mirror of
https://github.com/cisagov/log4j-affected-db.git
synced 2024-10-04 18:02:13 +00:00
Merge branch 'develop' into patch-1
This commit is contained in:
Firminator
GitHub
commit
edecabc468
1 changed files with 564 additions and 555 deletions
111
README.md
111
README.md
|
|
@ -62,8 +62,8 @@ This list was initially populated using information from the following sources:
|
|||
- Kevin Beaumont
|
||||
- SwitHak
|
||||
|
||||
| Vendor | Product | Version(s) | Status | Update available | Vendor link | Notes | Other References | Last Updated |
|
||||
| ------ | -------------------- | ---------- | ------ | ---------------- | ----------- | ----- | ---------------- | ------------ |
|
||||
| Vendor | Product | Version(s) | Status | Update Available | Vendor Link | Notes | Other References | Last Updated |
|
||||
| ------ | ------- | ---------- | ------ | ---------------- | ----------- | ----- | ---------------- | ------------ |
|
||||
| 1Password | 1Password | | Not affected | | [1Password public response on Reddit](https://www.reddit.com/r/1Password/comments/rea7dd/comment/hoe41ci) | | | 12/20/2021 |
|
||||
| 2n | | | | | [2n Advisory Link](https://www.2n.com/cs_CZ/novinky/produkty-2n-neohrozuje-zranitelnost-cve-2021-44228-komponenty-log4j-2) | | | |
|
||||
| 3CX | | | | | [3CX Community Thread Link](https://www.3cx.com/community/threads/log4j-vulnerability-cve-2021-44228.86436/#post-407911) | | | |
|
||||
|
|
@ -103,9 +103,9 @@ This list was initially populated using information from the following sources:
|
|||
| Amazon | EC2 | Amazon Linux 1 & 2 | Not Affected | | [Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | 12/15/2021 |
|
||||
| Amazon | OpenSearch | Unknown | Affected | Yes [(R20211203-P2)](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | [Apache Log4j2 Security Bulletin (CVE-2021-44228) (amazon.com)](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | |
|
||||
| Apache | Camel | 3.14.1.3.11.5,3.7.7 | Affected | Yes | [APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/)| Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4. | | 12/13/2021 |
|
||||
| Apache |Camel Quarkus||Not Affected|None|[APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/)|||12/13/2021|
|
||||
| Apache |Camel K||Not Affected|None|[APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/)|||12/13/2021|
|
||||
| Apache |CamelKafka Connector||Not Affected|None|[APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/)|||12/13/2021|
|
||||
| Apache | Camel Quarkus | | Not Affected | No | [APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/) | | | 12/13/2021 |
|
||||
| Apache | Camel K | | Not Affected | No | [APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/) | | | 12/13/2021 |
|
||||
| Apache | CamelKafka Connector | | Not Affected | No | [APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/) | | | 12/13/2021 |
|
||||
| Apache | Camel Karaf | | Affected | No | [APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/) | The Karaf team is aware of this and are working on a new Karaf 4.3.4 release with updated log4j. | | 12/13/2021 |
|
||||
| Apache | Camel JBang | <=3.1.4 | Affected | No | [APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/) | | | 12/13/2021 |
|
||||
| Apache | Camel 2 | | Not Affected | None | [APACHE CAMEL AND CVE-2021-44228 (LOG4J)](https://camel.apache.org/blog/2021/12/log4j2/) | | | 12/13/2021 |
|
||||
|
|
@ -526,15 +526,15 @@ This list was initially populated using information from the following sources:
|
|||
| Cohesity | | | | | [Cohesity Support Link](https://support.cohesity.com/s/article/Security-Advisory-Apache-Log4j-Remote-Code-Execution-RCE-CVE-2021-44228) | | | |
|
||||
| CommVault | | | | | [CommVault Documentation](https://documentation.commvault.com/v11/essential/146231_security_vulnerability_and_reporting.html) | | | |
|
||||
| ConcreteCMS.com | | | | | [ConcreteCMS.com Link](https://www.concretecms.com/about/blog/security/concrete-log4j-zero-day-exploit) | | | |
|
||||
|Confluent| Confluent Cloud|N/A|Fixed|N/A|[December 2021 Log4j Vulnerabilities Advisory](https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors)|||12/17/2021|
|
||||
| Confluent | Confluent Cloud | N/A | Fixed | | [December 2021 Log4j Vulnerabilities Advisory](https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors) | | | 12/17/2021 |
|
||||
| Confluent | Confluent Platform | <7.0.1 | Affected | Yes | [December 2021 Log4j Vulnerabilities Advisory](https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors) | | | 12/17/2021 |
|
||||
|Confluent| Confluent for Kubernetes|N/A|Not Affected|N/A|[December 2021 Log4j Vulnerabilities Advisory](https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors)|||12/17/2021|
|
||||
| Confluent | Confluent for Kubernetes | N/A | Not Affected | | [December 2021 Log4j Vulnerabilities Advisory](https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors) | | | 12/17/2021 |
|
||||
| Confluent | Confluent Kafka Connectors|N/A|Not Affected|N/A|[December 2021 Log4j Vulnerabilities Advisory](https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors)|||12/17/2021|
|
||||
| Confluent | Confluent ElasticSearch Sink Connector | <11.1.7 | Affected | Yes | [December 2021 Log4j Vulnerabilities Advisory](https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors) | | | 12/17/2021 |
|
||||
| Confluent | Confluent Google DataProc Sink Connector | <1.1.5 | Affected | Yes | [December 2021 Log4j Vulnerabilities Advisory](https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors) | | | 12/17/2021 |
|
||||
| Confluent | Confluent Splunk Sink Connector | <2.05 | Affected | Yes | [December 2021 Log4j Vulnerabilities Advisory](https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors) | | | 12/17/2021 |
|
||||
| Confluent | Confluent HDFS 2 Sink Connector | <10.1.3 | Affected | Yes | [December 2021 Log4j Vulnerabilities Advisory](https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors) | | | 12/17/2021 |
|
||||
|Confluent| Confluent HDFS 3 Sink Connector|<1.1.8|Affected|Affected|[December 2021 Log4j Vulnerabilities Advisory](https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors)|||12/17/2021|
|
||||
| Confluent | Confluent HDFS 3 Sink Connector | <1.1.8 | Affected | | [December 2021 Log4j Vulnerabilities Advisory](https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors) | | | 12/17/2021 |
|
||||
| Confluent | Confluent VMWare Tanzu GemFire Sink Connector | <1.0.8 | Affected | Yes | [December 2021 Log4j Vulnerabilities Advisory](https://support.confluent.io/hc/en-us/articles/4412615410580-CVE-2021-44228-log4j2-vulnerability#impact-to-connectors) | | | 12/17/2021 |
|
||||
| Connect2id | | | | | [Connect2id Blog Post](https://connect2id.com/blog/connect2id-server-12-5-1) | | | |
|
||||
| ConnectWise | | | | | [ConnectWise Advisory Link](https://www.connectwise.com/company/trust/advisories) | | | |
|
||||
|
|
@ -547,7 +547,6 @@ This list was initially populated using information from the following sources:
|
|||
| Crestron | | | Not Affected | | [Crestron Advisory](https://www.crestron.com/Security/Security_Advisories/Apache-Log4j) | | | 12/20/2021 |
|
||||
| CrushFTP | | | | | [CrushFTP Link](https://www.crushftp.com/download.html) | | | |
|
||||
| CryptShare | | | | | [Cryptshare Support Link](https://www.cryptshare.com/en/support/cryptshare-support/#c67572) | | | |
|
||||
| Cumul.io | | | | | [Cumul.io Status Link](https://status.cumul.io/#incidents) | | | |
|
||||
| CyberArk | Privileged Threat Analytics (PTA)| N/A | Fixed | Yes | [CyberArk Customer Force](https://cyberark-customers.force.com/s/article/Critical-Vulnerability-CVE-2021-44228) | | This advisory is available to customers only and has not been reviewed by CISA. |12/14/2021|
|
||||
| Cybereason | | | | | [Cybereason Blog Post](https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228) | | | |
|
||||
| CyberRes | | | | | [CyberRes Community Link](https://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44228) | | | |
|
||||
|
|
@ -622,7 +621,7 @@ This list was initially populated using information from the following sources:
|
|||
| Dell | Dell EMC OpenManage Integration for VMware vCenter | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021 |
|
||||
| Dell | Dell EMC OpenManage Management pack for vRealize Operations | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021 |
|
||||
| Dell | Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge Manager | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021 |
|
||||
| Dell | Dell EMC PowerMax VMAX VMAX3 and VMAX AFA | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021|
|
||||
| Dell | "Dell EMC PowerMax VMAX VMAX3 and VMAX AFA" | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021 |
|
||||
| Dell | Dell EMC PowerPath | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021 |
|
||||
| Dell | Dell EMC PowerPath Management Appliance | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021 |
|
||||
| Dell | Dell EMC PowerProtect Cyber Recovery | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021 |
|
||||
|
|
@ -630,7 +629,7 @@ This list was initially populated using information from the following sources:
|
|||
| Dell | Dell EMC PowerShell for PowerMax | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021 |
|
||||
| Dell | Dell EMC PowerShell for Powerstore | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021 |
|
||||
| Dell | Dell EMC PowerShell for Unity | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021 |
|
||||
| Dell | Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021|
|
||||
| Dell | "Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC" | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021 |
|
||||
| Dell | Dell EMC PowerVault ME4 Series Storage Arrays | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021 |
|
||||
| Dell | Dell EMC PowerVault MD3 Series Storage Arrays | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021 |
|
||||
| Dell | Dell EMC Repository Manager (DRM) | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021 |
|
||||
|
|
@ -722,7 +721,7 @@ This list was initially populated using information from the following sources:
|
|||
| Dell | Rugged Control Center (RCC) | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021 |
|
||||
| Dell | SD ROM Utility | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021 |
|
||||
| Dell | SDNAS | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021 |
|
||||
| Dell | Server Storage | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021|
|
||||
| Dell | """Server Storage""" | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021 |
|
||||
| Dell | Smart Fabric Storage Software | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021 |
|
||||
| Dell | SmartByte | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021 |
|
||||
| Dell | SMI-S | N/A | Not Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | 12/15/2021 |
|
||||
|
|
@ -754,21 +753,21 @@ This list was initially populated using information from the following sources:
|
|||
| Dell | Connectrix (Cisco MDS DCNM) | | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/23/21 | | 12/15/2021 |
|
||||
| Dell | Connectrix B-Series SANnav | 2.1.1 | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 3/31/2022 | | 12/15/2021 |
|
||||
| Dell | Data Domain OS | Versions between 7.3.0.5 and 7.7.0.6;Versions before 7.6.0.30 | Affected | Yes | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-274 | | 12/15/2021 |
|
||||
| Dell | Dell EMC Avamar | 18.2, 19.1, 19.2, 19.3, 19.4 | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21| | 12/15/2021|
|
||||
| Dell | Dell EMC Avamar | "18.2 19.1 19.2 19.3 19.4" | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | | 12/15/2021 |
|
||||
| Dell | Dell EMC BSN Controller Node | | Affected | Yes | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-305 | | 12/15/2021 |
|
||||
| Dell | Dell EMC Cloud Disaster Recovery | N/A | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | 12/15/2021 |
|
||||
| Dell | Dell EMC Data Protection Central | | Affected | | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021- 269 | | 12/15/2021 |
|
||||
| Dell | Dell EMC Data Protection Search | Versions before 19.5.0.7 | Affected | Yes | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-279 | | 12/15/2021 |
|
||||
| Dell | Dell EMC ECS | | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/18/21 | | 12/15/2021 |
|
||||
| Dell | Enterprise Hybrid Cloud | | Affected | Yes | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | [link](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | | 12/15/2021 |
|
||||
| Dell | Dell EMC Enterprise Storage Analytics for vRealize Operations| <6.0.0, 6.1.0, 6.2.x | Affected | Yes | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-278 | | 12/15/2021|
|
||||
| Dell | Dell EMC Enterprise Storage Analytics for vRealize Operations | "<6.0.0 6.1.0 6.2.x" | Affected | Yes | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-278 | | 12/15/2021 |
|
||||
| Dell | Dell EMC Integrated System for Azure Stack HCI | N/A | Affected | N/A | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | "Dell EMC Integrated System for Azure Stack HCI is not impacted by this advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect Gateway (SCG) were optionally installed with Dell EMC Integrated System for Azure Stack HCI monitor the following advisories. Apply workaround guidance and remediations as they become [available:](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | | 12/15/2021 |
|
||||
| Dell | Dell EMC Integrated System for Microsoft Azure Stack Hub| N/A | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | 12/15/2021 |
|
||||
| Dell | Dell EMC NetWorker Virtual Edition | 19.5.x, 19.4.x, 19.3.x | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | | 12/15/2021|
|
||||
| Dell | Dell EMC NetWorker Server | 19.5.x, 19.4.x, 19.3.x | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21| | 12/15/2021|
|
||||
| Dell | Dell EMC Networking Virtual Edge Platform with VersaOS | with Versa Concerto with Versa Analytics with Versa Concero Director | Affected | Yes | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-304 | | 12/15/2021|
|
||||
| Dell | Dell EMC PowerFlex Appliance| All versions up to Intelligent Catalog 38_356_00_r10.zip All versions up to Intelligent Catalog 38_362_00_r7.zip | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending| | 12/15/2021|
|
||||
| Dell | Dell EMC PowerFlex Software (SDS) | 3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4, 3.6, 3.6.0.1, 3.6.0.2 | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | 12/15/2021|
|
||||
| Dell | Dell EMC NetWorker Virtual Edition | "19.5.x 19.4.x 19.3.x" | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | | 12/15/2021 |
|
||||
| Dell | Dell EMC NetWorker Server | "19.5.x 19.4.x 19.3.x" | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | | 12/15/2021 |
|
||||
| Dell | Dell EMC Networking Virtual Edge Platform with VersaOS | "with Versa Concerto with Versa Analytics with Versa Concero Director" | Affected | Yes | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-304 | | 12/15/2021 |
|
||||
| Dell | Dell EMC PowerFlex Appliance | "All versions up to Intelligent Catalog 38_356_00_r10.zip All versions up to Intelligent Catalog 38_362_00_r7.zip" | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending| | 12/15/2021 |
|
||||
| Dell | Dell EMC PowerFlex Software (SDS) | "3.5 3.5.1 3.5.1.1 3.5.1.2 3.5.1.3 3.5.1.4 3.6 3.6.0.1 3.6.0.2" | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | 12/15/2021 |
|
||||
| Dell | Dell EMC PowerFlex Rack | N/A | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | 12/15/2021 |
|
||||
| Dell | Dell EMC PowerProtect Data Manager | All versions 19.9 and earlier | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | 12/15/2021 |
|
||||
| Dell | Dell EMC PowerProtect DP Series Appliance (iDPA) | 2.7.0 and earlier | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | 12/15/2021 |
|
||||
|
|
@ -779,15 +778,15 @@ This list was initially populated using information from the following sources:
|
|||
| Dell | Dell EMC Streaming Data Platform | | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/18/21 | | 12/15/2021 |
|
||||
| Dell | Dell EMC Unity | | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/29/21 | | 12/15/2021 |
|
||||
| Dell | Dell EMC Metro Node | 7.0.x | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-308 | | 12/15/2021 |
|
||||
| Dell | Dell EMC VxRail| 4.5.x, 4.7.x, 7.0.x | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | 12/15/2021|
|
||||
| Dell | Dell EMC VxRail | "4.5.x 4.7.x 7.0.x" | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | 12/15/2021 |
|
||||
| Dell | Dell Open Management Enterprise - Modular | <1.40.10 | Affected | Yes | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-268 | | 12/15/2021 |
|
||||
| Dell | DellEMC OpenManage Enterprise Services | | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | | 12/15/2021 |
|
||||
| Dell | OpenManage Enterprise | | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | 12/15/2021 |
|
||||
| Dell | Dell EMC Ruckus SmartZone 300 Controller | | Affected | Yes | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-303 | | 12/15/2021 |
|
||||
| Dell | Dell EMC Ruckus SmartZone 100 Controller | | Affected | Yes | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-303 | | 12/15/2021 |
|
||||
| Dell | Dell EMC Ruckus Virtual Software | | Affected | Yes | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-303 | | 12/15/2021 |
|
||||
| Dell | Secure Connect Gateway (SCG) Appliance| 5.00.00, 5.00.05 and 4.0.06 and earlier versions (OVF and VHD) | Affected | Yes | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-282 | | 12/15/2021|
|
||||
| Dell | Secure Connect Gateway (SCG) Policy Manager| 5.00.00.10 5.00.05.10 | Affected | Yes | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-281 | | 12/15/2021|
|
||||
| Dell | Secure Connect Gateway (SCG) Appliance | "5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)" | Affected | Yes | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-282 | | 12/15/2021 |
|
||||
| Dell | Secure Connect Gateway (SCG) Policy Manager | "5.00.00.10 5.00.05.10" | Affected | Yes | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-281 | | 12/15/2021 |
|
||||
| Dell | SRS Policy Manager | 7 | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | 12/15/2021 |
|
||||
| Dell | Storage Center - Dell Storage Manager | | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | 12/15/2021 |
|
||||
| Dell | SupportAssist Enterprise | | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/23/21 | | 12/15/2021 |
|
||||
|
|
@ -803,9 +802,9 @@ This list was initially populated using information from the following sources:
|
|||
| Dell | vRO Plugin for Dell EMC Unity | Version 1.0.6 or earlier | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | 12/15/2021 |
|
||||
| Dell | vRO Plugin for Dell EMC XtremIO | Version 4.1.2 or earlier | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | 12/15/2021 |
|
||||
| Dell | vRealize Data Protection Extension Data Management | | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | 12/15/2021 |
|
||||
| Dell | vRealize Data Protection Extension for vRealize Automation (vRA) 8.x | version 19.6 version 19.7 version 19.8 and version 19.9 | Affected | Yes | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21| | 12/15/2021|
|
||||
| Dell | VMware vRealize Automation 8.x | 8.2, 8.3, 8.4, 8.5 and 8.6 | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21| | 12/15/2021|
|
||||
| Dell | VMware vRealize Orchestrator 8.x | 8.2, 8.3, 8.4, 8.5 and 8.6 | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21| | 12/15/2021|
|
||||
| Dell | vRealize Data Protection Extension for vRealize Automation (vRA) 8.x | "version 19.6 version 19.7 version 19.8 and version 19.9" | Affected | Yes | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | 12/15/2021 |
|
||||
| Dell | VMware vRealize Automation 8.x | "8.2 8.3 8.4 8.5 and 8.6" | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | 12/15/2021 |
|
||||
| Dell | VMware vRealize Orchestrator 8.x | "8.2 8.3 8.4 8.5 and 8.6" | Affected | No | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | 12/15/2021 |
|
||||
| Dell | Wyse Management Suite | <3.5 | Affected | Yes | [Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-267 | | 12/15/2021 |
|
||||
| Denequa | | | | | [Denequa Link](https://denequa.de/log4j-information.html) | | | |
|
||||
| Device42 | | | | | [Device42 Link](https://blog.device42.com/2021/12/13/log4j-zero-day/) | | | |
|
||||
|
|
@ -824,7 +823,7 @@ This list was initially populated using information from the following sources:
|
|||
| Dynatrace | Synthetic Activegates | | Affected | | | | | |
|
||||
| Dynatrace | Synthetic Activegates||Affected||||||
|
||||
| EasyRedmine | | | | | [EasyRedmine News](https://www.easyredmine.com/news/easy-redmine-application-is-not-affected-by-the-vulnerability-cve-2021-44228) | | | |
|
||||
| Eaton | Undisclosed | Undisclosed | Affected | Undisclosed | [Security Bulletin](https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf) | Doesn't openly disclose what products are affected or not for quote 'security purposes'. Needs email registration. No workaround provided due to registration wall. | |2021-10-17|
|
||||
| Eaton | Undisclosed | Undisclosed | Affected | | [Security Bulletin](https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf) | Doesn't openly disclose what products are affected or not for quote 'security purposes'. Needs email registration. No workaround provided due to registration wall. | | |
|
||||
| EclecticIQ | | | | | [EclecticIQ Advisory](https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2) | | | |
|
||||
| Eclipse Foundation | | | | | [Eclipse Foundation Wiki](https://wiki.eclipse.org/Eclipse_and_log4j2_vulnerability_(CVE-2021-44228)) | | | |
|
||||
| EFI | | | | | [EFI Link](https://communities.efi.com/s/article/Are-Fiery-Servers-vulnerable-to-CVE-2021-44228-Apache-Log4j2?language=en_US) | | | |
|
||||
|
|
@ -1018,14 +1017,13 @@ This list was initially populated using information from the following sources:
|
|||
| HashiCorp | Vault | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | |
|
||||
| HashiCorp | Vault Enterprise | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | |
|
||||
| HashiCorp | Waypoint | | Not Affected | | [HashiCorp security bulletin re. CVE-2021-44228](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | |
|
||||
| HCL Global | | | | | [HCL Global Statement](https://support.hcltechsw.com/csm/en?id=kb_article&sysparm_article=KB0095490) | | | |
|
||||
| HCL Software | BigFix Compliance | 2.0.1 - 2.0.4 | Fixed | | [KB with fix](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | Not Affected for related CVE-2021-45046 | [Forum post with more specifics](https://forum.bigfix.com/t/bigfix-compliance-has-a-remediation-for-log4j-vulnerability-cve-2021-44228/40197) | 12/15/2021 |
|
||||
| HCL Software | BigFix Insights | All | Not Affected | | [KB](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | Not Affected for related CVE-2021-45046 | 12/15/2021 |
|
||||
| HCL Software | BigFix Insights for Vulnerability Remediation | All | Not Affected || [KB](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | Not Affected for related CVE-2021-45046 | 12/15/2021 |
|
||||
| HCL Software | BigFix Inventory | < 10.0.7 | Fixed | | [KB with fix](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | Not Affected for related CVE-2021-45046 | 12/15/2021 |
|
||||
| HCL Software | BigFix Lifecycle | All | Not Affected | | [KB](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | Not Affected for related CVE-2021-45046 | 12/15/2021 |
|
||||
| HCL Software | BigFix Mobile | All | Not Affected | | [KB](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | Not Affected for related CVE-2021-45046 | 12/15/2021 |
|
||||
| HCL Software | BigFix Patch | All | Not Affected | | [KB](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | Not Affected for related CVE-2021-45046 | 12/15/2021 |
|
||||
| HCL Software | BigFix Insights | All | Not Affected | | [KB](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | Not Affected for related CVE-2021-45046 | | 12/15/2021 |
|
||||
| HCL Software | BigFix Insights for Vulnerability Remediation | All | Not Affected | | [KB](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | Not Affected for related CVE-2021-45046 | | 12/15/2021 |
|
||||
| HCL Software | BigFix Inventory | < 10.0.7 | Fixed | | [KB with fix](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | Not Affected for related CVE-2021-45046 | | 12/15/2021 |
|
||||
| HCL Software | BigFix Lifecycle | All | Not Affected | | [KB](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | Not Affected for related CVE-2021-45046 | | 12/15/2021 |
|
||||
| HCL Software | BigFix Mobile | All | Not Affected | | [KB](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | Not Affected for related CVE-2021-45046 | | 12/15/2021 |
|
||||
| HCL Software | BigFix Patch | All | Not Affected | | [KB](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | Not Affected for related CVE-2021-45046 | | 12/15/2021 |
|
||||
| HelpSystems Clearswift | | | | | [HelpSystems Clearswift](https://community.helpsystems.com/kb-nav/kb-article/?id=37becc1c-255c-ec11-8f8f-6045bd006687) | | | |
|
||||
| Hexagon | | | | | [Hexagon Statement](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2?language=en_US) | | | |
|
||||
| Hikvision | | | | | [Hikvision](https://video.xortec.de/media/pdf/87/e8/03/kw50_Update-for-Apache-Log4j2-Issue-Hikvision_official.pdf) | | | |
|
||||
|
|
@ -1546,8 +1544,8 @@ This list was initially populated using information from the following sources:
|
|||
| ManageEngine Zoho | M365 Security Plus | On-Prem | | | [ManageEngine Vulnerability Impact](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | |12/16/2021|
|
||||
| ManageEngine Zoho | Analytics Plus | On-Prem | | | [ManageEngine Vulnerability Impact](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | |12/16/2021|
|
||||
| MariaDB | | | | | [MariaDB Statement](https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/) | | | |
|
||||
| MathWorks | All MathWorks general release desktop or server products | | Not Affected | No | [MathWorks statement regarding CVE-2021-44228](https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time) | | |
|
||||
| MathWorks Matlab | | | | | [MathWorks Matlab Statement](https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time) | | |
|
||||
| MathWorks | All MathWorks general release desktop or server products | | Not Affected | No | [MathWorks statement regarding CVE-2021-44228](https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time) | | | |
|
||||
| MathWorks Matlab | | | | | [MathWorks Matlab Statement](https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time) | | | |
|
||||
| Matillion | | | | | [Matillion Security Advisory](https://documentation.matillion.com/docs/security-advisory-14th-december-2021) | | | |
|
||||
| Matomo | | | | | [Matomo Statement](https://forum.matomo.org/t/matomo-is-not-concerned-by-the-log4j-security-breach-cve-2021-44228-discovered-on-december-2021-the-9th/44089) | | | |
|
||||
| Mattermost FocalBoard | | | | | [Mattermost FocalBoard Concern](https://forum.mattermost.org/t/log4j-vulnerability-concern/12676) | | | |
|
||||
|
|
@ -1576,6 +1574,10 @@ This list was initially populated using information from the following sources:
|
|||
| Mirantis | | | | | [Mirantis Statement](https://github.com/Mirantis/security/blob/main/news/cve-2021-44288.md) | | | |
|
||||
| Miro | | | | | [Miro Log4j Updates](https://miro.com/trust/updates/log4j/) | | | |
|
||||
| Mitel | | | | | [Mitel Statement](https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010) | | | |
|
||||
| MobileIron | Core | All Versions | Affected | Yes | [https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | 12/20/21 |
|
||||
| MobileIron | Core Connector | All Versions | Affected | Yes | [https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | 12/20/21 |
|
||||
| MobileIron | Reporting Database (RDB) | All Versions | Affected | Yes | [https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | 12/20/21 |
|
||||
| MobileIron | Sentry | 9.13, 9.14 | Affected | Yes | [https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | 12/20/21 |
|
||||
| MongoDB | All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) | | Not Affected | | [https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | |
|
||||
| MongoDB | MongoDB Atlas Search | | Affected | yes | [https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | |
|
||||
| MongoDB | MongoDB Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators) | | Not Affected | | [https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | |
|
||||
|
|
@ -1648,6 +1650,10 @@ This list was initially populated using information from the following sources:
|
|||
| OxygenXML | Publishing Engine | | Affected | Fixed | Yes | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | 12/17/2021 |
|
||||
| OxygenXML | Web Author | | Affected | Fixed | Yes | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | 12/17/2021 |
|
||||
| OxygenXML | WebHelp | | Affected | Fixed | Yes | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | 12/17/2021 |
|
||||
| Palantir | Palantir Foundry | All | Fixed | | [Palantir Response to Log4j Vulnerability (palantir.com)](https://www.palantir.com/security-advisories/log4j-vulnerability/) | No impact to Palantir-hosted or Apollo-connected instances, and updates have been deployed for full remediation. Disconnected customer instances may require manual updates. | | 12/19/2021 |
