# CISA Log4j (CVE-2021-44228) Affected Vendor & Software List # [0-9](software_list_Non-Alphabet.md) [A](software_list_A.md) [B](software_list_B.md) [C](software_list_C.md) [D](software_list_D.md) [E](software_list_E.md) [F](software_list_F.md) [G](software_list_G.md) [H](software_list_H.md) [I](software_list_I.md) [J](software_list_J.md) [K](software_list_K.md) [L](software_list_L.md) [M](software_list_M.md) [N](software_list_N.md) [O](software_list_O.md) [P](software_list_P.md) [Q](software_list_Q.md) [R](software_list_R.md) [S](software_list_S.md) [T](software_list_T.md) [U](software_list_U.md) [V](software_list_V.md) [W](software_list_W.md) [X](software_list_X.md) [Y](software_list_Y.md) [Z](software_list_Z.md) ## Status Descriptions ## | Status | Description | | ------ | ----------- | | Unknown | Status unknown. Default choice. | | Affected | Reported to be affected by CVE-2021-44228. | | Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. | | Fixed | Patch and/or mitigations available (see provided links). | | Under Investigation | Vendor investigating status. | ## Software List ## This list has been populated using information from the following sources: - Kevin Beaumont - SwitHak - National Cyber Security Centre - Netherlands (NCSC-NL) NOTE: This file is automatically generated. To submit updates, please refer to [`CONTRIBUTING.md`](CONTRIBUTING.md). | Vendor | Product | Affected Versions | Patched Versions | Status | Vendor Links | Notes | References | Reporter | Last Updated | | ------ | ------- | ----------------- | ---------------- | ------ | ------------ | ----- | ---------- | -------- | ------------ | | Objectif Lune | | | | Unknown | [link](https://learn.objectiflune.com/blog/security/statement-on-log4j-vulnerability-cve-2021-4428/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | OCLC | | | | Unknown | [link](https://oclc.service-now.com/status) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Octopus | | | | Unknown | [link](https://advisories.octopus.com/adv/December.2306508680.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Okta | Advanced Server Access | | | Unknown | [link](https://sec.okta.com/articles/2021/12/log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | Okta | Okta Access Gateway | | | Unknown | [link](https://sec.okta.com/articles/2021/12/log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | Okta | Okta AD Agent | | | Unknown | [link](https://sec.okta.com/articles/2021/12/log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | Okta | Okta Browser Plugin | | | Unknown | [link](https://sec.okta.com/articles/2021/12/log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | Okta | Okta IWA Web Agent | | | Unknown | [link](https://sec.okta.com/articles/2021/12/log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | Okta | Okta LDAP Agent | | | Unknown | [link](https://sec.okta.com/articles/2021/12/log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | Okta | Okta Mobile | | | Unknown | [link](https://sec.okta.com/articles/2021/12/log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | Okta | Okta On-Prem MFA Agent | < 1.4.6 | | Affected | [link](https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | Okta | Okta RADIUS Server Agent | < 2.17.0 | | Affected | [link](https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | Okta | Okta Verify | | | Unknown | [link](https://sec.okta.com/articles/2021/12/log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | Okta | Okta Workflows | | | Unknown | [link](https://sec.okta.com/articles/2021/12/log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | Onespan | | | | Unknown | [link](https://www.onespan.com/remote-code-execution-vulnerability-in-log4j2-cve-2018-11776) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Opengear | | | | Unknown | [link](https://opengear.zendesk.com/hc/en-us/articles/4412713339419-CVE-2021-44228-aka-Log4Shell-Opengear-products-are-not-affected) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | OpenMRS TALK | | | | Unknown | [link](https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | OpenNMS | | | | Unknown | [link](https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | OpenSearch | | | | Unknown | [link](https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | OpenText | | | | Unknown | [link](https://www.opentext.com/support/log4j-remote-code-execution-advisory) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | | Opto 22 | GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP | < 4.3g | 4.3g | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | | Opto 22 | GROOV-AT1, GROOV-AT1-SNAP | < 4.3g | 4.3g | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | | Opto 22 | GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP | < 4.3g | 4.3g | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | | Opto 22 | GRV-EPIC-PR1, GRV-EPIC-PR2 | < 3.3.2 | 3.3.2 | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | | Oracle | | | | Unknown | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | The support document is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Oracle | Enterprise Manager | 13.5, 13.4 & 13.3.2 | | Affected | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | Patch status and other security guidance is restricted to Oracle account/support members. The support document is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Oracle | Exadata | <21.3.4 | | Affected | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | Patch status and other security guidance is restricted to Oracle account/support members. The support document is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Orgavision | | | | Unknown | [link](https://www.orgavision.com/neuigkeiten/sicherheitsluecke-java-library-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Osirium | PAM | | | Unknown | [link](https://www.osirium.com/blog/apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Osirium | PEM | | | Unknown | [link](https://www.osirium.com/blog/apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Osirium | PPA | | | Unknown | [link](https://www.osirium.com/blog/apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | OTRS | | | | Unknown | [link](https://portal.otrs.com/external) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | OVHCloud | | | | Unknown | [link](https://blog.ovhcloud.com/log4shell-how-to-protect-my-cloud-workloads/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | OwnCloud | | | | Unknown | [link](https://central.owncloud.org/t/owncloud-not-directly-affected-by-log4j-vulnerability/35493) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | OxygenXML | Author | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | OxygenXML | Developer | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | OxygenXML | Editor | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | OxygenXML | Oxygen Content Fusion | 2.0, 3.0, 4.1 | | Affected | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | OxygenXML | Oxygen Feedback Enterprise | 1.4.4 & older | | Affected | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | OxygenXML | Oxygen License Server | v22.1 to v24.0 | | Affected | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | OxygenXML | Oxygen PDF Chemistry | v22.1, 23.0, 23.1, 24.0 | | Affected | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | OxygenXML | Oxygen SDK | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | OxygenXML | Plugins (see advisory link) | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | OxygenXML | Publishing Engine | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | OxygenXML | Web Author | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | OxygenXML | WebHelp | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |