2.x,1.x | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Ambari | Only versions 2.x, 1.x | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Arcadia Enterprise | Only version 7.1.x | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | CDH, HDP, and HDF | Only version 6.x | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | CDP Operational Database (COD) | | | Unknown | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
@ -514,7 +514,7 @@ This list was initially populated using information from the following sources:
| Cloudera | Cloudera Data Engineering (CDE) | | | Unknown | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Cloudera Data Engineering (CDE) | All versions | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Cloudera Data Flow (CFM) | | | Unknown | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Cloudera Data Science Workbench (CDSW) | Only versions 2.x,3.x | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Cloudera Data Science Workbench (CDSW) | Only versions 2.x, 3.x | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Cloudera Data Visualization (CDV) | | | Unknown | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Cloudera Data Warehouse (CDW) | | | Unknown | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Cloudera Data Warehouse (CDW) | All versions | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
@ -525,9 +525,9 @@ This list was initially populated using information from the following sources:
| Cloudera | Cloudera Machine Learning (CML) | | | Unknown | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Cloudera Machine Learning (CML) | All versions | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) | All versions | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) | Only versions 7.0.x,7.1.x,7.2.x | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) | Only versions 7.0.x, 7.1.x, 7.2.x | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Cloudera Manager (Including Backup Disaster Recovery (BDR)) | | | Unknown | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Cloudera Runtime (including Cloudera Data Hub and all Data Hub templates) | Only versions 7.0.x,7.1.x,7.2.x | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Cloudera Runtime (including Cloudera Data Hub and all Data Hub templates) | Only versions 7.0.x, 7.1.x, 7.2.x | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Cloudera Stream Processing (CSP) | All versions | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Cloudera Streaming Analytics (CSA) | | | Unknown | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Cloudera Streaming Analytics (CSA) | | | Unknown | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
@ -536,7 +536,7 @@ This list was initially populated using information from the following sources:
| Cloudera | Data Lifecycle Manager (DLM) | | | Unknown | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Data Steward Studio (DSS) | All versions | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Hortonworks Data Flow (HDF) | | | Unknown | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Hortonworks Data Platform (HDP) | Only versions 7.1.x,2.7.x,2.6.x | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Hortonworks Data Platform (HDP) | Only versions 7.1.x, 2.7.x, 2.6.x | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Hortonworks DataPlane Platform | | | Unknown | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Management Console | All versions | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
| Cloudera | Management Console for CDP Public Cloud | | | Unknown | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | cisagov | 2021-12-30 |
@ -552,7 +552,7 @@ This list was initially populated using information from the following sources:
| Cloudron | | | | Unknown | [link](https://forum.cloudron.io/topic/6153/log4j-and-log4j2-library-vulnerability?lang=en-US) | | | cisagov | 2021-12-30 |
| Clover | | | | Unknown | [link](https://community.clover.com/articles/35868/apache-log4j-vulnerability-cve-2021-44228.html) | | | cisagov | 2021-12-30 |
| Code42 | Code42 App | | 8.8.1 | Fixed | [link](https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates) | | | cisagov | 2021-12-22 |
| Code42 | Crashplan | | 8.8,possibly prior versions | Fixed | [link](https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates) | I think, they don't specify in the notice, but we know that they released an updated Crashplan client. Possibly prior versions affected. | | cisagov | 2021-12-16 |
| Code42 | Crashplan | | 8.8, possibly prior versions | Fixed | [link](https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates) | I think, they don't specify in the notice, but we know that they released an updated Crashplan client. Possibly prior versions affected. | | cisagov | 2021-12-16 |
| CodeBeamer | | | | Unknown | [link](https://codebeamer.com/cb/wiki/19872365) | | | cisagov | 2021-12-30 |
| Codesys | | | | Unknown | [link](https://www.codesys.com/news-events/news/article/log4j-not-used-in-codesys.html) | | | cisagov | 2021-12-30 |
| Cohesity | | | | Unknown | [link](https://support.cohesity.com/s/article/Security-Advisory-Apache-Log4j-Remote-Code-Execution-RCE-CVE-2021-44228) | | | cisagov | 2021-12-30 |
@ -586,7 +586,7 @@ This list was initially populated using information from the following sources:
| DarkTrace | | | | Unknown | [link](https://customerportal.darktrace.com/inside-the-soc/get-article/201) | | | cisagov | 2021-12-30 |
| Dassault Systèmes | | | | Unknown | [link](https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e) | | | cisagov | 2021-12-30 |
| Databricks | | | | Unknown | [link](https://docs.google.com/document/d/e/2PACX-1vREjwZk17BAHGwj5Phizi4DPFS9EIUbAMX-CswlgbFwqwKXNKZC8MrT-L6wUgfIChsSHtvd_QD3-659/pub) | | | cisagov | 2021-12-30 |
| Datadog | Datadog Agent | | >=6.17.0,<=6.32.2,>=7.17.0,<=7.32.2 | Fixed | [link](https://www.datadoghq.com/log4j-vulnerability/) | | | cisagov | 2021-12-30 |
| Datadog | Datadog Agent | | >=6.17.0, <=6.32.2, >=7.17.0, <=7.32.2 | Fixed | [link](https://www.datadoghq.com/log4j-vulnerability/) | | | cisagov | 2021-12-30 |
| Dataminer | | | | Unknown | [link](https://community.dataminer.services/responding-to-log4shell-vulnerability/) | | | cisagov | 2021-12-30 |
| Datev | | | | Unknown | [link](https://www.datev-community.de/t5/Freie-Themen/Log4-J-Schwachstelle/m-p/258185/highlight/true#M14308) | | | cisagov | 2021-12-30 |
| Datto | | | | Unknown | [link](https://www.datto.com/blog/dattos-response-to-log4shell) | | | cisagov | 2021-12-30 |
@ -915,12 +915,12 @@ This list was initially populated using information from the following sources:
| Elastic | Elastic Cloud on Kubernetes | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | cisagov | 2021-12-15 |
| Elastic | Elastic Endgame | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | cisagov | 2021-12-15 |
| Elastic | Elastic Maps Service | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | cisagov | 2021-12-15 |
| Elastic | Elasticsearch | 5,6,8 | | Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | cisagov | 2021-12-15 |
| Elastic | Elasticsearch | 5, 6, 8 | | Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | cisagov | 2021-12-15 |
| Elastic | Endpoint Security | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | cisagov | 2021-12-15 |
| Elastic | Enterprise Search | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | cisagov | 2021-12-15 |
| Elastic | Fleet Server | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | cisagov | 2021-12-15 |
| Elastic | Kibana | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | cisagov | 2021-12-15 |
| Elastic | Logstash | <6.8.21,<7.16.1 | | Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | cisagov | 2021-12-15 |
| Elastic | Logstash | <6.8.21, <7.16.1 | | Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | cisagov | 2021-12-15 |
| Elastic | Machine Learning | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | cisagov | 2021-12-15 |
| ElasticSearch | all products | | | Unknown | | | | cisagov | 2021-12-30 |
| Elastic | Swiftype | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | cisagov | 2021-12-15 |
@ -1056,7 +1056,7 @@ This list was initially populated using information from the following sources:
| Exabeam | | | | Unknown | [link](https://community.exabeam.com/s/discussions?t=1639379479381) | This advisory is available to customers only and has not been reviewed by CISA | | cisagov | 2021-12-30 |
| Exact | | | | Unknown | [link](https://www.exact.com/news/general-statement-apache-leak) | | | cisagov | 2021-12-30 |
| Exivity | | | | Unknown | [link](https://docs.exivity.com/getting-started/releases/announcements#announcement-regarding-cve-2021-44228) | | | cisagov | 2021-12-30 |
| ExtraHop | Reveal(x) | <=8.4.6,<=8.5.3,<=8.6.4 | | Affected | [link](https://forums.extrahop.com/t/extrahop-update-on-log4shell/8148) | Versions >8.4.7, >8.5.4, >8.6.5 and >=8.7 are fixed. | | cisagov | 2021-12-21 |
| ExtraHop | Reveal(x) | <=8.4.6, <=8.5.3, <=8.6.4 | | Affected | [link](https://forums.extrahop.com/t/extrahop-update-on-log4shell/8148) | Versions >8.4.7, >8.5.4, >8.6.5 and >=8.7 are fixed. | | cisagov | 2021-12-21 |
| eXtreme Hosting | | | | Unknown | [link](https://extremehosting.nl/log4shell-log4j/) | | | cisagov | 2021-12-30 |
| Extreme Networks | | | | Unknown | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | cisagov | 2021-12-30 |
| Extron | | | | Unknown | [link](https://www.extron.com/featured/Security-at-Extron/extron-security) | | | cisagov | 2021-12-30 |
@ -1076,7 +1076,7 @@ This list was initially populated using information from the following sources:
| F5 | NGINX Plus | | | Not Affected | [link](https://support.f5.com/csp/article/K19026212) | | | cisagov | 2021-12-30 |
| F5 | NGINX Service Mesh | | | Not Affected | [link](https://support.f5.com/csp/article/K19026212) | | | cisagov | 2021-12-30 |
| F5 | NGINX Unit | | | Not Affected | [link](https://support.f5.com/csp/article/K19026212) | | | cisagov | 2021-12-30 |
| F5 | Traffix SDC | 5.x (5.2.0 CF1,5.1.0 CF-30 - 5.1.0 CF-33) | | Affected | [link](https://support.f5.com/csp/article/K19026212) | Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + Kibana), Element Management System | | cisagov | 2021-12-30 |
| F5 | Traffix SDC | 5.x (5.2.0 CF1, 5.1.0 CF-30 - 5.1.0 CF-33) | | Affected | [link](https://support.f5.com/csp/article/K19026212) | Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + Kibana), Element Management System | | cisagov | 2021-12-30 |
| FAST LTA | | | | Unknown | [link](https://blog.fast-lta.de/en/log4j2-vulnerability) | | | cisagov | 2021-12-30 |
| Fastly | | | | Unknown | [link](https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j) | | | cisagov | 2021-12-30 |
| FedEx | Ship Manager Software | Unknown | | Affected | [link](https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4) | Note: FedEx is aware of the issue related to the Log4j Remote Code Execution vulnerability affecting various Apache products. We are actively assessing the situation and taking necessary action as appropriate. As a result, we are temporarily unable to provide a link to download the FedEx Ship Manager software or generate product keys needed for registration of FedEx Ship Manager software. We are working to have this resolved as quickly as possible and apologize for the inconvenience. For related questions or the most updated information, customers should check FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. | | cisagov | 2021-12-15 |
@ -1323,7 +1323,7 @@ This list was initially populated using information from the following sources:
| HCL Software | BigFix Mobile | | | Not Affected | [link](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | Not Affected for related CVE-2021-45046 | | cisagov | 2021-12-15 |
| HCL Software | BigFix Patch | | | Not Affected | [link](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | Not Affected for related CVE-2021-45046 | | cisagov | 2021-12-15 |
| HelpSystems Clearswift | | | | Unknown | [link](https://community.helpsystems.com/kb-nav/kb-article/?id=37becc1c-255c-ec11-8f8f-6045bd006687) | | | cisagov | 2021-12-30 |
| HENIX | Squash TM | | 1.21.7 - 1.22.9,2.0.3 - 2.1.5,2.2.0 - 3.0.2 | Fixed | [link](https://tm-en.doc.squashtest.com/v3/downloads.html#download-previous-versions) | | | cisagov | 2021-12-23 |
| HENIX | Squash TM | | 1.21.7 - 1.22.9, 2.0.3 - 2.1.5, 2.2.0 - 3.0.2 | Fixed | [link](https://tm-en.doc.squashtest.com/v3/downloads.html#download-previous-versions) | | | cisagov | 2021-12-23 |
| Hexagon | | | | Unknown | [link](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2?language=en_US) | | | cisagov | 2021-12-30 |
| Hikvision | | | | Unknown | [link](https://video.xortec.de/media/pdf/87/e8/03/kw50_Update-for-Apache-Log4j2-Issue-Hikvision_official.pdf) | | | cisagov | 2021-12-30 |
| Hitachi Energy | eSOMS | | | Unknown | [link](https://www.hitachienergy.com/offering/solutions/cybersecurity/alerts-and-notifications) | | | cisagov | 2021-12-30 |
@ -1478,7 +1478,7 @@ This list was initially populated using information from the following sources:
| HP | Teradici Cloud Access Controller | | < v113 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | cisagov | 2021-12-17 |
| HP | Teradici EMSDK | | < 1.0.6 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | cisagov | 2021-12-17 |
| HP | Teradici Management Console | | < 21.10.3 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | cisagov | 2021-12-17 |
| HP | Teradici PCoIP Connection Manager | | < 21.03.6,< 20.07.4 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | cisagov | 2021-12-17 |
| HP | Teradici PCoIP Connection Manager | | < 21.03.6, < 20.07.4 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | cisagov | 2021-12-17 |
| HP | Teradici PCoIP License Server | | | Unknown | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | cisagov | 2021-12-17 |
| Huawei | | | | Unknown | [link](https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en) | | | cisagov | 2021-12-30 |
| Hubspot | | | | Unknown | [link](https://community.hubspot.com/t5/APIs-Integrations/Log4J-day-zero-exploit-CVE-2021-44228/td-p/541949) | | | cisagov | 2021-12-30 |
@ -1717,7 +1717,7 @@ This list was initially populated using information from the following sources:
| Internet Systems Consortium(ISC) | ISC DHCP, aka dhcpd | | | Not Affected | [link](https://www.isc.org/blogs/2021-log4j/) | no JAVA Code | | cisagov | 2021-12-17 |
| Internet Systems Consortium(ISC) | Kea DHCP | | | Not Affected | [link](https://www.isc.org/blogs/2021-log4j/) | no JAVA Code | | cisagov | 2021-12-17 |
| InterSystems | | | | Unknown | [link](https://www.intersystems.com/gt/apache-log4j2/) | | | cisagov | 2021-12-30 |
| Intland | codebeamer | <= 20.11-SP11,<= 21.09-SP3 | | Affected | [link](https://codebeamer.com/cb/wiki/19872365) | A fix has been released for [20.11](https://codebeamer.com/cb/wiki/13134438) and [21.09](https://codebeamer.com/cb/wiki/19418497), but not yet for [21.04](https://codebeamer.com/cb/wiki/16937839) | | cisagov | 2021-12-30 |
| Intland | codebeamer | <= 20.11-SP11, <= 21.09-SP3 | | Affected | [link](https://codebeamer.com/cb/wiki/19872365) | A fix has been released for [20.11](https://codebeamer.com/cb/wiki/13134438) and [21.09](https://codebeamer.com/cb/wiki/19418497), but not yet for [21.04](https://codebeamer.com/cb/wiki/16937839) | | cisagov | 2021-12-30 |
| IPRO | Netgovern | | | Unknown | | | | cisagov | 2021-12-30 |
| iRedMail | | | | Unknown | [link](https://forum.iredmail.org/topic18605-log4j-cve202144228.html) | | | cisagov | 2021-12-30 |
| Ironnet | | | | Unknown | [link](https://www.ironnet.com/blog/ironnet-security-notifications-related-to-log4j-vulnerability) | | | cisagov | 2021-12-30 |
@ -1890,7 +1890,7 @@ This list was initially populated using information from the following sources:
| LogicMonitor | LogicMonitor Platform | | | Unknown | [link](https://www.logicmonitor.com/support/log4shell-security-vulnerability-cve-2021-44228) | | | cisagov | 2021-12-30 |
| LogMeIn | | | | Unknown | [link](https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327) | | | cisagov | 2021-12-30 |
| LogRhythm | | | | Unknown | [link](https://community.logrhythm.com/t5/Product-Security/LogRhythm-Response-to-the-Apache-Log4J-Vulnerability-Log4Shell/td-p/494068) | | | cisagov | 2021-12-30 |
| Looker | Looker | 21.0,21.6,21.12,21.16,21.18,21.20 | | Affected | [link](https://docs.google.com/document/d/e/2PACX-1vQGN1AYNMHxsRQ9AZNu1bKyTGRUSK_9xkQBge-nu4p8PYvBKIYHhc3914KTfVtDFIXtDhc3k6SZnR2M/pub) | | | cisagov | 2021-12-30 |
| Looker | Looker | 21.0, 21.6, 21.12, 21.16, 21.18, 21.20 | | Affected | [link](https://docs.google.com/document/d/e/2PACX-1vQGN1AYNMHxsRQ9AZNu1bKyTGRUSK_9xkQBge-nu4p8PYvBKIYHhc3914KTfVtDFIXtDhc3k6SZnR2M/pub) | | | cisagov | 2021-12-30 |
| LucaNet | | | | Unknown | [link](https://www.lucanet.com/en/blog/update-vulnerability-log4j) | | | cisagov | 2021-12-30 |
| Lucee | | | | Unknown | [link](https://dev.lucee.org/t/lucee-is-not-affected-by-the-log4j-jndi-exploit-cve-2021-44228/9331/4) | | | cisagov | 2021-12-30 |
| Lyrasis | Fedora Repository | | | Not Affected | [link](https://groups.google.com/g/fedora-tech/c/dQMQ5jaX8Xo) | Fedora Repository is unaffiliated with Fedora Linux. Uses logback and explicitly excludes log4j. | | cisagov | 2021-12-14 |
@ -1971,7 +1971,7 @@ This list was initially populated using information from the following sources:
| MobileIron | Core | All Versions | | Affected | [link](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | cisagov | 2021-12-20 |
| MobileIron | Core Connector | All Versions | | Affected | [link](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | cisagov | 2021-12-20 |
| MobileIron | Reporting Database (RDB) | All Versions | | Affected | [link](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | cisagov | 2021-12-20 |
| MobileIron | Sentry | 9.13,9.14 | | Affected | [link](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | cisagov | 2021-12-20 |
| MobileIron | Sentry | 9.13, 9.14 | | Affected | [link](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | cisagov | 2021-12-20 |
| MongoDB | All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | cisagov | 2021-12-30 |
| MongoDB | MongoDB Atlas Search | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | cisagov | 2021-12-30 |
| MongoDB | MongoDB Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators) | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | cisagov | 2021-12-30 |
@ -1986,11 +1986,11 @@ This list was initially populated using information from the following sources:
| Mulesoft | Anypoint Studio | 7.x | | Affected | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to account holders only and has not been reviewed by CISA. | | cisagov | 2021-12-15 |
| Mulesoft | Cloudhub | | | Unknown | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to account holders only and has not been reviewed by CISA. | | cisagov | 2021-12-15 |
| Mulesoft | Mule Agent | 6.x | | Affected | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to account holders only and has not been reviewed by CISA. | | cisagov | 2021-12-15 |
| Mulesoft | Mule Runtime | 3.x,4.x | | Affected | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to account holders only and has not been reviewed by CISA. | | cisagov | 2021-12-15 |
| Mulesoft | Mule Runtime | 3.x, 4.x | | Affected | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to account holders only and has not been reviewed by CISA. | | cisagov | 2021-12-15 |
| N-able | | | | Unknown | [link](https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability) | | | cisagov | 2021-12-30 |
| Nagios | | | | Unknown | [link](https://www.nagios.com/news/2021/12/update-on-apache-log4j-vulnerability/) | | | cisagov | 2021-12-30 |
| NAKIVO | | | | Unknown | [link](https://forum.nakivo.com/index.php?/topic/7574-log4j-cve-2021-44228/&do=findComment&comment=9145) | | | cisagov | 2021-12-30 |
| Neo4j | Neo4j Graph Database | Version >4.2,<4..2.12 | | Affected | | | | cisagov | 2021-12-13 |
| Neo4j | Neo4j Graph Database | Version >4.2, <4..2.12 | | Affected | | | | cisagov | 2021-12-13 |
| Netapp | Multiple NetApp products | | | Unknown | [link](https://security.netapp.com/advisory/ntap-20211210-0007/) | | | cisagov | 2021-12-30 |
| Netcup | | | | Unknown | [link](https://www.netcup-news.de/2021/12/14/pruefung-log4j-sicherheitsluecken-abgeschlossen/) | | | cisagov | 2021-12-30 |
| NetGate PFSense | | | | Unknown | [link](https://forum.netgate.com/topic/168417/java-log4j-vulnerability-is-pfsense-affected/35) | | | cisagov | 2021-12-30 |
@ -2021,7 +2021,7 @@ This list was initially populated using information from the following sources:
| Nutanix | Collector Portal | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | cisagov | 2021-12-20 |
| Nutanix | Data Lens | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | cisagov | 2021-12-20 |
| Nutanix | Era | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | cisagov | 2021-12-20 |
| Nutanix | File Analytics | 2.1.x,2.2.x,3.0+ | | Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Mitigated in version 3.0.1 which is available on the Portal for download. Mitigation is available [here](https://portal.nutanix.com/kb/12499) | | cisagov | 2021-12-20 |
| Nutanix | File Analytics | 2.1.x, 2.2.x, 3.0+ | | Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Mitigated in version 3.0.1 which is available on the Portal for download. Mitigation is available [here](https://portal.nutanix.com/kb/12499) | | cisagov | 2021-12-20 |
| Nutanix | Files | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | cisagov | 2021-12-20 |
| Nutanix | Flow | | | Not Affected | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | | | cisagov | 2021-12-20 |
| Nutanix | Flow Security Cental | | | Unknown | [link](https://download.nutanix.com/alerts/Security_Advisory_0023.pdf) | Saas-Based Procuct. See Advisory. | | cisagov | 2021-12-20 |
@ -2068,7 +2068,7 @@ This list was initially populated using information from the following sources:
| OpenSearch | | | | Unknown | [link](https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950) | | | cisagov | 2021-12-30 |
| OpenText | | | | Unknown | [link](https://www.opentext.com/support/log4j-remote-code-execution-advisory) | | | cisagov | 2021-12-23 |
| Oracle | | | | Unknown | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | The support document is available to customers only and has not been reviewed by CISA | | cisagov | 2021-12-17 |
| Oracle | Enterprise Manager | 13.5,13.4 & 13.3.2 | | Affected | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | Patch status and other security guidance is restricted to Oracle account/support members. The support document is available to customers only and has not been reviewed by CISA. | | cisagov | 2021-12-17 |
| Oracle | Enterprise Manager | 13.5, 13.4 & 13.3.2 | | Affected | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | Patch status and other security guidance is restricted to Oracle account/support members. The support document is available to customers only and has not been reviewed by CISA. | | cisagov | 2021-12-17 |
| Oracle | Exadata | <21.3.4 | | Affected | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | Patch status and other security guidance is restricted to Oracle account/support members. The support document is available to customers only and has not been reviewed by CISA. | | cisagov | 2021-12-17 |
| Orgavision | | | | Unknown | [link](https://www.orgavision.com/neuigkeiten/sicherheitsluecke-java-library-log4j) | | | cisagov | 2021-12-30 |
| Osirium | PAM | | | Unknown | [link](https://www.osirium.com/blog/apache-log4j-vulnerability) | | | cisagov | 2021-12-30 |
@ -2080,10 +2080,10 @@ This list was initially populated using information from the following sources:
| OxygenXML | Author | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | cisagov | 2021-12-17 |
| OxygenXML | Developer | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | cisagov | 2021-12-17 |
| OxygenXML | Editor | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | cisagov | 2021-12-17 |
| OxygenXML | Oxygen Content Fusion | 2.0,3.0,4.1 | | Affected | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | cisagov | 2021-12-17 |
| OxygenXML | Oxygen Content Fusion | 2.0, 3.0, 4.1 | | Affected | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | cisagov | 2021-12-17 |
| OxygenXML | Oxygen Feedback Enterprise | 1.4.4 & older | | Affected | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | cisagov | 2021-12-17 |
| OxygenXML | Oxygen License Server | v22.1 to v24.0 | | Affected | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | cisagov | 2021-12-17 |
| OxygenXML | Oxygen PDF Chemistry | v22.1,23.0,23.1,24.0 | | Affected | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | cisagov | 2021-12-17 |
| OxygenXML | Oxygen PDF Chemistry | v22.1, 23.0, 23.1, 24.0 | | Affected | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | cisagov | 2021-12-17 |
| OxygenXML | Oxygen SDK | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | cisagov | 2021-12-17 |
| OxygenXML | Plugins (see advisory link) | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | cisagov | 2021-12-17 |
| OxygenXML | Publishing Engine | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | cisagov | 2021-12-17 |
@ -2105,7 +2105,7 @@ This list was initially populated using information from the following sources:
| Palo-Alto Networks | IoT Security | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | cisagov | 2021-12-30 |
| Palo-Alto Networks | Okyo Grade | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | cisagov | 2021-12-30 |
| Palo-Alto Networks | Palo-Alto Networks-OS for Firewall and Wildfire | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | cisagov | 2021-12-30 |
| Palo-Alto Networks | Palo-Alto Networks-OS for Panorama | 9.0,9.1,10.0 | | Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will be updated when hot fixes for the affected Panorama versions are available. PAN-OS for Panorama versions 8.1, 10.1 are not affected. | cisagov | 2021-12-15 |
| Palo-Alto Networks | Palo-Alto Networks-OS for Panorama | 9.0, 9.1, 10.0 | | Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will be updated when hot fixes for the affected Panorama versions are available. PAN-OS for Panorama versions 8.1, 10.1 are not affected. | cisagov | 2021-12-15 |
| Palo-Alto Networks | Prisma Access | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | cisagov | 2021-12-30 |
| Palo-Alto Networks | Prisma Cloud | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | cisagov | 2021-12-30 |
| Palo-Alto Networks | Prisma Cloud Compute | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | cisagov | 2021-12-30 |
@ -2158,8 +2158,8 @@ This list was initially populated using information from the following sources:
| Proxmox | | | | Unknown | [link](https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880) | | | cisagov | 2021-12-30 |
| PRTG Paessler | | | | Unknown | [link](https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228) | | | cisagov | 2021-12-30 |
| PTC | Axeda Platform | 6.9.2 | | Affected | [link](https://www.ptc.com/en/support/article/CS358990) | | | cisagov | 2021-12-17 |
| PTC | ThingsWorx Analytics | 8.5,9.0,9.1,9.2,All supported versions | | Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | cisagov | 2021-12-17 |
| PTC | ThingsWorx Platform | 8.5,9.0,9.1,9.2,All supported versions | | Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | cisagov | 2021-12-17 |
| PTC | ThingsWorx Analytics | 8.5, 9.0, 9.1, 9.2, All supported versions | | Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | cisagov | 2021-12-17 |
| PTC | ThingsWorx Platform | 8.5, 9.0, 9.1, 9.2, All supported versions | | Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | cisagov | 2021-12-17 |
| PTV Group | | | | Unknown | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | cisagov | 2021-12-30 |
| Pulse Secure | Ivanti Connect Secure (ICS) | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | cisagov | 2021-12-30 |
| Pulse Secure | Ivanti Neurons for secure Access | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | cisagov | 2021-12-30 |
@ -2177,9 +2177,9 @@ This list was initially populated using information from the following sources:
| Pulse Secure | Pulse ZTA | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | cisagov | 2021-12-30 |
| Puppet | | | | Unknown | [link](https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/) | | | cisagov | 2021-12-30 |
| Pure Storage | | | | Unknown | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22)) | This advisory is available for customers only and has not been reviewed by CISA | | cisagov | 2021-12-30 |
| Pure Storage | Cloud Blockstore | CBS6.1.x,CBS6.2.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | Patch expected 12/27/2021 | | cisagov | 2021-12-15 |
| Pure Storage | Flash Array | 5.3.x,6.0.x,6.1.x,6.2.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | Patch expected 12/20/2021 | | cisagov | 2021-12-15 |
| Pure Storage | FlashBlade | 3.1.x,3.2.x,3.3.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | Patch expected 12/24/2021 | | cisagov | 2021-12-15 |
| Pure Storage | Cloud Blockstore | CBS6.1.x, CBS6.2.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | Patch expected 12/27/2021 | | cisagov | 2021-12-15 |
| Pure Storage | Flash Array | 5.3.x, 6.0.x, 6.1.x, 6.2.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | Patch expected 12/20/2021 | | cisagov | 2021-12-15 |
| Pure Storage | FlashBlade | 3.1.x, 3.2.x, 3.3.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | Patch expected 12/24/2021 | | cisagov | 2021-12-15 |
| Pure Storage | PortWorx | 2.8.0+ | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | | | cisagov | 2021-12-15 |
| Pure Storage | Pure1 | | N/A | Fixed | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | | | cisagov | 2021-12-15 |
| Pyramid Analytics | | | | Unknown | [link](https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid) | | | cisagov | 2021-12-30 |
@ -2227,7 +2227,7 @@ This list was initially populated using information from the following sources:
| Real-Time Innovations (RTI) | RTI Administration Console | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | cisagov | 2021-12-16 |
| Real-Time Innovations (RTI) | RTI Code Generator | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | cisagov | 2021-12-16 |
| Real-Time Innovations (RTI) | RTI Code Generator Server | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | cisagov | 2021-12-16 |
| Real-Time Innovations (RTI) | RTI Micro Application Generator (MAG) | as part of RTI Connext Micro 3.0.0,3.0.1,3.0.2,3.0.3 | | Affected | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | cisagov | 2021-12-16 |
| Real-Time Innovations (RTI) | RTI Micro Application Generator (MAG) | as part of RTI Connext Micro 3.0.0, 3.0.1, 3.0.2, 3.0.3 | | Affected | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | cisagov | 2021-12-16 |
| Real-Time Innovations (RTI) | RTI Micro Application Generator (MAG) | as part of RTI Connext Professional 6.0.0 and 6.0.1 | | Affected | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | cisagov | 2021-12-16 |
| Real-Time Innovations (RTI) | RTI Monitor | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | cisagov | 2021-12-16 |
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-elasticsearch5 | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5094](http://access.redhat.com/errata/RHSA-2021:5094) | | cisagov | 2021-12-21 |
@ -2272,10 +2272,10 @@ This list was initially populated using information from the following sources:
| Riverbed | | | | Unknown | [link](https://supportkb.riverbed.com/support/index?page=content&id=S35645) | | | cisagov | 2021-12-30 |
| Rockwell Automation | FactoryTalk Analytics DataFlowML | 4.00.00 | | Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | cisagov | 2021-12-15 |
| Rockwell Automation | FactoryTalk Analytics DataView | 3.03.00 | | Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | cisagov | 2021-12-15 |
| Rockwell Automation | Industrial Data Center | | Gen 1,Gen 2,Gen 3,Gen 3.5 | Fixed | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | cisagov | 2021-12-15 |
| Rockwell Automation | Industrial Data Center | | Gen 1, Gen 2, Gen 3, Gen 3.5 | Fixed | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | cisagov | 2021-12-15 |
| Rockwell Automation | MES EIG | 3.03.00 | | Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | Customers should upgrade to EIG Hub if possible or work with their local representatives about alternative solutions. | | cisagov | 2021-12-15 |
| Rockwell Automation | VersaVirtual | | Series A | Fixed | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | cisagov | 2021-12-15 |
| Rockwell Automation | Warehouse Management | 4.01.00,4.02.00,4.02.01,4.02.02 | | Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | cisagov | 2021-12-15 |
| Rockwell Automation | Warehouse Management | 4.01.00, 4.02.00, 4.02.01, 4.02.02 | | Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | cisagov | 2021-12-15 |
| Rollbar | | | | Unknown | [link](https://rollbar.com/blog/log4j-zero-day-2021-log4shell/) | | | cisagov | 2021-12-30 |
| Rosette.com | | | | Unknown | [link](https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability) | | | cisagov | 2021-12-30 |
| R | R | | | Not Affected | [link](https://www.r-project.org/) | | | cisagov | 2021-12-21 |
@ -2427,7 +2427,7 @@ This list was initially populated using information from the following sources:
| Snowflake | | | | Unknown | [link](https://community.snowflake.com/s/article/No-Snowflake-exposure-to-Apache-Log4j-vulnerability-CVE-2021-44228) | | | cisagov | 2021-12-30 |
| Snyk | Cloud Platform | | | Unknown | [link](https://updates.snyk.io/snyk%27s-cloud-platform-all-clear-from-log4j-exploits-216499) | | | cisagov | 2021-12-30 |
| Software AG | | | | Unknown | [link](https://tech.forums.softwareag.com/t/log4j-zero-day-vulnerability/253849) | | | cisagov | 2021-12-30 |
| SolarWinds | Database Performance Analyzer (DPA) | 2021.1.x,2021.3.x,2022.1.x | | Affected | [link](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228) | For more information, please see the following KB article: [link](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US) | | cisagov | 2021-12-23 |
| SolarWinds | Database Performance Analyzer (DPA) | 2021.1.x, 2021.3.x, 2022.1.x | | Affected | [link](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228) | For more information, please see the following KB article: [link](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US) | | cisagov | 2021-12-23 |
| SolarWinds | Orion Platform | | | Unknown | [link](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228) | | | cisagov | 2021-12-23 |
| SolarWinds | Server & Application Monitor (SAM) | SAM 2020.2.6 and later | | Affected | [link](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228) | For more information, please see the following KB article for the latest details specific to the SAM hotfix: [link](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US) | | cisagov | 2021-12-23 |
| SonarSource | | | | Unknown | [link](https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721) | | | cisagov | 2021-12-30 |
@ -2465,9 +2465,9 @@ This list was initially populated using information from the following sources:
| SOS Berlin | | | | Unknown | [link](https://www.sos-berlin.com/en/news-mitigation-log4j-vulnerability) | | | cisagov | 2021-12-30 |
| Spambrella | | | | Unknown | [link](https://www.spambrella.com/faq/status-of-spambrella-products-with-cve-2021-44228/) | | | cisagov | 2021-12-30 |
| Spigot | | | | Unknown | [link](https://www.spigotmc.org/threads/spigot-security-releases-%E2%80%94-1-8-8%E2%80%931-18.537204/) | | | cisagov | 2021-12-30 |
| Splunk | Data Stream Processor | DSP 1.0.x,DSP 1.1.x,DSP 1.2.x | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | cisagov | 2021-12-30 |
| Splunk | IT Essentials Work [App ID 5403](https://splunkbase.splunk.com/app/5403/) | 4.11,4.10.x (Cloud only),4.9.x | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | cisagov | 2021-12-30 |
| Splunk | IT Service Intelligence (ITSI) [App ID 1841](https://splunkbase.splunk.com/app/1841/) | 4.11.0,4.10.x (Cloud only),4.9.x,4.8.x (Cloud only),4.7.x,4.6.x,4.5.x | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | cisagov | 2021-12-30 |
| Splunk | Data Stream Processor | DSP 1.0.x, DSP 1.1.x, DSP 1.2.x | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | cisagov | 2021-12-30 |
| Splunk | IT Essentials Work [App ID 5403](https://splunkbase.splunk.com/app/5403/) | 4.11, 4.10.x (Cloud only), 4.9.x | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | cisagov | 2021-12-30 |
| Splunk | IT Service Intelligence (ITSI) [App ID 1841](https://splunkbase.splunk.com/app/1841/) | 4.11.0, 4.10.x (Cloud only), 4.9.x, 4.8.x (Cloud only), 4.7.x, 4.6.x, 4.5.x | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | cisagov | 2021-12-30 |
| Splunk | Splunk Add-On for Java Management Extensions [App ID 2647](https://splunkbase.splunk.com/app/2647) | 5.2.0 and older | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | cisagov | 2021-12-30 |
| Splunk | Splunk Add-On for Tomcat [App ID 2911](https://splunkbase.splunk.com/app/2911/) | 3.0.0 and older | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | cisagov | 2021-12-30 |
| Splunk | Splunk Application Performance Monitoring | Current | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | cisagov | 2021-12-30 |
@ -2484,7 +2484,7 @@ This list was initially populated using information from the following sources:
| Splunk | Splunk Real User Monitoring | Current | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | cisagov | 2021-12-30 |
| Splunk | Splunk Splunk Add-On for JBoss [App ID 2954](https://splunkbase.splunk.com/app/2954/) | 3.0.0 and older | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | cisagov | 2021-12-30 |
| Splunk | Splunk Synthetics | Current | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | cisagov | 2021-12-30 |
| Splunk | Splunk UBA OVA Software | 5.0.3a,5.0.0 | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | cisagov | 2021-12-30 |
| Splunk | Splunk UBA OVA Software | 5.0.3a, 5.0.0 | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | cisagov | 2021-12-30 |
| Splunk | Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) | 1.1.1 and older | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | cisagov | 2021-12-30 |
| Sprecher Automation | | | | Unknown | [link](https://www.sprecher-automation.com/en/it-security/security-alerts) | | | cisagov | 2021-12-30 |
| Spring Boot | | | | Unknown | [link](https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot) | | | cisagov | 2021-12-30 |
@ -2564,12 +2564,12 @@ This list was initially populated using information from the following sources:
| Syntevo | | | | Unknown | [link](https://www.syntevo.com/blog/?p=5240) | | | cisagov | 2021-12-30 |
| SysAid | | | | Unknown | [link](https://www.sysaid.com/lp/important-update-regarding-apache-log4j) | | | cisagov | 2021-12-30 |
| Sysdig | | | | Unknown | [link](https://sysdig.com/blog/cve-critical-vulnerability-log4j/) | | | cisagov | 2021-12-30 |
| Tableau | Tableau Bridge | The following versions and lower: 20214.21.1109.1748,20213.21.1112.1434,20212.21.0818.1843,20211.21.0617.1133,20204.21.0217.1203,20203.20.0913.2112,20202.20.0721.1350,20201.20.0614.2321,20194.20.0614.2307,20193.20.0614.2306,20192.19.0917.1648,20191.19.0402.1911,20183.19.0115.1143 | | Affected | [link](https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell) | | | cisagov | 2021-12-22 |
| Tableau | Tableau Desktop | The following versions and lower: 2021.4,2021.3.4,2021.2.5,2021.1.8,2020.4.11,2020.3.14,2020.2.19,2020.1.22,2019.4.25,2019.3.26,2019.2.29,2019.1.29,2018.3.29 | | Affected | [link](https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell) | | | cisagov | 2021-12-22 |
| Tableau | Tableau Prep Builder | The following versions and lower: 22021.4.1,2021.3.2,2021.2.2,2021.1.4,2020.4.1,2020.3.3,2020.2.3,2020.1.5,2019.4.2,2019.3.2,2019.2.3,2019.1.4,2018.3.3 | | Affected | [link](https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell) | | | cisagov | 2021-12-22 |
| Tableau | Tableau Bridge | The following versions and lower: 20214.21.1109.1748, 20213.21.1112.1434, 20212.21.0818.1843, 20211.21.0617.1133, 20204.21.0217.1203, 20203.20.0913.2112, 20202.20.0721.1350, 20201.20.0614.2321, 20194.20.0614.2307, 20193.20.0614.2306, 20192.19.0917.1648, 20191.19.0402.1911, 20183.19.0115.1143 | | Affected | [link](https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell) | | | cisagov | 2021-12-22 |
| Tableau | Tableau Desktop | The following versions and lower: 2021.4, 2021.3.4, 2021.2.5, 2021.1.8, 2020.4.11, 2020.3.14, 2020.2.19, 2020.1.22, 2019.4.25, 2019.3.26, 2019.2.29, 2019.1.29, 2018.3.29 | | Affected | [link](https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell) | | | cisagov | 2021-12-22 |
| Tableau | Tableau Prep Builder | The following versions and lower: 22021.4.1, 2021.3.2, 2021.2.2, 2021.1.4, 2020.4.1, 2020.3.3, 2020.2.3, 2020.1.5, 2019.4.2, 2019.3.2, 2019.2.3, 2019.1.4, 2018.3.3 | | Affected | [link](https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell) | | | cisagov | 2021-12-22 |
| Tableau | Tableau Public Desktop Client | The following versions and lower: 2021.4 | | Affected | [link](https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell) | | | cisagov | 2021-12-22 |
| Tableau | Tableau Reader | The following versions and lower: 2021.4 | | Affected | [link](https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell) | | | cisagov | 2021-12-22 |
| Tableau | Tableau Server | The following versions and lower: 2021.4,2021.3.4,2021.2.5,2021.1.8,2020.4.11,2020.3.14,2020.2.19,2020.1.22,2019.4.25,2019.3.26,2019.2.29,2019.1.29,2018.3.29 | | Affected | [link](https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell) | | | cisagov | 2021-12-22 |
| Tableau | Tableau Server | The following versions and lower: 2021.4, 2021.3.4, 2021.2.5, 2021.1.8, 2020.4.11, 2020.3.14, 2020.2.19, 2020.1.22, 2019.4.25, 2019.3.26, 2019.2.29, 2019.1.29, 2018.3.29 | | Affected | [link](https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell) | | | cisagov | 2021-12-22 |
| Talend | | | | Unknown | [link](https://jira.talendforge.org/browse/TCOMP-2054) | | | cisagov | 2021-12-30 |
| Tanium | All | | | Not Affected | [link](https://tanium.my.salesforce.com/sfc/p/#60000000IYkG/a/7V000000PeT8/8C98AHl7wP5_lpUwp3qmY5sSdwXx6wG6LE4gPYlxO8c) | Tanium does not use Log4j. | | cisagov | 2021-12-21 |
| TealiumIQ | | | | Unknown | [link](https://community.tealiumiq.com/t5/Announcements-Blog/Update-on-Log4j-Security-Vulnerability/ba-p/36824) | | | cisagov | 2021-12-30 |
@ -2725,41 +2725,41 @@ This list was initially populated using information from the following sources:
| Viso Trust | | | | Unknown | [link](https://blog.visotrust.com/viso-trust-statement-re-cve-2021-44228-log4j-a4b9b5767492) | | | cisagov | 2021-12-30 |
| VMware | API Portal for VMware Tanzu | 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | App Metrics | 2.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | Healthwatch for Tanzu Application Service | 2.x,1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | Healthwatch for Tanzu Application Service | 2.x, 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | Single Sign-On for VMware Tanzu Application Service | 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | Spring Cloud Gateway for Kubernetes | 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | Spring Cloud Gateway for VMware Tanzu | 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | Spring Cloud Services for VMware Tanzu | 3.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | vCenter Server - OVA | 7.x,6.7.x,6.5.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | [Workaround @ KB87081 (vmware.com)](https://kb.vmware.com/s/article/87081 ) | | cisagov | 2021-12-17 |
| VMware | vCenter Server - Windows | 6.7.x,6.5.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | [Workaround @ KB87096 (vmware.com)](https://kb.vmware.com/s/article/87096 ) | | cisagov | 2021-12-17 |
| VMware | vCenter Server - OVA | 7.x, 6.7.x, 6.5.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | [Workaround @ KB87081 (vmware.com)](https://kb.vmware.com/s/article/87081 ) | | cisagov | 2021-12-17 |