|
||||
| Palantir | Palantir Gotham | All | Fixed | | [Palantir Response to Log4j Vulnerability (palantir.com)](https://www.palantir.com/security-advisories/log4j-vulnerability/) | No impact to Palantir-hosted or Apollo-connected instances, and updates have been deployed for full remediation. Disconnected customer instances may require manual updates. | | 12/19/2021 |
|
||||
| Palantir | Palantir Apollo | All | Not Affected | | [Palantir Response to Log4j Vulnerability (palantir.com)](https://www.palantir.com/security-advisories/log4j-vulnerability/) | No impact, and updates have been deployed for full remediation. | | 12/19/2021 |
|
||||
| Palantir | Palantir AI Inference Platform (AIP) | All | Fixed | | [Palantir Response to Log4j Vulnerability (palantir.com)](https://www.palantir.com/security-advisories/log4j-vulnerability/) | Fully remediated as of 1.97.0. Disconnected customer instances may require manual updates. | | 12/19/2021 |
|
||||
| Palo-Alto Networks | CloudGenix | | Not Affected | | [CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)](https://security.paloaltonetworks.com/CVE-2021-44228) | | | |
|
||||
| Palo-Alto Networks | Palo-Alto Networks-OS for Panorama | 9.0, 9.1, 10.0 | Affected | Yes | [CVE-2021-44228:Impact of Log4J Vulnerability](https://security.paloaltonetworks.com/CVE-2021-44228) | | Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will be updated when hot fixes for the affected Panorama versions are available. PAN-OS for Panorama versions 8.1, 10.1 are not affected. | 12/15/2021 |
|
||||
| Palo-Alto Networks | Bridgecrew | | Not Affected | | [CVE-2021-44228 Informational: Impact of Log4j Vulnerability CVE-2021-44228 (paloaltonetworks.com)](https://security.paloaltonetworks.com/CVE-2021-44228) | | | |
|
||||
|
|
@ -1734,7 +1740,10 @@ This list was initially populated using information from the following sources:
|
|||
| Pyramid Analytics | | | | | [Pyramid Analytics Community Link](https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid) | | | |
|
||||
| QF-Test | | | | | [QF-Test Blog Post](https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html) | | | |
|
||||
| Qlik | | | | | [Qlik Community Link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | |
|
||||
| QMATIC | | | Under Investigation| | [QMATIC Link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | | | |
|
||||
| QMATIC | Orchestra Central | 6.0+ | Not Affected | | [QMATIC Link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | | | 12/21/2021 |
|
||||
| QMATIC | Appointment Booking | 2.4+ | Affected | Yes | [QMATIC Link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | Update to v. 2.8.2 which contains log4j 2.16 | | 12/21/2021 |
|
||||
| QMATIC | Insights | Cloud | Affected | Yes | [QMATIC Link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-16 | | 12/21/2021 |
|
||||
| QMATIC | Appointment Booking | Cloud/Managed Service | Affected | Yes | [QMATIC Link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-15 | | 12/21/2021 |
|
||||
| QNAP | | | Under Investigation | | [QNAP Security Advisory](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | |
|
||||
| QOPPA | | | | | [QOPPA Link](https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/) | | | |
|
||||
| QSC Q-SYS | | | | | [QSC Q-SYS Article](https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228) | | | |
|
||||
|
|
@ -1776,34 +1785,34 @@ This list was initially populated using information from the following sources:
|
|||
| Real-Time Innovations (RTI) | RTI Micro Application Generator (MAG)| as part of RTI Connext Micro 3.0.0, 3.0.1, 3.0.2, 3.0.3 | Affected | |[RTI Statement](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | |12/16/2021 |
|
||||
| Real-Time Innovations (RTI) | RTI Micro Application Generator (MAG)| as part of RTI Connext Professional 6.0.0 and 6.0.1| Affected | |[RTI Statement](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | |12/16/2021 |
|
||||
| Real-Time Innovations (RTI) | RTI Monitor | | Not Affected | |[RTI Statement](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | |12/16/2021 |
|
||||
| Red Hat | CodeReady Studio | 12 | Affected | No | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | Dec/20/2021 |
|
||||
| Red Hat | Red Hat build of Quarkus | | Not Affected | No | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | Dec/20/2021 |
|
||||
| Red Hat | Red Hat Data Grid | 8 | Affected | No | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5132](http://access.redhat.com/errata/RHSA-2021:5132) | | Dec/20/2021 |
|
||||
| Red Hat | Red Hat Decision Manager | 7 | Not Affected | No | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | Dec/20/2021 |
|
||||
| Red Hat | Red Hat Process Automation | 7 | Affected | No | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | [Maven Patch](https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=103671&product=rhpam&version=7.11.1&downloadType=patches) | | Dec 20/2021 |
|
||||
| Red Hat | Red Hat Single Sign-On | 7 | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | Dec/20/2021 |
|
||||
| Red Hat | Red Hat Enterprise Linux | 6 | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | Dec/20/2021 |
|
||||
| Red Hat | Red Hat Enterprise Linux | 7 | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | Dec/20/2021 |
|
||||
| Red Hat | Red Hat Enterprise Linux | 8 | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | Dec/20/2021 |
|
||||
| Red Hat | Red Hat Data Grid | 8 | Affected | Yes | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5132](http://access.redhat.com/errata/RHSA-2021:5132) | | Dec/20/2021 |
|
||||
| Red Hat | Red Hat Process Automation | 7 | Affected | Yes | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | [Maven Patch](https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=103671&product=rhpam&version=7.11.1&downloadType=patches) | | Dec 20/2021 |
|
||||
| Red Hat | Red Hat CodeReady Studio | 12.21.0 | Affected | Yes | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | [CRS 12.21.1 Patch](https://developers.redhat.com/products/codeready-studio/download?source=sso) | | Dec/21/2021 |
|
||||
| Red Hat | Red Hat Integration Camel K | | Affected | Yes | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5130](https://access.redhat.com/errata/RHSA-2021:5130) | | Dec/20/2021 |
|
||||
| Red Hat | Red Hat Integration Camel Quarkus | | Affected | Yes | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5126](https://access.redhat.com/errata/RHSA-2021:5126) | | Dec/20/2021 |
|
||||
| Red Hat | Red Hat JBoss A-MQ Streaming | | Affected | Yes | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5138](https://access.redhat.com/errata/RHSA-2021:5138)| | Dec/20/2021 |
|
||||
| Red Hat | Red Hat JBoss Enterprise Application Platform | 7 | Affected | Yes | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | [Maven Patch](https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.4) | | Dec/20/2021 |
|
||||
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | 7 | Not Affected | No | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | Dec/20/2021 |
|
||||
| Red Hat | Red Hat JBoss Fuse | 7 | Affected | Yes | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5134](https://access.redhat.com/errata/RHSA-2021:5134) | | Dec/20/2021 |
|
||||
| Red Hat| Red Hat Vert.X | 4 | Affected | yes | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5093](https://access.redhat.com/errata/RHSA-2021:5093) | | Dec/20/2021 |
|
||||
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-elasticsearch5 | | Affected | No | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5094](http://access.redhat.com/errata/RHSA-2021:5094) | | |
|
||||
| Red Hat| Red Hat Vert.X | 4 | Affected | Yes | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5093](https://access.redhat.com/errata/RHSA-2021:5093) | | Dec/20/2021 |
|
||||
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-elasticsearch5 | | Affected | Yes | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5094](http://access.redhat.com/errata/RHSA-2021:5094) | | |
|
||||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-elasticsearch6 | | Affected | Yes | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | Please refer to Red Hat Customer Portal to find the right errata for your version. | | |
|
||||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-hive | | Affected | Yes | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | Please refer to Red Hat Customer Portal to find the right errata for your version. | | |
|
||||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-presto | | Affected | Yes | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | Please refer to Red Hat Customer Portal to find the right errata for your version. | | |
|
||||
| Red Hat OpenShift Logging | logging-elasticsearch6-container | | Affected | Yes | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | Please refer to Red Hat Customer Portal to find the right errata for your version. | | |
|
||||
| Red Hat OpenStack Platform 13 (Queens) | opendaylight | | Affected | No | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | EOL | | |
|
||||
| Red Hat | Red Hat Single Sign-On | 7 | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | Dec/20/2021 |
|
||||
| Red Hat | Red Hat Enterprise Linux | 6 | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | Dec/20/2021 |
|
||||
| Red Hat | Red Hat Enterprise Linux | 7 | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | Dec/20/2021 |
|
||||
| Red Hat | Red Hat Enterprise Linux | 8 | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | Dec/20/2021 |
|
||||
| Red Hat | Red Hat build of Quarkus | | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | Dec/20/2021 |
|
||||
| Red Hat | Red Hat Decision Manager | 7 | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | Dec/20/2021 |
|
||||
| Red Hat Software Collections | rh-java-common-log4j | | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | |
|
||||
| Red Hat Software Collections | rh-maven35-log4j12 | | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | |
|
||||
| Red Hat Software Collections | rh-maven36-log4j12 | | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | |
|
||||
| Red Hat | log4j-core | | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | |
|
||||
| Red Hat | Satellite 5 | | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | |
|
||||
| Red Hat | Spacewalk | | Not Affected | | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | |
|
||||
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | 7 | Not Affected | No | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | | | Dec/20/2021 |
|
||||
| Red Hat OpenStack Platform 13 (Queens) | opendaylight | | Affected | No | [CVE-2021-44228- Red Hat Customer Portal](https://access.redhat.com/security/cve/cve-2021-44228) | EOL | | |
|
||||
| Red5Pro | | | | | [Red5Pro Link](https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/) | | | |
|
||||
| RedGate | | | | | [RedGate Link](https://www.red-gate.com/privacy-and-security/vulnerabilities/2021-12-15-log4j-statement) | | | |
|
||||
| Redis | | | | | [Redis Link](https://redis.com/security/notice-apache-log4j2-cve-2021-44228/) | | | |
|
||||
|
|
@ -1919,7 +1928,7 @@ This list was initially populated using information from the following sources:
|
|||
| Siemens | Enlightened Amaze | All Versions <2021-12-10 | Affected | Yes | [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) |Vulnerabilities fixed on central cloud services starting 2021-12-10; no user actions necessary. For Comfy and Enlighted, see the Additional Information section and further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | 12/18/2021|
|
||||