| VMware | vCenter Server - Windows | 6.7.x, 6.5.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | [Workaround @ KB87096 (vmware.com)](https://kb.vmware.com/s/article/87096 ) | | cisagov | 2021-12-17 |
| VMware | VMware Carbon Black Cloud Workload Appliance | 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Carbon Black EDR Server | 7.x,6.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Cloud Foundation | 4.x,3.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware HCX | 4.x,3.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Horizon | 8.x,7.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | [VMware KB 87073 (vmware.com)](https://kb.vmware.com/s/article/87073) | cisagov | 2021-12-17 |
| VMware | VMware Horizon Cloud Connector | 1.x,2.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Horizon DaaS | 9.1.x,9.0.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Carbon Black EDR Server | 7.x, 6.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Cloud Foundation | 4.x, 3.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware HCX | 4.x, 3.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Horizon | 8.x, 7.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | [VMware KB 87073 (vmware.com)](https://kb.vmware.com/s/article/87073) | cisagov | 2021-12-17 |
| VMware | VMware Horizon Cloud Connector | 1.x, 2.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Horizon DaaS | 9.1.x, 9.0.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Identity Manager | 3.3.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware NSX-T Data Centern | 3.x,2.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware NSX-T Data Centern | 3.x, 2.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Site Recovery Manager | 8.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Tanzu Application Service for VMs | 2.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Tanzu GemFire | 9.x,8.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Tanzu GemFire | 9.x, 8.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Tanzu Greenplum | 6.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Tanzu Kubernetes Grid Integrated Edition | 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Tanzu Observability by Wavefront Nozzle | 3.x,2.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Tanzu Observability by Wavefront Nozzle | 3.x, 2.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Tanzu Operations Manager | 2.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Tanzu SQL with MySQL for VMs | 2.x,1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Telco Cloud Automation | 2.x,1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Unified Access Gateway | 21.x,20.x,3.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Tanzu SQL with MySQL for VMs | 2.x, 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Telco Cloud Automation | 2.x, 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Unified Access Gateway | 21.x, 20.x, 3.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware vCenter Cloud Gateway | 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware vRealize Automation | 8.x,7.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware vRealize Automation | 8.x, 7.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware vRealize Lifecycle Manager | 8.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware vRealize Log Insight | 8.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware vRealize Operations | 8.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware vRealize Operations Cloud Proxy | Any | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware vRealize Orchestrator | 8.x,7.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Workspace ONE Access | 21.x,20.10.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Workspace ONE Access Connector (VMware Identity Manager Connector) | 21.x,20.10.x,19.03.0.1 | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware vRealize Orchestrator | 8.x, 7.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Workspace ONE Access | 21.x, 20.10.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| VMware | VMware Workspace ONE Access Connector (VMware Identity Manager Connector) | 21.x, 20.10.x, 19.03.0.1 | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | cisagov | 2021-12-12 |
| Vyaire | | | | Unknown | [link](https://www.vyaire.com/sites/us/files/2021-12/2021-12-15-product-security-bulletin-for-log4shell-vulnerability.pdf) | | | cisagov | 2021-12-22 |
| WAGO | WAGO Smart Script | 4.2.x < 4.8.1.3 | | Affected | [link](https://www.wago.com/de/automatisierungstechnik/psirt#log4j) | | | cisagov | 2021-12-17 |
| Wallarm | | | | Unknown | [link](https://lab.wallarm.com/cve-2021-44228-mitigation-update/) | | | cisagov | 2021-12-30 |
@ -2791,8 +2791,8 @@ This list was initially populated using information from the following sources:
| Xylem | Sensus FieldLogic LogServer | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | cisagov | 2021-12-22 |
| Xylem | Sensus Lighting Control | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | cisagov | 2021-12-22 |
| Xylem | Sensus NetMetrics Configuration change complete | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | cisagov | 2021-12-22 |
| Xylem | Sensus RNI On Prem | 4.7 through 4.10,4.4 through 4.6,4.2 | | Affected | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | cisagov | 2021-12-22 |
| Xylem | Sensus RNI Saas | 4.7 through 4.10,4.4 through 4.6,4.2 | | Affected | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | cisagov | 2021-12-22 |
| Xylem | Sensus RNI On Prem | 4.7 through 4.10, 4.4 through 4.6, 4.2 | | Affected | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | cisagov | 2021-12-22 |
| Xylem | Sensus RNI Saas | 4.7 through 4.10, 4.4 through 4.6, 4.2 | | Affected | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | cisagov | 2021-12-22 |
| Xylem | Sensus SCS | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | cisagov | 2021-12-22 |
| Xylem | Smart Irrigation | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | cisagov | 2021-12-22 |
| Xylem | Water Loss Management (Visenti) | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | cisagov | 2021-12-22 |

Write Preview
Loading…
Cancel
Save