| Siemens | Enlightened Where| All Versions <2021-12-11 | Affected | Yes | [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) |Vulnerabilities fixed on central cloud services starting 2021-12-11; no user actions necessary. For Comfy and Enlighted, see the Additional Information section and further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | 12/18/2021|
|
||||
| Siemens | Geolus Shape Search V10 | All Versions | Affected | Yes | [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | Remove the JndiLookup class from the classpath. Find detailed remediation and mitigation information [here](https://support.sw.siemens.com/en-US/knowledge-base/PL8600700). See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | 12/18/2021 |
|
||||
| Siemens | Geolus Shape Search V11 | All Versions | Affected | Yes | [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | Remove the JndiLookup class from the classpath. Find detailed remediation and mitigation information [here](https://support.sw.siemens.com/en-US/knowledge-base/PL8600700). See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | 12/18/2021|
|
||||
| Siemens | Geolus Shape Search V11 | All Version | Affected | Yes | [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | Remove the JndiLookup class from the classpath. Find detailed remediation and mitigation information [here](https://support.sw.siemens.com/en-US/knowledge-base/PL8600700). See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | 12/18/2021 |
|
||||
| Siemens | GMA-Manager | All Version >=V8.6.2j-398 and <V8.6.2-472| Affected | Yes | [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | Update to V8.6.2-472 or later version. Block both incoming and outgoing connections between the system and the Internet. See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | 12/18/2021|
|
||||
| Siemens | HES UDIS | All Versions | Affected | No | [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) |Currently no remediation is available. Specific mitigation information has been released for the local project teams with the request of immediate deployment. A patch is planned for the next regular release. See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) || 12/18/2021 |
|
||||
| Siemens | Industrial Edge Management App (IEM-App)| All Versions | Affected | Yes | [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf)|Exposure to vulnerability is limited as IEM-App runs in IEM-OS and IEM-OS is not intended to be exposed to public internet and should be operated in a protected environment. Please refer to the [Industrial Edge - Security overview](https://support.industry.siemens.com/cs/us/en/view/109804061). See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | 12/18/2021 |
|
||||
|
|
@ -1969,7 +1978,7 @@ This list was initially populated using information from the following sources:
|
|||
| Siemens | Teamcenter Mendix Connector | V1.0 | Affected | Yes| [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf)| Remove the JndiLookup class from the classpath. Find detailed remediation and mitigation information [here](https://support.sw.siemens.com/en-US/knowledge-base/PL8600700). See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | 12/18/2021 |
|
||||
| Siemens | Teamcenter Microservices Framework | All Versions >=V5.1 | Affected | Yes| [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf)| Remove the JndiLookup class from the classpath. Find detailed remediation and mitigation information [here](https://support.sw.siemens.com/en-US/knowledge-base/PL8600700). See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | 12/18/2021 |
|
||||
| Siemens | Teamcenter Polarion Integration | All Versions >=V5.1 | Affected | Yes| [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf)| Remove the JndiLookup class from the classpath. Find detailed remediation and mitigation information [here](https://support.sw.siemens.com/en-US/knowledge-base/PL8600700). See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | 12/18/2021 |
|
||||
| Siemens | Teamcenter Rapid Start | All Versions >=V13.1 | Affected | Yes| [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf)|Remove the JndiLookup class from the classpath. Find detailed remediation and mitigation information [here](https://support.sw.siemens.com/en-US/knowledge-base/PL8600700). See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | 12/18/2021|
|
||||
| Siemens | Teamcenter Rapid Start | All Versions >=V13.1 | Affected | Yes| [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf)|Remove the JndiLookup class from the classpath. Find detailed remediation and mitigation information [here](https://support.sw.siemens.com/en-US/knowledge-base/PL8600700). See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | 12/18/2021 ||12/18/2021|
|
||||
| Siemens | Teamcenter Reporting and Analytics | All Versions based on Java SOA client >=V11.3 | Affected | Yes| [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf)| Remove the JndiLookup class from the classpath. Find detailed remediation and mitigation information [here](https://support.sw.siemens.com/en-US/knowledge-base/PL8600700). See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | 12/18/2021 |
|
||||
| Siemens | Teamcenter Requirements Integrator | All Versions based on Java SOA client >=V11.3 | Affected | Yes| [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf)| Remove the JndiLookup class from the classpath. Find detailed remediation and mitigation information [here](https://support.sw.siemens.com/en-US/knowledge-base/PL8600700). See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | 12/18/2021 |
|
||||
| Siemens | Teamcenter Retail Footwear and Apparel | All Versions >=V4.3 | Affected | Yes| [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf)| Remove the JndiLookup class from the classpath. Find detailed remediation and mitigation information [here](https://support.sw.siemens.com/en-US/knowledge-base/PL8600700). See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | 12/18/2021 |
|
||||
|
|
|
|||
Loading…
Reference in a new issue